Solved TrojanClicker:JS/Iframe.F

cozzielex · 2010/02/09

[Resolved] TrojanClicker:JS/Iframe.F

Does anyone have any experience of this trojan?
It keeps appearing in documents and>settings>...Mozilla>Profiles>aom3fm04.default>sessionstore.
Microsoft essentials keeps picking it up and removing it but it just comes back.
Just prior to it's appearance I opened an email from Sainsburys (a major grocery retailer here in UK). Pop up and pictures were blocked (microsoft outlook 2007) but I allowed them since it is a genuine and respectable source.
I'm about to do a full scan with microsoft essentials, MBAM and SAS, but if any one has any other advice I'd appreciate it.
Incidentally, I havent has any virus at all for ages but this is the second in 2 days. The first was WinNT/Aleuron.Gen!A. That was removed and did not re-appear.
Thanks.

PeteC · 2010/02/09

Please read this as indicated at the head of the forum and post the logs requested in this thread.

cozzielex · 2010/02/09

TrojanClicker:JS/Iframe.F /WinNT/Aleuron.Gen!A

re my post about the above 2 viruses.

(a) the Aleuron trojan (Alert level:Severe) appeared yesterday. I'm not sure what preceded it as I wasnt using the computer.
It is described as Trojan: WinNT?Aleuron.Gen!A and appeared in C>Windows>Temp>0000200a.sys.
I removed it with microsoft security essentials and it did NOT return.

(b)The TrojanClicker appeared as already described and when it re-appeared a third time it also appeared in C>Docs&Settings>User1>ApplicationData>Mozilla>Firefox>Profiles>aom3am04.default>Cache>B94D165d01.
Ihave run MSE,MBAM and SAS and it has not now re-appeared.
Attached are the DDS files:-

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x3a380d0200+1
Install Date: 13/11/2009 12:55:33
System Uptime: 02/09/2010 16:11:01 (-4920 hours ago)

Motherboard: ASRock | | G31M-GS.
Processor: Intel Pentium III Xeon processor | CPUSocket | 2593/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 150.564 GiB free.
D: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 04/02/2010 21:37:17 - System Checkpoint
RP2: 06/02/2010 01:00:04 - Software Distribution Service 3.0
RP3: 06/02/2010 03:19:39 - 6/2/10
RP4: 06/02/2010 03:28:36 - Revo Uninstaller's restore point - Ancient Castle 3D Screensaver 1.1
RP5: 06/02/2010 03:29:21 - Revo Uninstaller's restore point - Clock Tower 3D Screensaver 1.1
RP6: 06/02/2010 03:29:58 - Revo Uninstaller's restore point - Fantasy Moon 3D Screensaver 1.3
RP7: 06/02/2010 03:30:38 - Revo Uninstaller's restore point - Mechanical Clock 3D Screensaver and Animated Wallpaper 1.1
RP8: 06/02/2010 03:31:29 - Revo Uninstaller's restore point - Watermill 3D Screensaver 2.0
RP9: 06/02/2010 03:32:15 - Revo Uninstaller's restore point - NVIDIA nView Desktop Manager
RP10: 06/02/2010 03:33:06 - Revo Uninstaller's restore point - NVIDIA Logo Screensaver
RP11: 06/02/2010 03:33:13 - Removed NVIDIA Logo Screensaver
RP12: 06/02/2010 03:33:52 - Revo Uninstaller's restore point - SIW version 2009.10.22
RP13: 06/02/2010 04:00:17 - Revo Uninstaller's restore point - Earth 3D Screensaver 1.0
RP14: 06/02/2010 17:37:28 - Revo Uninstaller's restore point - Microsoft Security Essentials
RP15: 06/02/2010 17:53:57 - Software Distribution Service 3.0
RP16: 07/02/2010 21:05:52 - System Checkpoint
RP17: 07/02/2010 21:26:19 - Revo Uninstaller's restore point - Google Chrome
RP18: 08/02/2010 15:23:14 - Installed Windows XP KB915800-v4.
RP19: 08/02/2010 15:23:26 - Installed Windows XP Windows Search 4.0.
RP20: 08/02/2010 15:47:40 - Revo Uninstaller's restore point - Windows Search 4.0
RP21: 08/02/2010 17:06:50 - Microsoft Antimalware Checkpoint
RP22: 08/02/2010 21:41:44 - Unsigned driver install

