Need help with Black Internet Trojan

[Mierin13]

I've cleaned up all the other files associated with this trojan, but I can't terminate or delete the rogue smss.exe and services.exe files that are listed in the System Volume Information folder. Please help.

Attached are the Malwarebytes' Anti-Malware log file and the HijackThis log file.

Thank you.

mbam_log_2010_07_10__22_04_49_.txt

hijackthis.txt

[screen317]

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them.

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post both logs.

Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.

Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.

[Mierin13]

Here are the log file for DDS. Attach.txt is zipped and posted as attachment.

DDS (Ver_10-03-17.01) - NTFSx86

Run by mierin_eroniale at 23:18:16.76 on Sat 07/10/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.240 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\mierin_eroniale\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

uDefault_Page_URL = hxxp://www.dellnet.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html

uDefault_Search_URL = about:blank

mSearch Bar = about:blank

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

mSearchAssistant = hxxp://www.google.com

uURLSearchHooks: H - No File

BHO: TBSB02751 Class: {25875464-7327-417c-8264-902d99cf6fd1} - c:\program files\search enhancer toolbar\NCL.dll

BHO: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Search Enhancer Toolbar: {bfb5f154-9212-46f3-b547-ac6106030a54} - c:\program files\search enhancer toolbar\NCL.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [{08A427AC-CB78-B045-C95E-242F9E56D22F}] "c:\documents and settings\mierin_eroniale\application data\liama\qucuf.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe

mRun: [MCAgentExe] c:\program files\mcafee.com\agent\mcagent.exe

mRun: [DVDSentry] c:\windows\system32\DSentry.exe

mRun: [Dell AIO Printer A940] "c:\program files\dell aio printer a940\dlbabmgr.exe"

mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [rjbleojp] c:\windows\system32\config\systemprofile\local settings\application data\krcatejew\iorbtjntssd.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\America Online 8.0 Tray Icon.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Digital Line Detect.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

AppInit_DLLs: karna.dat

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mierin~1\applic~1\mozilla\firefox\profiles\uzl198wh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 5555

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: XULRunner: {F08132C4-139E-40DA-BD3B-57B1B9064EC3} - c:\documents and settings\mierin_eroniale\local settings\application data\{F08132C4-139E-40DA-BD3B-57B1B9064EC3}

FF - HiddenExtension: XULRunner: {2658248E-3A5D-4E54-AAC3-D4C586ADA746} - c:\documents and settings\hebbelent\local settings\application data\{2658248E-3A5D-4E54-AAC3-D4C586ADA746}

FF - HiddenExtension: XULRunner: {E9524BEC-5900-4F60-B486-BFA811F4D558} - c:\documents and settings\teacher\local settings\application data\{E9524BEC-5900-4F60-B486-BFA811F4D558}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2003-7-21 94208]

R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2003-7-21 225375]

R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2003-7-21 23296]

S2 USBHSB;GeneLink File Transfer Driver;c:\windows\system32\drivers\usbhsb.sys [2003-7-28 18690]

=============== Created Last 30 ================

2010-07-11 04:05:21 54016 ----a-w- c:\windows\system32\drivers\kujf.sys

2010-07-11 03:39:24 0 d-----w- c:\program files\Trend Micro

2010-07-10 21:03:48 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-23 02:20:05 0 d-sh--w- c:\documents and settings\mierin_eroniale\PrivacIE

2010-06-23 02:07:39 0 d-sh--w- c:\documents and settings\mierin_eroniale\IETldCache

2010-06-23 02:02:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-06-23 02:02:54 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-23 02:02:53 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-23 02:02:48 0 d-----w- c:\windows\ie8updates

2010-06-23 02:02:23 41984 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-06-23 02:00:21 0 dc-h--w- c:\windows\ie8

2010-06-23 01:35:29 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-23 01:35:29 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-23 01:35:29 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-06-23 01:35:29 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2010-06-23 01:35:29 1241088 ----a-w- c:\windows\system32\dllcache\ieframe.dll.mui

2010-06-23 01:35:28 59904 ----a-w- c:\windows\system32\dllcache\icardie.dll

2010-06-23 01:35:28 445952 ----a-w- c:\windows\system32\dllcache\ieapfltr.dll

2010-06-23 01:35:28 3698584 ----a-w- c:\windows\system32\dllcache\ieapfltr.dat

2010-06-23 01:35:28 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-06-23 00:13:25 0 d-----w- c:\windows\system32\scripting

2010-06-23 00:13:22 0 d-----w- c:\windows\l2schemas

2010-06-23 00:13:21 0 d-----w- c:\windows\system32\en

2010-06-23 00:02:38 0 d-----w- c:\windows\network diagnostic

2010-06-22 22:45:54 142 ----a-w- c:\windows\wininit.ini

2010-06-22 03:01:33 0 ----a-w- c:\windows\Wmakamicuno.bin

2010-06-22 03:01:32 120 ----a-w- c:\windows\Ftazozahu.dat

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-06 10:41:53 916480 ------w- c:\windows\system32\dllcache\wininet.dll

