Smitfraud-C.CoreService and csrss.exe

[Derek]

and the new combofix log please so I can see if it did anything

[GS]

Sorry

ComboFix 08-11-09.04 - Jason 2008-11-14 15:10:04.7 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2433 [GMT -5:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2008-10-14 to 2008-11-14  )))))))))))))))))))))))))))))))
.

2008-11-13 16:19 . 2008-11-13 16:19   250   --a------   c:\windows\gmer.ini
2008-11-09 12:33 . 2008-11-09 12:33   5,700   --a------   c:\windows\system32\tmp.reg
2008-11-09 12:32 . 2007-09-05 23:22   289,144   --a------   c:\windows\system32\VCCLSID.exe
2008-11-09 12:32 . 2006-04-27 16:49   288,417   --a------   c:\windows\system32\SrchSTS.exe
2008-11-09 12:32 . 2008-10-01 14:51   87,552   --a------   c:\windows\system32\VACFix.exe
2008-11-09 12:32 . 2008-10-10 07:58   82,944   --a------   c:\windows\system32\o4Patch.exe
2008-11-09 12:32 . 2008-05-18 20:40   82,944   --a------   c:\windows\system32\IEDFix.exe
2008-11-09 12:32 . 2008-10-10 07:58   82,944   --a------   c:\windows\system32\IEDFix.C.exe
2008-11-09 12:32 . 2008-08-18 11:19   82,432   --a------   c:\windows\system32\404Fix.exe
2008-11-09 12:32 . 2003-06-05 20:13   53,248   --a------   c:\windows\system32\Process.exe
2008-11-09 12:32 . 2004-07-31 17:50   51,200   --a------   c:\windows\system32\dumphive.exe
2008-11-09 12:32 . 2007-10-03 23:36   25,600   --a------   c:\windows\system32\WS2Fix.exe
2008-11-09 12:26 . 2008-11-09 12:26   <DIR>   d--------   c:\program files\Trend Micro
2008-11-09 09:52 . 2008-11-09 09:52   <DIR>   d--------   C:\Spybot - Search & Destroy
2008-11-09 09:44 . 2008-11-09 20:58   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2008-11-09 09:44 . 2008-11-09 20:58   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 15:03 . 2008-11-08 15:03   7,680   --ahs----   c:\windows\Thumbs.db
2008-11-08 14:36 . 2008-11-08 14:36   <DIR>   d--------   c:\windows\system32\LogFiles
2008-11-08 14:12 . 2008-11-08 14:12   <DIR>   d--------   c:\program files\Uniblue
2008-11-08 14:12 . 2008-11-08 14:12   <DIR>   d--------   c:\documents and settings\Jason\Application Data\Uniblue
2008-11-08 14:07 . 2008-11-08 14:12   <DIR>   d--h-c---   c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-08 13:34 . 2004-08-10 06:00   10,096,640   --a--c---   c:\windows\system32\dllcache\hwxcht.dll
2008-11-08 13:33 . 2004-08-10 06:00   2,134,528   --a--c---   c:\windows\system32\dllcache\smtpsnap.dll
2008-11-08 13:22 . 2008-11-08 13:22   488   -rah-----   c:\windows\system32\logonui.exe.manifest
2008-11-08 13:21 . 2008-11-08 13:21   749   -rah-----   c:\windows\WindowsShell.Manifest
2008-11-08 13:21 . 2008-11-08 13:21   749   -rah-----   c:\windows\system32\wuaucpl.cpl.manifest
2008-11-08 13:21 . 2008-11-08 13:21   749   -rah-----   c:\windows\system32\sapi.cpl.manifest
2008-11-08 13:21 . 2008-11-08 13:21   749   -rah-----   c:\windows\system32\nwc.cpl.manifest
2008-11-08 13:21 . 2008-11-08 13:21   749   -rah-----   c:\windows\system32\ncpa.cpl.manifest
2008-11-08 12:54 . 2004-08-10 06:00   24,661   --a------   c:\windows\system32\spxcoins.dll
2008-11-08 12:54 . 2004-08-10 06:00   24,661   --a--c---   c:\windows\system32\dllcache\spxcoins.dll
2008-11-08 12:54 . 2004-08-10 06:00   13,312   --a------   c:\windows\system32\irclass.dll
2008-11-08 12:54 . 2004-08-10 06:00   13,312   --a--c---   c:\windows\system32\dllcache\irclass.dll
2008-11-08 12:54 . 2008-11-08 13:36   4,382   --a------   c:\windows\imsins.BAK
2008-11-08 12:53 . 2008-11-08 12:53   <DIR>   d---s----   c:\windows\system32\config\systemprofile\History
2008-11-08 09:34 . 2008-11-10 19:07   <DIR>   d--------   c:\program files\Spyware Doctor
2008-11-08 09:11 . 2008-11-09 21:52   <DIR>   d-a------   c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 08:54 . 2008-11-08 08:56   664   --a------   c:\windows\system32\d3d9caps.dat
2008-11-08 07:50 . 2008-11-08 07:50   <DIR>   d--------   c:\program files\Alwil Software
2008-11-07 23:11 . 2008-11-07 23:11   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Avg7
2008-11-07 21:54 . 2008-11-07 22:11   <DIR>   d--------   c:\program files\RegCure
2008-11-07 20:35 . 2008-11-07 20:35   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\vlc
2008-11-07 16:13 . 2008-11-07 23:11   <DIR>   d--------   c:\documents and settings\Administrator
2008-11-06 18:11 . 2008-11-06 18:19   <DIR>   d--------   c:\temp\NT32
2008-11-06 18:11 . 2008-11-09 20:23   <DIR>   d--------   C:\Temp
2008-11-01 15:37 . 2008-11-01 15:37   <DIR>   dr-h-----   c:\documents and settings\Jason\Application Data\SecuROM
2008-11-01 15:37 . 2008-11-06 18:22   <DIR>   d--------   c:\documents and settings\Jason\Application Data\Red Alert 3
2008-11-01 15:14 . 2003-07-20 22:17   5,174   --a------   c:\windows\system32\nppt9x.vxd
2008-11-01 15:14 . 2005-01-04 13:43   4,682   --a------   c:\windows\system32\npptNT2.sys
2008-11-01 15:12 . 2008-11-01 15:12   <DIR>   d--------   C:\ProgramData
2008-11-01 15:12 . 2008-11-01 15:12   5,146   --a------   c:\windows\system32\ealregsnapshot1.reg
2008-11-01 14:53 . 2008-11-01 14:53   <DIR>   d--------   c:\windows\Logs
2008-11-01 14:53 . 2008-05-30 13:11   3,850,760   --a------   c:\windows\system32\D3DX9_38.dll
2008-11-01 14:53 . 2008-05-30 13:11   1,491,992   --a------   c:\windows\system32\D3DCompiler_38.dll
2008-11-01 14:53 . 2008-05-30 13:11   467,984   --a------   c:\windows\system32\d3dx10_38.dll
2008-11-01 10:05 . 2008-11-01 10:05   <DIR>   d--------   c:\documents and settings\All Users\Application Data\2DBoy
2008-11-01 10:03 . 2008-11-01 10:04   <DIR>   d--------   c:\program files\WorldOfGoo
2008-11-01 08:46 . 2008-11-01 08:46   <DIR>   d--------   c:\program files\gpotato
2008-10-28 21:08 . 2008-10-28 21:09   <DIR>   d--------   c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-15 21:27 . 2008-10-15 21:27   <DIR>   d--------   c:\documents and settings\BTS\Application Data\Apple Computer