==== Installed Programs ======================

3Connect
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Agent Ransack Version 1.7.3
ASRock InstantBoot v1.23
Bravo 2-5
Call of Duty
Call of Duty(R) - World at War(TM)
Call of Duty(R) 2
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CCleaner
Concise Oxford English Dictionary (Eleventh Edition)
Conflict Desert Storm II
Conflict Global Storm
CPUID CPU-Z 1.53
Delta Force - Black Hawk Down
Delta Force Black Hawk Down Team Sabre
Desert Storm
Discovery 3D Screensaver 1.1
Driver Sweeper 2.1.0
EAX4 Unified Redist
ERUNT 1.1j
EVEREST Home Edition v2.20
Express Burn
Far Cry
Far Cry (Patch 1.3)
Far Cry (Patch 1.31)
Far Cry 2
Far Cry K-9 Vision 1.1
First to Fight
Frostbite Full version 1.2
Game Booster
Ghost Recon
Ghost Recon Advanced Warfighter
GRAW Patch 1.35
Hidden & Dangerous 2
Hidden & Dangerous 2 Sabre Squadron
HijackThis 2.0.2
Hitman's Arsenal
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Icon to Any
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
Java(TM) 6 Update 17
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliType Pro 7.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Recuva
Revo Uninstaller 1.85
Secret Weapons Over Normandy
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows XP (KB923789)
Segoe UI
Silent Hunter III
SIW version 2009.10.22
Speccy
SpeedFan (remove only)
Spirit of Fire 3D Screensaver 2.4
Steam
SUPERAntiSpyware Free Edition
System Requirements Lab
The 22nd SAS Equipment Modification v1.0
Tom Clancy's Ghost Recon Advanced Warfighter® 2
Tweak UI
Unlocker 1.8.8
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
WebFldrs XP
Western Railway NV 3D Screensaver 2.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinPatrol
WinPatrol 2007 Restore/Remove First
WinPatrol 2009
ZTE_MF627_USB_MODEM_1.2059.0.4

==== Event Viewer Messages From Past Week ========

09/02/2010 09:06:56, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanClicker:JS/Iframe.F&threatid=2147631374 User: PETER\User 1 Name: TrojanClicker:JS/Iframe.F ID: 2147631374 Severity: Medium Category: Trojan Notifier Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.482.0, AS: 1.75.482.0 Engine Version: 1.1.5406.0
08/02/2010 20:44:01, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.75.482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5406.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
08/02/2010 20:34:12, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'DP(1)0x7e00-0x3a380d0200+1'. It has stopped monitoring the volume.
08/02/2010 20:09:37, error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\D.
08/02/2010 15:47:48, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
07/02/2010 19:55:23, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.75.482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5406.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
06/02/2010 17:37:12, error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).
06/02/2010 17:36:35, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
06/02/2010 17:26:01, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
06/02/2010 17:26:01, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
06/02/2010 17:26:01, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
06/02/2010 17:26:01, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
06/02/2010 17:26:01, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
06/02/2010 17:26:01, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
06/02/2010 17:25:19, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
06/02/2010 03:52:02, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
04/02/2010 20:18:12, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.75.319.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5406.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
03/02/2010 14:09:04, error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
03/02/2010 14:08:23, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
03/02/2010 14:07:21, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
03/02/2010 08:26:08, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