2010-05-06 10:41:52 611840 ------w- c:\windows\system32\dllcache\mstime.dll

2010-05-06 10:41:52 5950976 ------w- c:\windows\system32\dllcache\mshtml.dll

2010-05-06 10:41:52 206848 ------w- c:\windows\system32\dllcache\occache.dll

2010-05-06 10:41:52 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll

2010-05-06 10:41:51 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll

2010-05-06 10:41:50 184320 ------w- c:\windows\system32\dllcache\iepeers.dll

2010-05-06 10:41:48 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll

2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-04 17:20:33 133120 ------w- c:\windows\system32\dllcache\extmgr.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll

2010-04-16 16:09:07 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll

2010-04-16 16:09:05 1025024 ------w- c:\windows\system32\dllcache\browseui.dll

============= FINISH: 23:19:47.87 ===============

Attach.zip

[Mierin13]

Here is log for MBRCheck:

MBRCheck, version 1.0.3

© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Unknown MBR code

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Done! Press ENTER to exit...

[screen317]

Hi,

Run MBRCheck again, except this time, run Option 2.

After that, post its log. Then restart your computer and post a fresh DDS log.

[Mierin13]

Here is the new log for MBRCheck.

MBRCheck, version 1.0.3

© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Unknown MBR code

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): Available MBR codes:

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Done! Press ENTER to exit...

[Mierin13]

Here is the DDS.txt log. Also the trojan smss.exe and services.exe files are no longer showing up on Task Manager.

DDS (Ver_10-03-17.01) - NTFSx86

Run by mierin_eroniale at 22:32:48.29 on Sun 07/11/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.178 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\mierin_eroniale\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

uDefault_Page_URL = hxxp://www.dellnet.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html

uDefault_Search_URL = about:blank

mSearch Bar = about:blank

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

mSearchAssistant = hxxp://www.google.com

uURLSearchHooks: H - No File

BHO: TBSB02751 Class: {25875464-7327-417c-8264-902d99cf6fd1} - c:\program files\search enhancer toolbar\NCL.dll

BHO: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Search Enhancer Toolbar: {bfb5f154-9212-46f3-b547-ac6106030a54} - c:\program files\search enhancer toolbar\NCL.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [{08A427AC-CB78-B045-C95E-242F9E56D22F}] "c:\documents and settings\mierin_eroniale\application data\liama\qucuf.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe

mRun: [MCAgentExe] c:\program files\mcafee.com\agent\mcagent.exe

mRun: [DVDSentry] c:\windows\system32\DSentry.exe

mRun: [Dell AIO Printer A940] "c:\program files\dell aio printer a940\dlbabmgr.exe"

mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"

dRun: [rjbleojp] c:\windows\system32\config\systemprofile\local settings\application data\krcatejew\iorbtjntssd.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\America Online 8.0 Tray Icon.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Digital Line Detect.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

AppInit_DLLs: karna.dat

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mierin~1\applic~1\mozilla\firefox\profiles\uzl198wh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 5555

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: XULRunner: {F08132C4-139E-40DA-BD3B-57B1B9064EC3} - c:\documents and settings\mierin_eroniale\local settings\application data\{F08132C4-139E-40DA-BD3B-57B1B9064EC3}

FF - HiddenExtension: XULRunner: {2658248E-3A5D-4E54-AAC3-D4C586ADA746} - c:\documents and settings\hebbelent\local settings\application data\{2658248E-3A5D-4E54-AAC3-D4C586ADA746}

FF - HiddenExtension: XULRunner: {E9524BEC-5900-4F60-B486-BFA811F4D558} - c:\documents and settings\teacher\local settings\application data\{E9524BEC-5900-4F60-B486-BFA811F4D558}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2003-7-21 94208]

R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2003-7-21 225375]

R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2003-7-21 23296]

S2 USBHSB;GeneLink File Transfer Driver;c:\windows\system32\drivers\usbhsb.sys [2003-7-28 18690]

=============== Created Last 30 ================

2010-07-11 03:39:24 0 d-----w- c:\program files\Trend Micro

2010-07-10 21:03:48 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-23 02:20:05 0 d-sh--w- c:\documents and settings\mierin_eroniale\PrivacIE

2010-06-23 02:07:39 0 d-sh--w- c:\documents and settings\mierin_eroniale\IETldCache

2010-06-23 02:02:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-06-23 02:02:54 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-23 02:02:53 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-23 02:02:48 0 d-----w- c:\windows\ie8updates

2010-06-23 02:02:23 41984 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-06-23 02:00:21 0 dc-h--w- c:\windows\ie8

2010-06-23 01:35:29 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-23 01:35:29 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-23 01:35:29 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-06-23 01:35:29 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2010-06-23 01:35:29 1241088 ----a-w- c:\windows\system32\dllcache\ieframe.dll.mui