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 02:37   ---------   d-----w   c:\program files\DOSBox-0.72
2008-11-08 18:49   ---------   d-----w   c:\program files\Full Tilt Poker
2008-11-08 18:46   ---------   d-----w   c:\program files\HollywoodPoker
2008-11-07 01:21   ---------   d-----w   c:\documents and settings\Jason\Application Data\Skype
2008-11-06 23:13   ---------   d-----w   c:\documents and settings\Jason\Application Data\uTorrent
2008-11-06 23:02   ---------   d-----w   c:\documents and settings\Jason\Application Data\skypePM
2008-11-01 20:12   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-11-01 20:12   ---------   d-----w   c:\program files\Electronic Arts
2008-11-01 00:38   ---------   d-----w   c:\program files\Warhammer
2008-10-29 02:09   ---------   d-----w   c:\program files\iTunes
2008-10-29 02:09   ---------   d-----w   c:\program files\iPod
2008-10-23 00:29   ---------   d-----w   c:\program files\Microsoft Silverlight
2008-10-16 07:01   ---------   d-----w   c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-11 03:37   ---------   d-----w   c:\documents and settings\Jason\Application Data\vlc
2008-10-05 17:45   ---------   d-----w   c:\program files\Ashkon Technology
2008-10-05 15:07   107,888   ----a-w   c:\windows\system32\CmdLineExt.dll
2008-10-05 14:50   ---------   d-----w   c:\program files\EA Games
2008-10-05 14:35   717,296   ----a-w   c:\windows\system32\drivers\sptd.sys
2008-10-05 14:35   ---------   d-----w   c:\documents and settings\Jason\Application Data\Roxio
2008-10-05 14:35   ---------   d-----w   c:\documents and settings\Jason\Application Data\DAEMON Tools
2008-10-01 17:01   32,000   ----a-w   c:\windows\system32\drivers\usbaapl.sys
2008-09-26 22:57   ---------   d-----w   c:\program files\Download Manager
2008-09-26 22:57   ---------   d-----w   c:\documents and settings\Jason\Application Data\IGN_DLM
2008-09-20 20:33   ---------   d-----w   c:\program files\NCsoft
2008-09-20 20:21   ---------   d-----w   c:\documents and settings\Jason\Application Data\GetRightToGo
2008-09-20 19:18   ---------   d-----w   c:\program files\Saga
2008-09-17 00:29   ---------   d-----w   c:\documents and settings\Jason\Application Data\Move Networks
2008-09-14 01:04   ---------   d-----w   c:\program files\Veoh Networks
2008-09-06 02:16   1,900,544   ----a-w   c:\windows\system32\usbaaplrc.dll
2008-08-29 14:18   87,336   ----a-w   c:\windows\system32\dns-sd.exe
2008-08-29 13:53   61,440   ----a-w   c:\windows\system32\dnssd.dll
2008-08-25 00:04   32,549   ----a-w   c:\windows\king-uninstall.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-11-14_14.17.29.03   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-14 19:27:06   2,032   ----a-w   c:\windows\SoftwareDistribution\EventCache\{F6919A51-219E-4742-92D8-128F7F112F1D}.bin
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"DKab1err"="c:\program files\Dell\Printer Software\ErrorApp\DKab1err.exe" [2006-10-21 521112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 68856]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-09 7774208]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-10-18 137216]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-04-20 26112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HostManager"="c:\program files\Common Files\AOL\1212722868\ee\AOLSoftware.exe" [2006-09-25 50736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-09 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"CTHelper"="CTHELPER.EXE" [2005-11-08 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-08 c:\windows\system32\CTXFIHLP.EXE]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2008-04-20 36953]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-04-18 20:59 10536 c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\DKabcoms.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Jason\\Desktop\\Silkroad_Full-Client_Downloader.exe"=
"c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Program Files\\Lineage II\\L2Updater.exe"=
"c:\\Documents and Settings\\Jason\\Desktop\\qqonlineinstall.exe"=
"c:\\Program Files\\QQ\\QQ2009\\Bin\\QQ.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\All Users\\Desktop\\Downloads\\trgame.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe [2006-10-21 508824]
R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2005-11-08 1095680]
S3 GoToAssist;GoToAssist;c:\program files\Citrix\GoToAssist\508\g2aservice.exe Start=service [ ]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2008-11-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-11-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 16:21]