DDS (Ver_09-12-01.01) - NTFSx86
Run by User 1 at 16:26:38.57 on 09/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1548 [GMT 0:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\3 Mobile Broadband\3Connect\AutoUpdateSrv.exe
C:\Program Files\3 Mobile Broadband\3Connect\WilogApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.windowsbbs.com/
uWindow Title = Microsoft Internet Explorer
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WINDOWSSEARCH.EXE
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {1546FDED-AA4B-4712-A94C-BEA75CF99E18} = 217.171.135.1 217.171.132.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user1~1\applic~1\mozilla\firefox\profiles\aom3fm04.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.timesonline.co.uk/tol/news/
FF - component: c:\documents and settings\user 1\application data\mozilla\firefox\profiles\aom3fm04.default\extensions\stratabuddy@reduxteam\components\dwmxpcom.dll
FF - plugin: c:\documents and settings\user 1\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-3 54752]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-13 1691480]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-7 7680]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2010-02-09 07:35:47 0 d-----w- c:\windows\system32\wbem\Logs
2010-02-08 15:35:00 0 d--h--w- c:\windows\PIF
2010-02-08 15:23:29 0 d-----w- c:\program files\Windows Desktop Search
2010-02-06 21:52:36 0 d-----w- c:\program files\Mythicsoft
2010-02-06 21:44:26 0 ---h--w- c:\windows\HOTKEY.LIS
2010-02-06 17:48:49 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-06 03:36:08 0 d-----w- c:\program files\SIW
2010-02-03 06:45:09 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-02-03 06:43:58 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-03 06:43:15 0 d-----w- c:\program files\Microsoft
2010-02-03 06:42:59 0 d-----w- c:\program files\Windows Live SkyDrive
2010-02-03 06:36:50 0 d-----w- c:\program files\common files\Windows Live
2010-01-29 23:02:25 0 d-----w- c:\windows\SHELLNEW
2010-01-29 16:12:33 0 d-----w- c:\program files\Icon to Any
2010-01-29 14:27:55 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-29 12:35:28 980480 ----a-w- c:\windows\system32\Discovery.scr
2010-01-29 12:35:27 0 d-----w- c:\program files\Discovery 3D Screensaver
2010-01-28 21:02:16 982016 ----a-w- c:\windows\system32\Spirit of Fire.scr
2010-01-28 21:02:15 0 d-----w- c:\program files\Spirit of Fire 3D Screensaver
2010-01-28 17:29:20 574976 ----a-w- c:\windows\system32\Western Railway.scr
2010-01-28 17:29:20 0 d-----w- c:\program files\Western Railway NV 3D Screensaver
2010-01-28 16:56:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-28 16:56:27 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-28 16:56:27 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-28 16:56:27 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-28 16:56:26 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-28 16:56:24 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-28 16:56:24 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-28 16:56:24 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-28 16:56:24 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-28 16:56:24 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-28 16:56:21 0 d-----w- C:\NVIDIA
2010-01-27 19:59:20 0 d-----w- c:\program files\ASRock Utility
2010-01-24 19:17:57 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-01-24 19:16:59 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2010-01-24 19:15:57 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-01-24 19:14:57 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-01-24 19:13:58 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-01-24 19:12:59 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2010-01-24 19:11:56 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-01-24 19:10:58 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2010-01-24 19:09:58 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-01-24 19:08:58 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2010-01-24 19:07:56 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2010-01-24 19:06:51 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-01-24 19:06:50 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-01-24 19:06:45 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-01-24 19:06:38 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-01-24 19:06:35 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-01-24 19:06:24 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-01-24 19:06:21 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-01-24 19:06:21 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
2010-01-24 19:06:20 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-01-24 19:06:12 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-01-24 19:06:09 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-01-24 19:06:05 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-01-24 19:04:58 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
2010-01-24 19:03:44 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-01-24 19:02:58 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-01-24 19:01:59 907456 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys
2010-01-24 19:00:58 347550 -c--a-w- c:\windows\system32\dllcache\es56tpi.sys
2010-01-24 18:59:59 952007 -c--a-w- c:\windows\system32\dllcache\diwan.sys
2010-01-24 18:58:59 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2010-01-24 18:57:59 96640 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys
2010-01-24 18:56:42 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-01-24 13:14:25 88 --sh--r- c:\windows\system32\BA1E1142DF.sys
2010-01-24 12:59:37 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-23 14:34:21 7680 --sha-w- c:\documents and settings\user 1\Thumbs.db
2010-01-22 06:04:04 0 d-----w- c:\program files\SoundSpectrum
2010-01-22 04:12:04 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-22 04:12:02 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-22 04:12:02 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-22 04:12:02 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-22 04:12:02 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-22 04:11:56 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-22 04:11:52 65332 ----a-w- c:\windows\system32\NvwsApps.xml
2010-01-22 04:11:52 271490 ----a-w- c:\windows\system32\NvApps.xml
2010-01-21 21:31:59 0 d-----w- c:\program files\NCH Software
2010-01-21 21:28:59 0 d-----w- c:\program files\NCH Swift Sound
2010-01-20 14:55:15 0 d-----w- c:\program files\NVIDIA Corporation
2010-01-19 11:38:38 0 d-----w- c:\windows\system32\NtmsData
2010-01-19 10:05:50 0 d-----w- c:\program files\Microsoft ATS
2010-01-19 01:09:38 0 d-----w- c:\docume~1\user1~1\applic~1\ElevatedDiagnostics
2010-01-11 12:33:45 0 d-----w- c:\program files\Seagate