2010-06-23 01:35:28 59904 ----a-w- c:\windows\system32\dllcache\icardie.dll

2010-06-23 01:35:28 445952 ----a-w- c:\windows\system32\dllcache\ieapfltr.dll

2010-06-23 01:35:28 3698584 ----a-w- c:\windows\system32\dllcache\ieapfltr.dat

2010-06-23 01:35:28 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-06-23 00:13:25 0 d-----w- c:\windows\system32\scripting

2010-06-23 00:13:22 0 d-----w- c:\windows\l2schemas

2010-06-23 00:13:21 0 d-----w- c:\windows\system32\en

2010-06-23 00:02:38 0 d-----w- c:\windows\network diagnostic

2010-06-22 22:45:54 142 ----a-w- c:\windows\wininit.ini

2010-06-22 03:01:33 0 ----a-w- c:\windows\Wmakamicuno.bin

2010-06-22 03:01:32 120 ----a-w- c:\windows\Ftazozahu.dat

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-06 10:41:53 916480 ------w- c:\windows\system32\dllcache\wininet.dll

2010-05-06 10:41:52 611840 ------w- c:\windows\system32\dllcache\mstime.dll

2010-05-06 10:41:52 5950976 ------w- c:\windows\system32\dllcache\mshtml.dll

2010-05-06 10:41:52 206848 ------w- c:\windows\system32\dllcache\occache.dll

2010-05-06 10:41:52 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll

2010-05-06 10:41:51 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll

2010-05-06 10:41:50 184320 ------w- c:\windows\system32\dllcache\iepeers.dll

2010-05-06 10:41:48 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll

2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-04 17:20:33 133120 ------w- c:\windows\system32\dllcache\extmgr.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll

2010-04-16 16:09:07 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll

2010-04-16 16:09:05 1025024 ------w- c:\windows\system32\dllcache\browseui.dll

============= FINISH: 22:34:36.71 ===============

[screen317]

Also the trojan smss.exe and services.exe files are no longer showing up on Task Manager.

Glad to hear it.

Update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.
  

-screen317

[Mierin13]

Here is the log for Malwarebytes' Anti-Malware.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4304

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/11/2010 11:10:33 PM

mbam-log-2010-07-11 (23-10-33).txt

Scan type: Quick scan

Objects scanned: 175011

Time elapsed: 19 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System volume information\Microsoft\services.exe (Trojan.Cycler) -> No action taken.

C:\System volume information\Microsoft\smss.exe (Trojan.Cycler) -> No action taken.

[Mierin13]

Here is the ComboFix log.

ComboFix 10-07-11.03 - mierin_eroniale 07/11/2010 23:33:51.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.199 [GMT -6:00]

Running from: c:\documents and settings\mierin_eroniale\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\hebbelent\Local Settings\Application Data\{2658248E-3A5D-4E54-AAC3-D4C586ADA746}

c:\documents and settings\hebbelent\Local Settings\Application Data\{2658248E-3A5D-4E54-AAC3-D4C586ADA746}\chrome.manifest

c:\documents and settings\hebbelent\Local Settings\Application Data\{2658248E-3A5D-4E54-AAC3-D4C586ADA746}\chrome\content\_cfg.js

c:\documents and settings\hebbelent\Local Settings\Application Data\{2658248E-3A5D-4E54-AAC3-D4C586ADA746}\chrome\content\overlay.xul

c:\documents and settings\hebbelent\Local Settings\Application Data\{2658248E-3A5D-4E54-AAC3-D4C586ADA746}\install.rdf

c:\documents and settings\hebbelent\Local Settings\Temporary Internet Files\Tvm.log

c:\documents and settings\mierin_eroniale\Application Data\Liama

c:\documents and settings\mierin_eroniale\Application Data\Liama\qucuf.exe

c:\documents and settings\mierin_eroniale\Local Settings\Temporary Internet Files\Tvm.log

c:\documents and settings\mierin_eroniale\Local Settings\Temporary Internet Files\xahegim._sy

c:\documents and settings\teacher\Local Settings\Temporary Internet Files\Tvm.log

c:\program files\Common Files\SLMSS

c:\program files\Common Files\SLMSS\acp1.dat

c:\program files\Search Enhancer Toolbar

c:\program files\Search Enhancer Toolbar\NCL.dll

c:\system volume information\Microsoft

c:\system volume information\Microsoft\services.exe

c:\system volume information\Microsoft\smss.exe

c:\windows\system32\fonts

c:\windows\system32\fonts\ACADEMY_.PFB

c:\windows\system32\fonts\ACADEMY_.PFM

c:\windows\system32\fonts\ACADEMY_.TTF

c:\windows\system32\im64.dll

c:\windows\xpsp1hfm.log

c:\windows\system32\drivers\cdrom.sys was missing

Restored copy from - c:\windows\system32\dllcache\cdrom.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ZESOFT

((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))

.