2008-11-08 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 16:21]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\m3ahf9e5.default\
FF -: plugin - c:\program files\Download Manager\npfpdlm.dll
FF -: plugin - c:\program files\GameTap\bin\Release\npgametaptool.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npampx3.0.84.2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmidas.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 15:10:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-14 15:11:36
ComboFix-quarantined-files.txt  2008-11-14 20:10:59
ComboFix2.txt  2008-11-14 20:08:46
ComboFix3.txt  2008-11-14 19:17:42
ComboFix4.txt  2008-11-12 12:27:27
ComboFix5.txt  2008-11-14 20:09:58

Pre-Run: 125,612,568,576 bytes free
Post-Run: 125,598,793,728 bytes free

233   --- E O F ---   2008-11-06 12:09:52

[Derek]

looks OK now

how are things

[GS]

derek, Everything is running great.  Sypot shows all clear, I'm running avast and defender and they're clean. I beleive this problem came from one of attachments my son got from one of the exchange students in china. The file with the happy faces that appeared on the log were chinese characters in the file name. Thanks  Greg

[Derek]

*Follow these steps to uninstall Combofix and tools used in the removal of malware*
*  Click *START* then *RUN*
*  Now type *Combofix /u* in the runbox  and click *OK*.  Note the *space* between the *X* and the *U*, it needs to be there.



then
Turn off system restore by following instructions here
for XP   http://www.thespykiller.co.uk/index.php?page=8
or for Vista http://www.bleepingcomputer.com/tutorials/tutorial143.html

That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable system restore & create a new restore point. Now Empty Recycle bin on desktop

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Then pay an urgent visit to windows update & make sure you are fully updated,  that will help to plug the security holes that let these pests on in the first place


it won't do any harm to also do this to double check

Please download Malwarebytes' Anti-Malware to your desktop
from http://www.malwarebytes.org/affiliates/thespykiller/page/download-mbam.php or http://thespykiller.co.uk/downloads/mbam-setup.exe

Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please include this log in your next reply.

It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert) 
If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot 

[GS]

Malwarebytes' Anti-Malware log

Malwarebytes' Anti-Malware 1.30
Database version: 1401
Windows 5.1.2600 Service Pack 2

11/16/2008 9:58:20 AM
mbam-log-2008-11-16 (09-58-20).txt

Scan type: Quick Scan
Objects scanned: 58792
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54ebd53a-9bc1-480b-966a-843a333ca162} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9e91ef7b-6846-45c3-a8ab-67cf7c900783} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Derek]

MBAM found a couple of minor left overs. It should be all OK now

come back if you have any more problems

[Would you do all this for nothing?]

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts

<>

[Information]

  
  Information
   Security & Protection Blog
   Prevention
   Using Autoruns
     System Restore
  Rss feeds
     Microsoft at Home
     MSRC
     Malware blog

Take the Kaspersky Challenge: See what your current antivirus is missing. Our free online virus scanner is a great way to find out if you have any viruses or spyware on your machine without having to uninstall your current antivirus software or install a new one.

Kaspersky Online Scanner

Most importantly, you can see what viruses your current antivirus software let slip through! Now works with ANY Java enabled browser