==================== Find3M ====================

2010-01-22 09:50:59 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-22 09:50:59 10276992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-14 11:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 16:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-13 19:11:17 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-12 13:25:09 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-12 13:25:09 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-11 12:11:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-10 18:00:58 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-12-10 18:00:58 358944 ----a-w- c:\windows\vncutil.exe
2009-12-10 18:00:58 1833504 ----a-w- c:\windows\SkyTel.exe
2009-12-10 18:00:52 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-12-10 18:00:52 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-12-10 18:00:46 50208 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-10 18:00:46 18789920 ----a-w- c:\windows\RTHDCPL.EXE
2009-12-10 18:00:46 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-10 18:00:40 2177568 ----a-w- c:\windows\MicCal.exe
2009-12-10 18:00:34 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-12-10 18:00:34 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-12-09 12:21:44 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-11-24 17:40:20 838176 ----a-w- c:\windows\RtlExUpd.dll
2009-11-13 12:52:19 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2004-02-20 15:22:58 7031 ----a-w- c:\program files\DevMode.lua

============= FINISH: 16:26:53.46 ===============
Thanks

broni · 2010/02/09

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 3. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

cozzielex · 2010/02/09

Thanks Broni,
Files attached:
MBAM
Malwarebytes' Anti-Malware 1.44
Database version: 3700
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/02/2010 11:23:29
mbam-log-2010-02-09 (11-23-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 197105
Time elapsed: 50 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER
GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2010-02-09 17:53:54
Windows 5.1.2600 Service Pack 3
Running: s1uk4x83.exe; Driver: C:\DOCUME~1\USER1~1\LOCALS~1\Temp\ugtdapow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7630380, 0x550AF5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2316] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys

---- EOF - GMER 1.0.15 ----
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:01, on 09/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\3 Mobile Broadband\3Connect\AutoUpdateSrv.exe
C:\Program Files\3 Mobile Broadband\3Connect\WilogApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsbbs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Windows Search.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1546FDED-AA4B-4712-A94C-BEA75CF99E18}: NameServer = 217.171.135.1 217.171.132.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1546FDED-AA4B-4712-A94C-BEA75CF99E18}: NameServer = 217.171.135.1 217.171.132.1
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 3744 bytes
Thanks

broni · 2010/02/09

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt " along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