2010-07-12 05:47 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2010-07-12 05:47 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys

2010-07-11 03:39 . 2010-07-11 03:39 -------- d-----w- c:\program files\Trend Micro

2010-07-10 21:03 . 2010-07-10 21:03 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-04 17:33 . 2010-07-04 17:33 -------- d-----w- c:\documents and settings\hebbelent\Local Settings\Application Data\Mozilla

2010-07-01 04:29 . 2010-07-01 04:29 -------- d-sh--w- c:\documents and settings\Administrator.KAISERHEBBEL\IETldCache

2010-06-29 08:26 . 2010-06-29 08:26 -------- d-----w- c:\documents and settings\teacher\Local Settings\Application Data\{E9524BEC-5900-4F60-B486-BFA811F4D558}

2010-06-25 19:15 . 2010-06-25 19:15 -------- d-----w- c:\documents and settings\mierin_eroniale\Local Settings\Application Data\{F08132C4-139E-40DA-BD3B-57B1B9064EC3}

2010-06-25 06:57 . 2010-06-25 06:57 -------- d-sh--w- c:\documents and settings\teacher\IECompatCache

2010-06-23 21:44 . 2010-06-23 21:44 -------- d-sh--w- c:\documents and settings\hebbelent\PrivacIE

2010-06-23 21:43 . 2010-06-23 21:43 -------- d-----w- c:\documents and settings\hebbelent\Application Data\Malwarebytes

2010-06-23 21:43 . 2010-06-23 21:43 -------- d-sh--w- c:\documents and settings\hebbelent\IETldCache

2010-06-23 03:28 . 2010-06-23 03:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-06-23 02:34 . 2010-06-23 02:34 -------- d-----w- c:\documents and settings\mierin_eroniale\Local Settings\Application Data\Mozilla

2010-06-23 02:31 . 2010-06-23 02:31 -------- d-----w- c:\documents and settings\teacher\Local Settings\Application Data\Mozilla

2010-06-23 02:28 . 2010-06-23 02:28 -------- d-sh--w- c:\documents and settings\teacher\PrivacIE

2010-06-23 02:26 . 2010-06-23 02:26 -------- d-sh--w- c:\documents and settings\teacher\IETldCache

2010-06-23 02:20 . 2010-06-23 02:20 -------- d-sh--w- c:\documents and settings\mierin_eroniale\PrivacIE

2010-06-23 02:08 . 2010-06-23 02:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2010-06-23 02:08 . 2010-06-23 02:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-06-23 02:07 . 2010-06-23 02:07 -------- d-sh--w- c:\documents and settings\mierin_eroniale\IETldCache

2010-06-23 02:02 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-06-23 02:02 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-23 02:02 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-23 02:02 . 2010-06-23 02:02 -------- d-----w- c:\windows\ie8updates

2010-06-23 02:02 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-06-23 02:00 . 2010-06-23 02:01 -------- dc-h--w- c:\windows\ie8

2010-06-23 01:35 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-23 01:35 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-23 01:35 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-06-23 01:35 . 2010-04-16 13:24 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2010-06-23 01:35 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-06-23 01:35 . 2009-03-08 10:31 59904 ----a-w- c:\windows\system32\dllcache\icardie.dll

2010-06-23 01:35 . 2009-03-08 10:11 445952 ----a-w- c:\windows\system32\dllcache\ieapfltr.dll

2010-06-23 01:35 . 2009-02-07 03:07 3698584 ----a-w- c:\windows\system32\dllcache\ieapfltr.dat

2010-06-23 00:13 . 2010-06-23 00:13 -------- d-----w- c:\windows\system32\scripting

2010-06-23 00:13 . 2010-06-23 00:13 -------- d-----w- c:\windows\l2schemas

2010-06-23 00:13 . 2010-06-23 00:13 -------- d-----w- c:\windows\system32\en

2010-06-22 14:26 . 2010-06-22 19:48 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\krcatejew

2010-06-22 14:26 . 2010-06-22 14:26 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe

2010-06-22 03:21 . 2010-06-22 19:57 -------- d-----w- c:\documents and settings\mierin_eroniale\Local Settings\Application Data\lwlbdwhab

2010-06-22 03:21 . 2010-06-22 20:13 -------- d-----w- c:\documents and settings\mierin_eroniale\Local Settings\Application Data\rvccdkgnq

2010-06-22 03:01 . 2010-06-30 19:10 0 ----a-w- c:\windows\Wmakamicuno.bin

2010-06-22 03:01 . 2010-07-01 00:06 120 ----a-w- c:\windows\Ftazozahu.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-11 22:42 . 2009-04-11 11:55 -------- d-----w- c:\documents and settings\hebbelent\Application Data\OpenOffice.org2

2010-07-11 20:50 . 2003-11-16 14:27 -------- d-----w- c:\documents and settings\mierin_eroniale\Application Data\Ervyib

2010-07-11 03:39 . 2010-07-11 03:39 388096 ----a-r- c:\documents and settings\mierin_eroniale\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-07-10 21:04 . 2007-09-18 03:38 -------- d-----w- c:\program files\Common Files\Java

2010-07-10 21:04 . 2010-07-10 21:04 503808 ----a-w- c:\documents and settings\mierin_eroniale\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-76f8cf5b-n\msvcp71.dll

2010-07-10 21:04 . 2010-07-10 21:04 499712 ----a-w- c:\documents and settings\mierin_eroniale\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-76f8cf5b-n\jmc.dll

2010-07-10 21:04 . 2010-07-10 21:04 348160 ----a-w- c:\documents and settings\mierin_eroniale\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-76f8cf5b-n\msvcr71.dll

2010-07-10 21:04 . 2010-07-10 21:04 61440 ----a-w- c:\documents and settings\mierin_eroniale\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4c618c43-n\decora-sse.dll

2010-07-10 21:04 . 2010-07-10 21:04 12800 ----a-w- c:\documents and settings\mierin_eroniale\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4c618c43-n\decora-d3d.dll

2010-07-10 21:03 . 2007-09-18 03:38 -------- d-----w- c:\program files\Java

2010-07-06 23:58 . 2003-07-21 16:40 -------- d-----w- c:\program files\America Online 8.0

2010-06-23 03:27 . 2008-10-11 01:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-23 00:22 . 2002-09-03 13:58 79891 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat

2010-06-22 21:23 . 2005-03-06 21:33 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-06-22 21:07 . 2005-03-06 22:37 -------- d-----w- c:\program files\SpywareBlaster

2010-06-08 21:25 . 2007-10-08 02:54 -------- d-----w- c:\documents and settings\teacher\Application Data\OpenOffice.org2

2010-05-08 00:30 . 2010-05-08 00:30 1 ----a-w- c:\documents and settings\hebbelent\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2010-05-06 10:41 . 2005-10-21 18:51 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2002-08-29 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 21:39 . 2008-10-11 01:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 21:39 . 2008-10-11 01:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:30 . 2002-08-29 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2002-10-04 139264]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-20 180269]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]

"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\McUpdate.exe" [2002-09-04 151552]

"MCAgentExe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2002-09-06 192512]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]

"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-08 86102]

"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]

c:\documents and settings\hebbelent\Start Menu\Programs\Startup\

OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

America Online 8.0 Tray Icon.lnk.disabled [2003-7-21 831]

Digital Line Detect.lnk.disabled [2003-7-21 567]

Microsoft Office.lnk.disabled [2002-9-30 1634]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"TV Media"=c:\program files\TV Media\Tvm.exe

"eZWO"=c:\progra~1\Web Offer\wo.exe

"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" /background

"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"redirect"=c:\windows\redirect6.exe

"TV Media"=c:\program files\TV Media\Tvm.exe

"sais"=c:\program files\180solutions\sais.exe

"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup

"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=

R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [7/21/2003 10:40 AM 23296]

S2 USBHSB;GeneLink File Transfer Driver;c:\windows\SYSTEM32\DRIVERS\usbhsb.sys [7/28/2003 6:11 PM 18690]

.

Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\McAfee.com Update Check (DHQY9431-Owner).job

- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-07-21 15:28]

2010-07-12 c:\windows\Tasks\McAfee.com Update Check (KAISERHEBBEL-hebbelent).job

- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-07-21 15:28]

2010-07-12 c:\windows\Tasks\McAfee.com Update Check (KAISERHEBBEL-mierin_eroniale).job

- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-07-21 15:28]

2010-07-12 c:\windows\Tasks\McAfee.com Update Check (KAISERHEBBEL-teacher).job

- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-07-21 15:28]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = about:blank

mSearch Bar = about:blank

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\mierin_eroniale\Application Data\Mozilla\Firefox\Profiles\uzl198wh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 5555

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\Common Files\Motive\npMotive.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: XULRunner: {F08132C4-139E-40DA-BD3B-57B1B9064EC3} - c:\documents and settings\mierin_eroniale\Local Settings\Application Data\{F08132C4-139E-40DA-BD3B-57B1B9064EC3}

FF - HiddenExtension: XULRunner: {E9524BEC-5900-4F60-B486-BFA811F4D558} - c:\documents and settings\teacher\Local Settings\Application Data\{E9524BEC-5900-4F60-B486-BFA811F4D558}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{56BBA8A9-F330-8407-AAF3-D81528F51890} - (no file)

BHO-{25875464-7327-417C-8264-902D99CF6FD1} - c:\program files\Search Enhancer Toolbar\NCL.dll

HKCU-Run-{08A427AC-CB78-B045-C95E-242F9E56D22F} - c:\documents and settings\mierin_eroniale\Application Data\Liama\qucuf.exe

MSConfigStartUp-Bjiwazexi - c:\windows\ojeriwes.dll

MSConfigStartUp-brastk - brastk.exe

MSConfigStartUp-XP Antispyware 2009 - c:\program files\XP_AntiSpyware\XP_AntiSpyware.exe

AddRemove-{f4a143bf-f9d8-40f8-8567-a84d638162cd} - c:\windows\rk.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-11 23:53

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,20,75,9b,61,db,d5,11,4e,94,6f,9a,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,20,75,9b,61,db,d5,11,4e,94,6f,9a,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3692)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\progra~1\mcafee.com\vso\mcvsrte.exe

c:\windows\System32\nvsvc32.exe

c:\progra~1\mcafee.com\vso\mcshield.exe

c:\windows\system32\wscntfy.exe

c:\program files\Dell AIO Printer A940\dlbabmon.exe

.