cozzielex · 2010/02/09

Broni, here are the requested reports:
ComboFix 10-02-08.09 - User 1 09/02/2010 18:40:03.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1602 [GMT 0:00]
Running from: c:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db
c:\windows\system32\xmlpr0v32.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-09 07:35 . 2010-02-09 07:40 -------- d-----w- c:\windows\system32\wbem\Logs
2010-02-08 15:35 . 2010-02-08 15:35 -------- d--h--w- c:\windows\PIF
2010-02-08 15:23 . 2010-02-08 15:49 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-07 22:52 . 2010-02-07 22:52 -------- d-----w- c:\program files\Recuva
2010-02-06 21:52 . 2010-02-06 21:52 -------- d-----w- c:\program files\Mythicsoft
2010-02-06 17:48 . 2010-02-06 17:49 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-06 03:36 . 2010-02-06 03:36 -------- d-----w- c:\program files\SIW
2010-02-03 12:37 . 2010-02-03 12:38 -------- d-----w- c:\documents and settings\User 1\Local Settings\Application Data\Temp
2010-02-03 12:37 . 2010-02-07 21:26 -------- d-----w- c:\documents and settings\User 1\Local Settings\Application Data\Google
2010-02-03 06:45 . 2009-08-05 22:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-02-03 06:44 . 2010-02-03 06:44 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-03 06:43 . 2010-02-03 06:43 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-03 06:43 . 2010-02-03 06:45 -------- d-----w- c:\program files\Microsoft
2010-02-03 06:42 . 2010-02-03 06:42 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-03 06:42 . 2010-02-03 06:45 -------- d-----w- c:\program files\Windows Live
2010-02-03 06:36 . 2010-02-03 06:36 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-01 12:31 . 2009-02-16 22:12 53248 ----a-w- c:\documents and settings\User 1\Application Data\Mozilla\Firefox\Profiles\aom3fm04.default\extensions\StrataBuddy@ReduxTeam\components\dwmxpcom.dll
2010-01-29 23:02 . 2010-01-29 23:02 -------- d-----w- c:\windows\SHELLNEW
2010-01-29 16:12 . 2010-01-29 16:12 -------- d-----w- c:\program files\Icon to Any
2010-01-29 14:27 . 2010-01-29 14:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-29 12:35 . 2009-12-09 22:28 980480 ----a-w- c:\windows\system32\Discovery.scr
2010-01-29 12:35 . 2010-01-29 12:36 -------- d-----w- c:\program files\Discovery 3D Screensaver
2010-01-28 21:02 . 2009-12-09 22:33 982016 ----a-w- c:\windows\system32\Spirit of Fire.scr
2010-01-28 21:02 . 2010-01-28 21:03 -------- d-----w- c:\program files\Spirit of Fire 3D Screensaver
2010-01-28 17:29 . 2010-01-28 17:29 -------- d-----w- c:\program files\Western Railway NV 3D Screensaver
2010-01-28 17:29 . 2009-11-17 13:28 574976 ----a-w- c:\windows\system32\Western Railway.scr
2010-01-28 16:57 . 2010-01-28 16:57 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-28 16:56 . 2010-01-22 09:50 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-28 16:56 . 2010-01-22 09:50 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-28 16:56 . 2010-01-22 09:50 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-28 16:56 . 2010-01-22 09:50 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-28 16:56 . 2010-01-22 09:50 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-28 16:56 . 2010-01-22 09:50 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-28 16:56 . 2010-01-22 09:50 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-28 16:56 . 2010-01-22 09:50 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-28 16:56 . 2010-01-22 09:50 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-28 16:56 . 2010-01-22 09:50 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-28 16:56 . 2010-01-28 16:56 -------- d-----w- C:\NVIDIA
2010-01-27 22:09 . 2010-01-27 22:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-27 20:47 . 2010-01-27 21:03 -------- d-----w- c:\documents and settings\User 1\Local Settings\Application Data\eSupport.com
2010-01-27 19:59 . 2010-01-27 19:59 -------- d-----w- c:\program files\ASRock Utility