**************************************************************************

.

Completion time: 2010-07-12 00:02:04 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-12 06:01

Pre-Run: 62,839,283,712 bytes free

Post-Run: 63,289,942,016 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - D4F4CE2CC73A0E5220B17003C416A15F

And the new DDS.txt log.

DDS (Ver_10-03-17.01) - NTFSx86

Run by mierin_eroniale at 0:04:51.34 on Mon 07/12/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.195 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

C:\Program Files\ATT-SST\McciTrayApp.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Dell AIO Printer A940\dlbabmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\mierin_eroniale\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = about:blank

mSearch Bar = about:blank

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

BHO: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Search Enhancer Toolbar: {bfb5f154-9212-46f3-b547-ac6106030a54} - c:\program files\search enhancer toolbar\NCL.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe

mRun: [MCAgentExe] c:\program files\mcafee.com\agent\mcagent.exe

mRun: [DVDSentry] c:\windows\system32\DSentry.exe

mRun: [Dell AIO Printer A940] "c:\program files\dell aio printer a940\dlbabmgr.exe"

mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\America Online 8.0 Tray Icon.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Digital Line Detect.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mierin~1\applic~1\mozilla\firefox\profiles\uzl198wh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 5555

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: XULRunner: {F08132C4-139E-40DA-BD3B-57B1B9064EC3} - c:\documents and settings\mierin_eroniale\local settings\application data\{F08132C4-139E-40DA-BD3B-57B1B9064EC3}

FF - HiddenExtension: XULRunner: {E9524BEC-5900-4F60-B486-BFA811F4D558} - c:\documents and settings\teacher\local settings\application data\{E9524BEC-5900-4F60-B486-BFA811F4D558}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2003-7-21 94208]

R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2003-7-21 225375]

R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2003-7-21 23296]

S2 USBHSB;GeneLink File Transfer Driver;c:\windows\system32\drivers\usbhsb.sys [2003-7-28 18690]

=============== Created Last 30 ================

2010-07-12 05:47:11 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2010-07-12 05:47:11 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys

2010-07-12 05:32:12 0 d-sha-r- C:\cmdcons

2010-07-12 05:27:48 77312 ----a-w- c:\windows\MBR.exe

2010-07-12 05:27:48 256512 ----a-w- c:\windows\PEV.exe

2010-07-12 05:27:48 161792 ----a-w- c:\windows\SWREG.exe

2010-07-12 05:27:47 98816 ----a-w- c:\windows\sed.exe

2010-07-11 03:39:24 0 d-----w- c:\program files\Trend Micro

2010-07-10 21:03:48 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-23 02:20:05 0 d-sh--w- c:\documents and settings\mierin_eroniale\PrivacIE

2010-06-23 02:07:39 0 d-sh--w- c:\documents and settings\mierin_eroniale\IETldCache

2010-06-23 02:02:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-06-23 02:02:54 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-23 02:02:53 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-23 02:02:48 0 d-----w- c:\windows\ie8updates

2010-06-23 02:02:23 41984 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-06-23 02:00:21 0 dc-h--w- c:\windows\ie8

2010-06-23 01:35:29 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-23 01:35:29 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-23 01:35:29 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-06-23 01:35:29 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2010-06-23 01:35:29 1241088 ----a-w- c:\windows\system32\dllcache\ieframe.dll.mui

2010-06-23 01:35:28 59904 ----a-w- c:\windows\system32\dllcache\icardie.dll

2010-06-23 01:35:28 445952 ----a-w- c:\windows\system32\dllcache\ieapfltr.dll

2010-06-23 01:35:28 3698584 ----a-w- c:\windows\system32\dllcache\ieapfltr.dat

2010-06-23 01:35:28 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-06-23 00:13:25 0 d-----w- c:\windows\system32\scripting

2010-06-23 00:13:22 0 d-----w- c:\windows\l2schemas

2010-06-23 00:13:21 0 d-----w- c:\windows\system32\en

2010-06-23 00:02:38 0 d-----w- c:\windows\network diagnostic

2010-06-22 22:45:54 142 ----a-w- c:\windows\wininit.ini

2010-06-22 03:01:33 0 ----a-w- c:\windows\Wmakamicuno.bin

2010-06-22 03:01:32 120 ----a-w- c:\windows\Ftazozahu.dat

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-06 10:41:53 916480 ------w- c:\windows\system32\dllcache\wininet.dll

2010-05-06 10:41:52 611840 ------w- c:\windows\system32\dllcache\mstime.dll

2010-05-06 10:41:52 5950976 ------w- c:\windows\system32\dllcache\mshtml.dll

2010-05-06 10:41:52 206848 ------w- c:\windows\system32\dllcache\occache.dll

2010-05-06 10:41:52 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll

2010-05-06 10:41:51 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll

2010-05-06 10:41:50 184320 ------w- c:\windows\system32\dllcache\iepeers.dll

2010-05-06 10:41:48 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll

2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-04 17:20:33 133120 ------w- c:\windows\system32\dllcache\extmgr.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll

2010-04-16 16:09:07 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll

2010-04-16 16:09:05 1025024 ------w- c:\windows\system32\dllcache\browseui.dll

============= FINISH: 0:05:21.06 ===============

[screen317]

Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

• Click Start Scanning.
  
• You should get a notification bar (on top) to install the ActiveX control.
  
• Click on it and select to install the ActiveX.
  
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
  
• Click the Full System Scan button.
  
• It will start to download scanner components and databases. This can take a while.
  
• The main scan will start.
  
• Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  
• The cleaning can take a while, so please be patient.
  
• Then click the Show report button and Copy/Paste what is present under results in your next reply.
  

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[Mierin13]

Here is the report from F-Secure Online Scanner. I had to stop the scan after 4 hours because I am going out of town.

Scanning Report

Monday, July 12, 2010 11:47:22 - 15:30:45

Computer name: KAISERHEBBEL

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

--------------------------------------------------------------------------------

244 malware found

TrackingCookie.Questionmarket (spyware)

System (Disinfected)

TrackingCookie.Adinterax (spyware)

System (Disinfected)

TrackingCookie.Advertising (spyware)

System (Disinfected)

TrackingCookie.Atdmt (spyware)

System (Disinfected)

TrackingCookie.Adtech (spyware)

System (Disinfected)

TrackingCookie.Doubleclick (spyware)

System (Disinfected)

TrackingCookie.Revsci (spyware)

System (Disinfected)

Application.Generic.71933 (spyware)

System (Not cleaned)

TrackingCookie.Specificclick (spyware)

System (Disinfected)

TrackingCookie.Zanox (spyware)

System (Disinfected)

TrackingCookie.Adrevolver (spyware)

System (Disinfected)

TrackingCookie.Adbrite (spyware)

System (Disinfected)

TrackingCookie.Xiti (spyware)

System (Disinfected)

TrackingCookie.Webtrends (spyware)

System (Disinfected)

TrackingCookie.Mediaplex (spyware)

System (Disinfected)

Generic.XPL.ADODB (spyware)

System (Disinfected)

Trojan.Downloader.Rameh (spyware)

System (Disinfected)

Trojan.Dropper.Exidl (spyware)

System (Disinfected)

TrackingCookie.Tradedoubler (spyware)

System (Disinfected)

TrackingCookie.Statcounter (spyware)

System (Disinfected)

Application.Generic.130352 (spyware)

System (Not cleaned)

TrackingCookie.Atwola (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

TrackingCookie.Imrworldwide (spyware)

System (Disinfected)

Trojan.Downloader.Rameh.B (virus)

C:\WINDOWS\SYSTEM32\CALSDR.DLL (Not cleaned)

Trojan.Dropper.Exidl.B (virus)

C:\WINDOWS\SYSTEM32\BH.DLL (Not cleaned)

Generic.XPL.ADODB.F8A08CE8 (virus)

C:\WINDOWS\SYSTEM32\REDIRECT.VBS (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ADSERV[1] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\INDEX[3].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\INDEX[4].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\INDEX[1].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\INDEX[2].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\INDEX[5].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\INDEX[6].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[22] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[25] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[26] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[23] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[24] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[27] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[28] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[29] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[30] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[31] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[32] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[34] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[33] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[35] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[36] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[39] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[37] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[38] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[42] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[40] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[41] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[43] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[47] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[46] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[45] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[44] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[49] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[48] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[50] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[52] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[53] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[51] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[54] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[57] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[55] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[59] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[56] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[63] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[61] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[60] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[62] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[64] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[67] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[66] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[65] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[69] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[68] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[70] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[71] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2JQP0H\ST[73] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\DELLNET[1] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\GOAD[2] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\INDEX[2].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\INDEX[3].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\INDEX[5].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\INDEX[1].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\INDEX[6].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[10] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[11] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[13] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[12] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[14] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[15] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[16] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[17] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[18] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[19] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[21] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[23] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[20] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[22] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[24] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[26] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[27] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[25] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[28] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[30] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[29] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[31] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[32] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[34] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[35] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[37] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[36] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[39] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[42] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[40] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[41] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[43] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[46] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[44] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[45] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[47] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[50] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[48] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[49] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[52] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[51] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[54] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[53] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[56] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O9YJK1IJ\ST[9] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\AFR[1].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\INDEX[4].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\INDEX[1].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\INDEX[2].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\INDEX[3].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\INDEX[6].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[10] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[13] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[11] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[12] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[14] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[15] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[16] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[18] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[17] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[19] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[21] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[20] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[1] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[23] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[24] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[27] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[25] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[26] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[28] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[29] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[30] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[31] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[32] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[33] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[36] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[35] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[34] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[39] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[38] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[37] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[41] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[43] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[40] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[42] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[47] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[45] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[49] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[6] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[9] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[8] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6JYLAZOX\ST[7] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\AFR[1].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\CAIJ8BYJ.HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\INDEX[1].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\INDEX[2].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\INDEX[3].HTM (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[11] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[10] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[12] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[13] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[14] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[15] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[16] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[17] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[19] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[18] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[20] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[26] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[25] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[24] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[21] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[28] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[29] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[27] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[30] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[32] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[34] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[33] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[31] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[35] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[36] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[38] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[37] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[39] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[41] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[40] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[42] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[43] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[45] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[44] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[46] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[47] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[49] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[48] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[50] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[51] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[5] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[6] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[8] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[7] (Renamed & Submitted)