2010-01-24 19:17 . 2001-08-17 12:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-01-24 19:16 . 2008-04-14 00:10 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2010-01-24 19:15 . 2001-08-17 22:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-01-24 19:14 . 2001-08-17 12:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-01-24 19:13 . 2001-08-17 12:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-01-24 19:12 . 2001-08-17 22:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2010-01-24 19:11 . 2001-08-17 13:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-01-24 19:10 . 2001-08-17 12:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2010-01-24 19:09 . 2001-08-17 22:36 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-01-24 19:08 . 2001-08-17 22:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2010-01-24 19:07 . 2001-08-17 12:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2010-01-24 19:06 . 2008-04-14 00:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-01-24 19:06 . 2008-04-14 00:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-01-24 19:06 . 2001-08-17 13:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-01-24 19:06 . 2001-08-17 14:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-01-24 19:06 . 2008-04-14 00:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-01-24 19:06 . 2001-08-17 14:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-01-24 19:06 . 2001-08-17 13:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-01-24 19:06 . 2008-04-14 00:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-01-24 19:06 . 2001-08-17 13:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-01-24 19:06 . 2008-04-14 00:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-01-24 19:06 . 2001-08-17 13:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-01-24 19:04 . 2001-08-17 12:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2010-01-24 19:03 . 2001-08-17 22:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-01-24 19:02 . 2008-04-13 23:53 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-01-24 19:01 . 2001-08-17 13:28 907456 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys
2010-01-24 19:00 . 2001-08-17 13:28 347550 -c--a-w- c:\windows\system32\dllcache\es56tpi.sys
2010-01-24 18:59 . 2001-08-17 22:36 29768 -c--a-w- c:\windows\system32\dllcache\divasu.dll
2010-01-24 18:58 . 2001-08-17 12:11 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2010-01-24 18:57 . 2001-08-17 12:19 36992 -c--a-w- c:\windows\system32\dllcache\aztw2320.sys
2010-01-24 18:56 . 2001-08-17 14:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-01-24 13:14 . 2010-01-24 14:19 88 --sh--r- c:\windows\system32\BA1E1142DF.sys
2010-01-24 13:01 . 2010-01-24 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-01-24 12:59 . 2010-01-24 14:19 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-24 03:26 . 2010-01-24 14:33 -------- d-----w- c:\documents and settings\User 1\Application Data\Corel
2010-01-22 06:05 . 2010-01-22 06:05 -------- d-----w- c:\documents and settings\User 1\Application Data\SoundSpectrum
2010-01-22 06:04 . 2010-02-01 13:24 -------- d-----w- c:\program files\SoundSpectrum
2010-01-22 04:12 . 2010-01-22 04:12 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-22 04:12 . 2010-01-22 04:12 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-22 04:12 . 2010-01-22 04:12 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-22 04:12 . 2010-01-22 04:12 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-22 04:12 . 2010-01-22 04:12 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-22 04:11 . 2010-01-22 04:11 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-21 21:31 . 2010-01-21 21:31 -------- d-----w- c:\program files\NCH Software
2010-01-21 21:29 . 2010-01-21 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-01-21 21:28 . 2010-01-21 21:28 -------- d-----w- c:\program files\NCH Swift Sound
2010-01-20 14:55 . 2010-01-28 16:57 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-19 11:38 . 2010-01-21 16:07 -------- d-----w- c:\windows\system32\NtmsData
2010-01-19 10:05 . 2010-01-19 10:05 -------- d-----w- c:\program files\Microsoft ATS
2010-01-19 01:09 . 2010-01-19 01:09 -------- d-----w- c:\documents and settings\User 1\Application Data\ElevatedDiagnostics
2010-01-11 12:33 . 2010-01-11 12:33 -------- d-----w- c:\program files\Seagate