Trojan.FakeAV.KZQ (virus)

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4BSPEZOF\ST[9] (Renamed & Submitted)

Trojan.Downloader.Dyfuca.3 (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0042427.EXE (Not cleaned)

Trojan.Downloader.Dyfuca.3 (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0042428.EXE (Not cleaned)

Trojan.Generic.3088755 (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0042426.EXE (Not cleaned)

Trojan-Downloader:W32/Renos.gen!A (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0042431.EXE (Not cleaned)

Rootkit.Patched.TDSS.Gen (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0037007.DLL (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP475\A0036492.DLL (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP475\A0036482.DLL (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP475\A0036493.DLL (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP475\A0036495.DLL (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP475\A0036496.DLL (Not cleaned)

Trojan.FakeAV.KZQ (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP475\A0036494.DLL (Not cleaned)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 56058

System: 3435

Not scanned: 8

Actions:

Disinfected: 22

Renamed: 184

Deleted: 0

Not cleaned: 38

Submitted: 184

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

--------------------------------------------------------------------------------

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

[screen317]

Hi,

For when you get back:

Please download CCleaner and save it to your desktop.

• Run the CCleaner installer.
  
• During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  
• Please do NOT run a scan yet!
  

Now, open CCleaner:

• Click the "Windows" tab.
  
• Select the following:
  • Check everything under the "Internet Explorer" section.
    
  • Check everything under the "Windows Explorer" section.
    
  • Check everything under the "System" section.
    
  • Check ONLY "Old Prefetch data" under the "Advanced" section.
    

  [*]Then, click the "Applications" tab:

  • CHECK everything there.
    

  [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

  • CHECK : "Only delete files in Windows Temp folders older than 48 hours".
    

  [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

  [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[screen317]

Topic re-opened at request of topic starter.

[Mierin13]

Here is the F-Secure report. Let me know what to do after this.

Scanning Report

Sunday, July 25, 2010 01:15:46 - 08:33:56

Computer name: KAISERHEBBEL

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

--------------------------------------------------------------------------------

10 malware found

TrackingCookie.Questionmarket (spyware)

System (Disinfected)

Suspicious:W32/Malware!Gemini (spyware)

System (Disinfected)

TrackingCookie.Revsci (spyware)

System (Disinfected)

Application.Generic.71933 (spyware)

System (Not cleaned)

Application.Generic.130352 (spyware)

System (Not cleaned)

TrackingCookie.Atwola (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

Suspicious:W32/Malware!Gemini (virus)

C:\WINDOWS\SWREG.EXE (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

C:\WINDOWS\SWSC.EXE (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0042525.EXE (Not cleaned & Submitted)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 68112

System: 3446

Not scanned: 9

Actions:

Disinfected: 5

Renamed: 0

Deleted: 0

Not cleaned: 5

Submitted: 1

Files not scanned:

C:\HIBERFIL.SYS

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\DOCUMENTS AND SETTINGS\MIERIN_ERONIALE\LOCAL SETTINGS\TEMP\HSPERFDATA_MIERIN_ERONIALE\3144

C:\DOCUMENTS AND SETTINGS\MIERIN_ERONIALE\LOCAL SETTINGS\TEMP\HSPERFDATA_MIERIN_ERONIALE\2916

--------------------------------------------------------------------------------

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

[screen317]

Hi,

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[Mierin13]

Here is Security Check log.

Results of screen317's Security Check version 0.99.4

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

McAfee.com VirusScan Online

McAfee.com SecurityCenter

```````````````````````````````

Anti-malware/Other Utilities Check:

` of date Spybot installed!

Ad-Aware

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 20

Java 6 Update 2

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player

Adobe Reader 7.0

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.6)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

There have been no further issues with my computer.

[screen317]

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

[Mierin13]

My computer is running normally.

Do you have any advice regarding free anti-virus software with a firewall? Windows WP came with a firewall which is currently enabled on my computer. Spybot SD Resident (Teatimer.exe) is running in the background. I don't know if that is considered a firewall. I have read on this website that multiple firewalls will interfere with each other and diminish protection.

Any advice will be welcome. Thank you.

[screen317]

Hi,

TeaTimer is not a firewall. I would recommend uninstalling McAfee if you wish to pursue the following. Here are my standard recommendations for free antivirus and firewall software

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials

AntiVir

avast!.

It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.

Sunbelt Personal Firewall

Comodo

Outpost

-screen317

[Mierin13]

Thank you!

You can close this topic.

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!