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 11:56 . 2009-11-16 19:48 -------- d-----w- c:\program files\SpeedFan
2010-02-07 13:35 . 2009-12-10 14:19 117760 ----a-w- c:\documents and settings\User 1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-06 17:47 . 2009-11-21 03:25 -------- d-----w- c:\program files\Dictionary
2010-02-06 03:32 . 2009-11-17 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-02-03 07:27 . 2009-11-13 13:24 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-02 17:30 . 2009-11-13 13:12 75384 ----a-w- c:\documents and settings\User 1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 17:17 . 2009-11-16 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-02 17:16 . 2009-11-16 20:37 -------- d-----w- c:\program files\Microsoft Works
2010-01-28 19:43 . 2009-11-13 13:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-26 17:12 . 2009-11-18 01:10 -------- d-----w- c:\program files\Steam
2010-01-24 13:01 . 2009-11-13 13:08 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-22 10:26 . 2009-11-13 16:45 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-22 09:50 . 2007-12-07 05:51 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-22 09:50 . 2007-12-07 05:51 10276992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-20 14:55 . 2009-11-16 21:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-19 16:16 . 2009-11-13 14:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 11:12 . 2009-11-18 11:33 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 16:07 . 2009-12-20 17:20 52224 ----a-w- c:\documents and settings\User 1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-10 06:48 . 2009-12-17 08:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 06:48 . 2009-12-17 08:47 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-08 23:26 . 2010-01-08 23:26 -------- d-----w- c:\documents and settings\User 1\Application Data\GrabPro
2010-01-08 23:26 . 2010-01-08 23:26 -------- d-----w- c:\documents and settings\User 1\Application Data\AVS4YOU
2010-01-08 23:25 . 2010-01-05 16:18 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-01-08 23:25 . 2010-01-06 13:56 -------- d-----w- c:\documents and settings\User 1\Application Data\Orbit
2010-01-08 23:25 . 2009-12-10 14:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-08 23:25 . 2010-01-08 13:56 -------- d-----w- c:\documents and settings\User 1\Application Data\GetRightToGo
2010-01-07 16:07 . 2009-12-17 08:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-12-17 08:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 08:26 . 2009-12-11 20:04 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-03 15:41 . 2010-01-03 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\x_10
2009-12-30 23:01 . 2009-12-30 23:01 -------- d-----w- c:\program files\Speccy
2009-12-30 16:23 . 2009-11-16 21:16 -------- d-----w- c:\program files\Ubisoft
2009-12-24 05:57 . 2009-12-24 05:52 -------- d-----w- c:\program files\ERUNT
2009-12-23 17:37 . 2009-12-23 17:34 -------- d-----w- c:\documents and settings\User 1\Application Data\CBS Interactive
2009-12-21 19:14 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 16:20 . 2009-12-21 16:13 -------- d-----w- c:\program files\Change Folder Icon
2009-12-21 16:19 . 2009-12-21 16:19 163032 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-20 18:53 . 2009-12-05 16:46 -------- d-----w- c:\program files\MSECache
2009-12-20 16:43 . 2009-12-20 16:43 -------- d-----w- c:\program files\CPUID
2009-12-18 18:07 . 2009-12-18 18:07 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-18 16:00 . 2009-11-16 19:47 -------- d-----w- c:\program files\Unlocker
2009-12-16 20:14 . 2009-12-04 06:55 -------- d-----w- c:\program files\Call of Duty
2009-12-15 15:16 . 2009-12-15 15:16 -------- d-----w- c:\program files\Phyxion.net
2009-12-15 13:08 . 2009-11-17 00:21 -------- d-----w- c:\program files\Activision
2009-12-14 14:32 . 2009-12-14 14:32 -------- d-----w- c:\program files\IObit
2009-12-13 19:11 . 2009-11-16 21:28 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-12 18:31 . 2009-12-04 07:10 -------- d-----w- c:\program files\NovaLogic
2009-12-12 13:54 . 2009-12-12 13:25 -------- d-----w- c:\program files\Common Files\Real
2009-12-12 13:25 . 2009-12-12 13:25 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-12 13:25 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-12 13:25 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-12 13:25 . 2009-12-12 13:25 -------- d-----w- c:\program files\Real
2009-12-11 19:25 . 2009-12-11 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-12-11 12:11 . 2009-11-13 14:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-10 18:00 . 2009-12-22 21:25 358944 ----a-w- c:\windows\vncutil.exe
2009-12-10 18:00 . 2009-11-13 13:08 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-12-10 18:00 . 2009-11-13 13:08 1833504 ----a-w- c:\windows\SkyTel.exe
2009-12-10 18:00 . 2009-11-13 13:08 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-12-10 18:00 . 2009-11-13 13:08 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-12-10 18:00 . 2009-12-22 21:25 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-10 18:00 . 2009-11-13 13:08 50208 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-10 18:00 . 2009-11-13 13:08 18789920 ----a-w- c:\windows\RTHDCPL.EXE
2009-12-10 18:00 . 2009-11-13 13:08 2177568 ----a-w- c:\windows\MicCal.exe
2009-12-10 18:00 . 2009-11-13 13:08 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-12-10 18:00 . 2009-11-13 13:08 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-12-10 17:23 . 2009-11-13 13:08 6017568 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-12-09 12:21 . 2009-12-09 12:21 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-11-29 14:20 . 2009-11-29 14:20 138240 ----a-w- c:\documents and settings\User 1\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-29 14:20 . 2009-11-29 14:20 138240 ----a-w- c:\documents and settings\User 1\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-29 14:20 . 2009-11-29 14:20 138240 ----a-w- c:\documents and settings\User 1\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-29 14:20 . 2009-11-29 14:20 138240 ----a-w- c:\documents and settings\User 1\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-24 17:40 . 2009-11-13 13:08 838176 ----a-w- c:\windows\RtlExUpd.dll
2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 07:17 . 2009-11-13 13:08 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-11-18 07:16 . 2009-11-13 13:08 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-11-17 19:20 . 2009-11-17 19:20 10134 ----a-r- c:\documents and settings\User 1\Application Data\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
2009-11-16 20:55 . 2009-11-16 20:55 129 ----a-w- c:\documents and settings\User 1\Local Settings\Application Data\fusioncache.dat
2009-11-16 20:19 . 2009-11-16 20:19 0 ----a-w- c:\windows\nsreg.dat
2009-11-14 13:06 . 2009-11-13 12:53 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-13 16:04 . 2009-11-13 16:04 152576 ----a-w- c:\documents and settings\User 1\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-13 16:04 . 2009-11-13 16:04 79488 ----a-w- c:\documents and settings\User 1\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-13 12:54 . 2009-11-16 19:56 0 ----a-w- c:\documents and settings\User 1\Application Data\WinPatrol\Config.sys
2009-11-13 12:54 . 2009-11-16 19:56 0 ----a-w- c:\documents and settings\User 1\Application Data\WinPatrol\Autoexec.bat
2009-11-13 12:52 . 2009-11-13 12:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2004-02-20 15:22 . 2009-11-18 00:34 7031 ----a-w- c:\program files\DevMode.lua
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe "=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe "=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe "=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe "=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe "=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe "=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe "=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe "=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [03/02/2010 06:45 54752]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/11/2009 13:08 1691480]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07/09/2009 14:55 7680]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
S4 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UGTDAPOW
*Deregistered* - ugtdapow
.
Contents of the 'Scheduled Tasks' folder

2010-02-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 17:36]

2010-02-09 c:\windows\Tasks\User_Feed_Synchronization-{4A6847DF-5BA5-4FE2-8898-16FBCFCE3E1B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windowsbbs.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {1546FDED-AA4B-4712-A94C-BEA75CF99E18} = 217.171.135.1 217.171.132.1
FF - ProfilePath - c:\documents and settings\User 1\Application Data\Mozilla\Firefox\Profiles\aom3fm04.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.timesonline.co.uk/tol/news/
FF - component: c:\documents and settings\User 1\Application Data\Mozilla\Firefox\Profiles\aom3fm04.default\extensions\StrataBuddy@ReduxTeam\components\dwmxpcom.dll
FF - plugin: c:\documents and settings\User 1\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-790525478-1801674531-1688351417-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:e9,ae,50,47,9e,5e,28,ce,46,e6,af,86,29,38,a4,84,a5,bc,64,61,c8,07,bd,
7e,b8,e7,6e,ba,75,53,cb,f9,fc,bf,f5,ff,54,ec,a1,0b,2c,c6,41,26,cc,37,0e,08,\
"?? "=hex:11,e7,03,08,5c,e6,a4,85,04,d4,6c,ba,fc,66,88,33

[HKEY_USERS\S-1-5-21-790525478-1801674531-1688351417-1004\Software\SecuROM\License information*]
"datasecu "=hex:c4,f3,70,10,2b,b9,d4,b8,d3,64,3d,02,89,5c,1b,7a,ae,a5,95,27,bc,
61,d7,d4,9b,9f,84,69,bf,ab,39,8b,d7,4d,6e,9e,9b,be,0f,fb,4b,4a,73,bc,0e,ab,\
"rkeysecu "=hex:45,49,77,30,67,09,ff,79,28,36,66,b6,57,32,17,f7
.
Completion time: 2010-02-09 18:42:24
ComboFix-quarantined-files.txt 2010-02-09 18:42

Pre-Run: 161,561,968,640 bytes free
Post-Run: 161,526,071,296 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 769C4CD118CEA671723108747CAA3C6A
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:32, on 09/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\3 Mobile Broadband\3Connect\AutoUpdateSrv.exe
C:\Program Files\3 Mobile Broadband\3Connect\WilogApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsbbs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Windows Search.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 3391 bytes
Thanks

broni · 2010/02/09

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

cozzielex · 2010/02/09

Broni, the Kapersky on line scan is being updated and I dont want the trial version as it wants to remove other programmes I have (SAS).Is there anything else I should do at this stage?

broni · 2010/02/09

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Scan (This scan can take several hours, so please be patient)

Once the scan is completed, you may close the window

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

cozzielex · 2010/02/09

Broni,Attached below is the ESET scan report. How do you rate ESET as a malaware programme compared say to MBAM?.
Thanks for your help,as always.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5cfa1eb55e8cc44c92019a0d0e66a6b2
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-02-10 02:34:19
# local_time=2010-02-10 02:34:19 (+0000, GMT Standard Time)
# country= "United Kingdom "
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 7370963 7370963 0 0
# compatibility_mode=5891 16776533 100 100 23299 20417420 0 0
# compatibility_mode=8192 67108863 100 0 23867 23867 0 0
# scanned=5335
# found=0
# cleaned=0
# scan_time=954
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5cfa1eb55e8cc44c92019a0d0e66a6b2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-02-10 03:24:02
# local_time=2010-02-10 03:24:02 (+0000, GMT Standard Time)
# country= "United Kingdom "
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 7372130 7372130 0 0
# compatibility_mode=5891 16776533 100 100 24466 20418587 0 0
# compatibility_mode=8192 67108863 100 0 25034 25034 0 0
# scanned=88559
# found=0
# cleaned=0
# scan_time=2771

broni · 2010/02/09

Standalone ESET NOD32 is an antivirus program, while MBAM is antispyware program.
Different animals

Verify your Java version here: http://www.java.com/en/download/installed.jsp
Update, if necessary.
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista).

=================================================================

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
- O4 - Global Startup: Windows Search.lnk = ?

4. Click on Fix checked button.

5. Restart computer.

6. Post new HijackThis log.

When done.....

Your computer is clean

1. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

cozzielex · 2010/02/09

Thanks a lot Broni,
I'm, now up to date with windows and Java and my peace of mind is OK too.
I'm marking this now as 'solved' (Oops, sorry I can't, but it is resolved nonetheless)
Is there any advantage in my creating a restore point now that everything seems to be OK, or is that unnecessary.

broni · 2010/02/10

You're very welcome
You just created fresh restore point by turning system restore back on.
I'll mark this thread as "Resolved "
Good luck

cozzielex · 2010/02/10

Thanks Broni.
By the way I'm sure you are aware that this Sunday is both Valentine's Day and the first day of Chinese New Year (year of the Tiger).
So may I suggest that you kill two birds with one stone (so to speak) and if you happen upon an attractive cantonese person, you might greet them with "gung hay fat choy, n'gau oi lay ".
Thanks.

broni · 2010/02/10

OK. Cool
Thank you

cozzielex · 2010/02/10

I should point out that it's never worked too well for me except with a particularly pleasant lady in Shanghai who responded with "Dumb Brit ", which I thought was fairly positive!

broni · 2010/02/10

Hahahaha....

Log in or Sign up

Solved TrojanClicker:JS/Iframe.F

cozzielex Inactive Thread Starter

PeteC SuperGeek Staff

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved TrojanClicker:JS/Iframe.F

cozzielex Inactive Thread Starter

PeteC SuperGeek Staff

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

cozzielex Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches