Jump to content

wirosari

Members
  • Content Count

    66
  • Joined

  • Last visited

About wirosari

  • Rank
    Member

Previous Fields

  • System Specifications:
    Windows Vista
  1. Dear Juliet (sorry LOL) and PC Pitstop team, Thank you very much for great help. On another computer, I scanned with MBAM (Malware Bytes Anti Malware) . The UFD still became to be one Shortcut. For info then I tried to use EMSISOFT Emergency Kit http://download.cnet.com/Emsisoft-Free-Emergency-Kit/3000-2239_4-75219878.html and finally virus removed with NOD32 Online Scanner http://download.eset.com/special/eos/esetsmartinstaller_enu.exe Once again, thank you very much Juliet regards, Lee ========================== C:\Documents and Settings\All Users\msflganu.exe a variant of Win32/Kryptik.EIEK trojan cleaned by deleting (after the next restart) - quarantined C:\Program Files\netcut\netcut.exe a variant of Win32/NetTool.Netcut.A potentially unsafe application cleaned by deleting (after the next restart) - quarantined D:\forta\FreemakeVideoDownloaderSetup.exe Win32/OpenCandy potentially unsafe application deleted - quarantined D:\forta\avc-free_2.exe Win32/OpenCandy potentially unsafe application deleted - quarantined Operating memory multiple threats deleted (after the next restart) - quarantined
  2. Dear Jacee, So far so good. I've try a couple of times on this computer. Without any reinfections. I will also try this on other computers. Can the conventional anti-virus still effective to protect this kind of infections? Or do you have any suggestions? regards, Lee
  3. Dear Juliet/Jacee, (and also.... Nasdaq). Both are my valuable and trusted resources! Computer had been scanned with MBAM & 77 objects quarantined. Here is the MBAM LOG. Kindly please analyze. Thank you very much, Lee ====================== Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/12/2015 Scan Time: 10.20 Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.12.09.07 Rootkit Database: v2015.12.07.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: toto Scan Type: Threat Scan Result: Completed Objects Scanned: 277440 Time Elapsed: 6 min, 14 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 1 Trojan.Agent.PL, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|1348212572, "C:\Documents and Settings\All Users\mswcs.exe", Quarantined, [4ac12e757219f93dcd600cac9c669967] Registry Data: 0 (No malicious items detected) Folders: 16 PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\similar, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\da, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\de, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\en, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es_419, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\fr, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_BR, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_PT, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\ru, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\zh_CN, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_metadata, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl, Quarantined, [b358aef5028975c1fe174f4630d28a76], Files: 60 PUP.Optional.Delta.ShrtCln, C:\Documents and Settings\toto\My Documents\Downloads\Unlocker1.9.2.exe, Quarantined, [c348f6ad91faa88ec9298d0729d7ce32], PUP.Optional.Delta.ShrtCln, C:\Documents and Settings\toto\Local Settings\Temp\DeltaTB.exe, Quarantined, [2fdc8c1777147bbb8072eea6a35d03fd], PUP.Optional.Babylon, C:\Documents and Settings\toto\Local Settings\Temp\C5674E73-BAB0-7891-B09D-C90677A4E57D\Latest\BExternal.dll, Quarantined, [cb409112ee9da591cbaaf932837d3dc3], Trojan.Agent.PL, C:\Documents and Settings\All Users\mswcs.exe, Delete-on-Reboot, [4ac12e757219f93dcd600cac9c669967], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\am.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-128x128.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-16x16.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-19x19.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-38x38.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-48x48.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-64x64.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\background.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\channel.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\chromepopup.css, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\email.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\facebook.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\google_plus.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\imageoverlay.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery.hoverIntent.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery.lazyload.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery.scrollstop.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery_swl-1.7.2.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\laugh.ico, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\manifest.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\options.css, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\options.html, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\options.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\popup.html, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\popup.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\qp.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\rate.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\smileys.htm, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\smileyscript.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\SmileysWeLove.ico, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_base.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_core.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_facebookchat.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_smileys.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\twitter.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\uuid.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\similar\jquery.base64.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\similar\similar_tr.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\da\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\de\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\en\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es_419\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\fr\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_BR\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_PT\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\ru\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\zh_CN\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_metadata\computed_hashes.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_metadata\verified_contents.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\000003.log, Quarantined, [b358aef5028975c1fe174f4630d28a76], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\CURRENT, Quarantined, [b358aef5028975c1fe174f4630d28a76], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\LOCK, Quarantined, [b358aef5028975c1fe174f4630d28a76], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\LOG, Quarantined, [b358aef5028975c1fe174f4630d28a76], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\LOG.old, Quarantined, [b358aef5028975c1fe174f4630d28a76], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\MANIFEST-000001, Quarantined, [b358aef5028975c1fe174f4630d28a76], Physical Sectors: 0 (No malicious items detected) (end)
  4. Dear Juliet (and Jacee) - Glad to hear from you! Sorry to wrongly understand. I should be clicked "Remove All" I will running the MBAM again. I am not on the computer right now, so I will back to later. regards, Lee
  5. Dear Jacee, Here is the MBAM log. kindly pls check these items. Scan completed Malware detected NOTE: Not Deleted (Action: "Ignore Once") Thank you very much, Lee =============== Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 08/12/2015 Scan Time: 11.35 Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.12.07.06 Rootkit Database: v2015.12.07.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: toto Scan Type: Threat Scan Result: Completed Objects Scanned: 277697 Time Elapsed: 7 min, 2 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 1 Trojan.Agent.PL, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|1348212572, "C:\Documents and Settings\All Users\mswcs.exe", No Action By User, [78cabbe72467ba7cd5f2961ff2105da3] Registry Data: 0 (No malicious items detected) Folders: 16 PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\similar, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\da, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\de, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\en, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es_419, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\fr, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_BR, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_PT, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\ru, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\zh_CN, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_metadata, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl, No Action By User, [46fc841ed2b91a1cba10d0c272909769], Files: 60 PUP.Optional.Delta.ShrtCln, C:\Documents and Settings\toto\My Documents\Downloads\Unlocker1.9.2.exe, No Action By User, [a59d287a4a410f27a0c2dfb5eb15de22], PUP.Optional.Delta.ShrtCln, C:\Documents and Settings\toto\Local Settings\Temp\DeltaTB.exe, No Action By User, [c082267c870467cf431f9bf9936de41c], PUP.Optional.Babylon, C:\Documents and Settings\toto\Local Settings\Temp\C5674E73-BAB0-7891-B09D-C90677A4E57D\Latest\BExternal.dll, No Action By User, [a1a1edb525666cca88f2270431cf6799], Trojan.Agent.PL, C:\Documents and Settings\All Users\mswcs.exe, No Action By User, [78cabbe72467ba7cd5f2961ff2105da3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\am.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-128x128.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-16x16.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-19x19.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-38x38.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-48x48.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-64x64.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\background.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\channel.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\chromepopup.css, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\email.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\facebook.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\google_plus.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\imageoverlay.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery.hoverIntent.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery.lazyload.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery.scrollstop.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery_swl-1.7.2.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\laugh.ico, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\manifest.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\options.css, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\options.html, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\options.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\popup.html, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\popup.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\qp.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\rate.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\smileys.htm, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\smileyscript.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\SmileysWeLove.ico, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_base.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_core.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_facebookchat.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_smileys.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\twitter.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\uuid.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\similar\jquery.base64.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\similar\similar_tr.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\da\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\de\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\en\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es_419\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\fr\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_BR\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_PT\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\ru\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\zh_CN\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_metadata\computed_hashes.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_metadata\verified_contents.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\000003.log, No Action By User, [46fc841ed2b91a1cba10d0c272909769], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\CURRENT, No Action By User, [46fc841ed2b91a1cba10d0c272909769], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\LOCK, No Action By User, [46fc841ed2b91a1cba10d0c272909769], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\LOG, No Action By User, [46fc841ed2b91a1cba10d0c272909769], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\LOG.old, No Action By User, [46fc841ed2b91a1cba10d0c272909769], PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\MANIFEST-000001, No Action By User, [46fc841ed2b91a1cba10d0c272909769], Physical Sectors: 0 (No malicious items detected) (end)
  6. Dear Juliet, Thank you for your quick response. I have tried 2 of your suggested tools: 1. Panda USB Vaccine dont have a Cleaning Function - only vaccinating. 2. McShield Tools Do the "active cleaning" , but the PC still attemps to makes a "RUNDLL32 + random files" to the USB Flashdisk as soon as the USB re-plug-ed Any idea about this Juliet? Rgds, Lee ================================== MCShield ::Anti-Malware Tool:: http://www.mcshield.net/ >>> v 3.0.5.28 / DB: 2015.12.6.1 / Windows XP <<< 07/12/2015 11.06.07 > Drive F: - scan started (DSP ~3679 MB, FAT32 flash drive )... >>> F:\DSP (4GB).lnk - Malware > Deleted. (15.12.07. 11.06 DSP (4GB).lnk.990399; MD5: 170cea576b894e47df274ac29d9b293e) > Resetting attributes: F:\ < Successful. => Malicious files : 1/1 deleted. => Hidden folders : 1/1 unhidden.
  7. Dear Advisors, Please help on USB Flashdisk virus. Everytime I copy the file into flashdisk, it will change into a single icon. the application Properties show: %SystemRoot%\system32\rundll32.exe \\\\\\\\\\\ {BE6CA885-0F1A-4843-AD53-CD0249AF3653}. {BCAB370E-8EF7-4A3B-BB08-B3B4F6A8C2B6}, IuJvX9lNzbDpR3fe This is seems random and changed everytime. Kindly please help. btw, is Jacee and FZWG still here.... <3 regards, Lee GMT +7 HIJACKTHIS LOG (Prohibited? oh sorry) ============== Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 14.55, on 05/12/2015 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702)
  8. Thanks Jacee... for replying my post. I rely on you for many times I am not sure about the term "ROOTKIT", Other machine with Win XP also infected by this ALMANAHE Virus destroyed with reference of NOD Vaksin : http://www.vaksin.com/2008/0708/alman/Alman.html with REPAIR.INF cured it successfully. But please help me with this WINDOWS 2000 machine. I have delete it from save mode, But it hit back. Kindly which registry should be deactivated. Last Status: - Access normal from clients - Local Network very busy - My PCMAV-CLN.exe and PCMAV-RTP.exe (PC Media Virus Cleaner) size added 40 KB Oh, sorry I forget to attach the lastest log of HJT Trend Micro Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:13:58 PM, on 10/7/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\msdtc.exe C:\WINNT\system32\tcpsvcs.exe C:\WINNT\system32\svchost.exe C:\Program Files\firebird\firebird_1_5\bin\fbguard.exe C:\WINNT\System32\llssrv.exe C:\WINNT\system32\sfmsvc.exe C:\WINNT\system32\sfmprint.exe C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe C:\WINNT\system32\RTPSvc.exe C:\WINNT\system32\regsvc.exe C:\Program Files\HHVcdV7Sys\VC7SecS.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\igfxtray.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\SOUNDMAN.EXE C:\Program Files\HHVcdV7Sys\VC7Play.exe C:\WINNT\ALCWZRD.EXE C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe C:\Program Files\firebird\firebird_1_5\bin\fbserver.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\dllhost.exe F:\Adaware\VIRTOOL_COMBOFIX\HiJackThis_trendMicro.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VC7Player] C:\Program Files\HHVcdV7Sys\VC7Play.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - Startup: Shutdowner.exe.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{A9FC15BF-872D-49D9-840B-97E1708C7AC9}: NameServer = 128.0.0.1 O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\firebird\firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\firebird\firebird_1_5\bin\fbserver.exe O23 - Service: PCMAV RealTime Protector Service (PCMAVRTPService) - Unknown owner - C:\WINNT\system32\RTPSvc.exe O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Program Files\HHVcdV7Sys\VC7SecS.exe -- End of file - 2838 bytes
  9. Dear Advisors, My WINDOWS 2000 SP-4 Server infected by rootkit. Using COMBOFIX (Sept Edition) result and put the CFscript 2 files and registry deleted - but reinfected (see below) Save Mode efective but still reinfected. Pls urgent help needed... thanks, Lee GMT+7 COMBOFIX RESULT : ComboFix 08-09-24.09 - Administrator 09/30/2008 9:04:50.29 - NTFSx86 MINIMAL Microsoft Windows 2000 Advanced Server 5.0.2195.4.1252.1.1033.18.860 [GMT 7:00] Running from: F:\Adaware\VIRTOOL_COMBOFIX\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINNT\linkinfo.dll C:\WINNT\system32\drivers\nvmini.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NVMINI -------\Service_nvmini ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))) . 2008-10-06 09:00 . 08-10-06 09:00 <DIR> d-------- C:\ComboFixSEPT 2008-09-29 13:41 . 08-09-29 13:41 829,306 ---h----- C:\WINNT\ShellIconCache 2008-09-29 11:14 . 04-05-06 14:47 159,744 -ra------ C:\WINNT\system32\igfxres.dll 2008-09-29 09:32 . 04-05-06 14:52 110,592 -ra------ C:\WINNT\system32\igfxext.exe 2008-09-29 09:32 . 04-05-06 14:52 36,864 -ra------ C:\WINNT\system32\igfxexps.dll 2008-09-27 14:17 . 03-06-19 12:05 113,744 --a------ C:\WINNT\system32\drivers\ks.sys 2008-09-27 14:17 . 99-12-02 15:30 103,696 --a------ C:\WINNT\system32\ksproxy.ax 2008-09-27 14:17 . 03-06-19 12:05 42,000 --a------ C:\WINNT\system32\drivers\stream.sys 2008-09-27 14:17 . 03-06-19 12:05 21,264 --a------ C:\WINNT\system32\wdmaud.drv 2008-09-27 14:17 . 99-12-02 15:31 10,000 --a------ C:\WINNT\system32\ksvpintf.ax 2008-09-27 14:17 . 99-12-02 15:30 7,952 --a------ C:\WINNT\system32\ksinterf.ax 2008-09-27 14:17 . 99-12-02 15:31 7,440 --a------ C:\WINNT\system32\ksclockf.ax 2008-09-27 14:17 . 99-12-02 15:30 6,928 --a------ C:\WINNT\system32\ksdata.ax 2008-09-27 14:17 . 99-11-30 23:39 4,880 --a------ C:\WINNT\system32\ksuser.dll 2008-09-27 11:58 . 99-12-07 19:00 16,144 --a------ C:\WINNT\system32\linkinfo.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-23 05:12 155,648 ----a-w C:\WINNT\system32\RTPSvc.exe 2008-09-23 05:12 120,320 ----a-w C:\WINNT\system32\RTPScan.dll 2008-08-07 08:57 --------- d-----w C:\Program Files\Common Files\Adaptec Shared 2006-01-13 04:53 271 ---h--w C:\Program Files\desktop.ini 1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys . ((((((((((((((((((((((((((((( snapshot_Mon 2008-09-29_11.34.17.42 ))))))))))))))))))))))))))))))))))))))))) . + 1999-12-07 12:00:00 16,144 -c--a-w C:\WINNT\system32\dllcache\linkinfo.dll - 2008-09-29 04:16:35 194,017 ----a-w C:\WINNT\system32\inetsrv\MetaBase.bin + 2008-09-29 07:00:44 194,014 ----a-w C:\WINNT\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINNT\system32\igfxtray.exe" [04-05-06 14:52 155648] "HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [04-05-06 14:48 118784] "VC7Player"="C:\Program Files\HHVcdV7Sys\VC7Play.exe" [05-03-02 15:04 274432] "SoundMan"="SOUNDMAN.EXE" [04-05-03 17:21 67584 C:\WINNT\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [04-05-13 14:19 2540544 C:\WINNT\ALCWZRD.EXE] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Shutdowner.exe.lnk - F:\VKM 2006\Shutdowner.exe [2005-12-30 65536] C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\ Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2006-01-09 110592] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "disablecad"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= mmdrv.dll R0 DfsDriver;DfsDriver;C:\WINNT\system32\drivers\Dfs.sys [03-06-19 11:05 74448] R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-06-19 19:05 49776] S1 vdrv7000;vdrv7000;C:\WINNT\system32\DRIVERS\vdrv7000.sys [05-01-31 12:54 76672] S2 AppleTalk;AppleTalk Protocol;C:\WINNT\system32\DRIVERS\sfmatalk.sys [03-06-19 11:05 148400] S2 DHCPServer;DHCP Server;C:\WINNT\system32\tcpsvcs.exe [99-12-07 19:00 25360] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\firebird\firebird_1_5\bin\fbguard.exe [04-02-23 01:05 106496] S2 IAS;Internet Authentication Service;C:\WINNT\System32\svchost.exe [99-12-07 19:00 7952] S2 MacFile;File Server for Macintosh;C:\WINNT\system32\sfmsvc.exe [03-06-19 11:05 68368] S2 MacPrint;Print Server for Macintosh;C:\WINNT\system32\sfmprint.exe [99-12-07 19:00 85264] S2 MSSEARCH;Microsoft Search;C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe [00-07-13 01:44 73728] S2 PCMAVRTPService;PCMAV RealTime Protector Service;C:\WINNT\system32\RTPSvc.exe [08-09-23 12:12 155648] S2 SPARKEY;SPARKEY;C:\WINNT\System32\Drivers\sparkey.sys [08-05-06 09:53 12480] S2 VC7SecS;Virtual CD v7 Management Service;C:\Program Files\HHVcdV7Sys\VC7SecS.exe [05-03-02 15:04 143360] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\firebird\firebird_1_5\bin\fbserver.exe [04-02-23 01:05 1515599] S3 MACSRV;SFM Kernel Driver;C:\WINNT\system32\DRIVERS\sfmsrv.sys [03-06-19 11:05 154160] S3 NtFrs;File Replication;C:\WINNT\system32\ntfrs.exe [03-06-19 11:05 745232] S3 PCIUtil;PCI Utility;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PCIUtil.sys [ ] S3 spud;Special Purpose Utility Driver;C:\WINNT\system32\drivers\spud.sys [99-12-07 19:00 12336] S3 TDASYNC;TDASYNC;C:\WINNT\system32\drivers\TDASYNC.sys [03-06-19 11:05 12664] S3 TDIPX;TDIPX;C:\WINNT\system32\drivers\TDIPX.sys [03-06-19 11:05 20760] S3 TDNETB;TDNETB;C:\WINNT\system32\drivers\TDNETB.sys [03-06-19 11:05 18392] S3 TDSPX;TDSPX;C:\WINNT\system32\drivers\TDSPX.sys [03-06-19 11:05 18264] S3 TrkSvr;Distributed Link Tracking Server;C:\WINNT\system32\services.exe [03-06-19 11:05 89360] S3 WLBS;Network Load Balancing;C:\WINNT\system32\DRIVERS\wlbs.sys [03-06-19 11:05 66224] S4 IsmServ;Intersite Messaging;C:\WINNT\System32\ismserv.exe [03-06-19 11:05 25872] S4 kdc;Kerberos Key Distribution Center;C:\WINNT\System32\lsass.exe [03-06-19 11:05 33552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] tapisrv REG_MULTI_SZ Tapisrv . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = about:blank R0 -: HKCU-Main,Default_Search_URL = R0 -: HKLM-Main,Start Page = about:blank R0 -: HKLM-Main,Search Bar = O17 -: HKLM\CCS\Interface\{A9FC15BF-872D-49D9-840B-97E1708C7AC9}: NameServer = 128.0.0.1 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-30 09:11:17 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vdrv7000] "ImagePath"="system32\DRIVERS\vdrv7000.sys" . Completion time: 2008-09-30 9:13:02 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-30 02:13:00 ComboFix2.txt 2008-09-29 06:53:17 ComboFix3.txt 2008-09-29 06:49:22 ComboFix4.txt 2008-09-29 06:26:34 ComboFix5.txt 2008-09-30 02:04:34 Pre-Run: 31,583,137,792 bytes free Post-Run: 31,575,142,400 bytes free 124 CFscript like this: File:: C:\WINNT\linkinfo.dll C:\WINNT\system32\drivers\nvmini.sys Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nvmini]
  10. Rock, Thanks for suggest. I ve paralelling topic on HJT forum. No response so far. Back to you later. thanks, Lee
  11. Dear Advisors, USERINIT.EXE found in : 1. C\WINDOWS\SYSTEM32 (22kb) 2. C\WINDOWS\SYSTEM32\DLLCACHE 3. C\WINNT\SYSTEM32 (18kb) 4. C\WINNT\SYSTEM32\DLLCACHE In REGEDIT, I found 2 strange entries: HKLM\software\micrososft\winNT\Current ver\winlogon\ 2 entries and its values: - USERINIT (NO DOT) - C:\WINDOWS\SYSTEM32\USERINIT.EXE, - USERINIT. (WITH DOT) - USERINIT.EXE - Is this normal? - the NO DOT entry value is: c:\WINDOWS\..... - Should I change it directly to C:\WINNT\.... Pls help me to create a Repair Registry Script - Should I delete the WITH DOT value? - And pls analyze this problem, the side effect? Dump of Phisical Memory STOP : 0X0000009F, ... DRIVER_POWER_STATE_FAILURE Please help me and thanks.... Rgds, Lee
  12. Many Thanks Rock, About the POWER FAILURE. Pls help me to find about: Which one is the REAL Userinit.exe regarding of the situation. The O/S is Windows 2000 server ver 5.00.2195 And the "strange" (WITH DOT) value of HKLM registry. Rgds, Lee
  13. Dear all, USERINIT.EXE found in : 1. C\WINDOWS\SYSTEM32 (22kb) 2. C\WINDOWS\SYSTEM32\DLLCACHE 3. C\WINNT\SYSTEM32 (18kb) 4. C\WINNT\SYSTEM32\DLLCACHE In REGEDIT, I found 2 strange entries: HKLM\software\micrososft\winNT\Current ver\winlogon\ 2 entries and its values: - USERINIT (NO DOT) - C:\WINDOWS\SYSTEM32\USERINIT.EXE, - USERINIT. (WITH DOT) - USERINIT.EXE - Is this normal? - the NO DOT entry value is: c:\WINDOWS\..... - Should I change it directly to C:\WINNT\.... Pls help me to create a Repair Registry Script - Should I delete the WITH DOT value? - And pls analyze this problem, the side effect? Dump of Phisical Memory STOP : 0X0000009F, ... DRIVER_POWER_STATE_FAILURE Please help me and thanks.... Lee
  14. Dear hftmrock, The last condition is : - Message: USERINIT.EXE Entry Point Not Found DeactivateActCtx cannot found in Kernel32.dll - Green blank desktop - Task Manager (with : Ctrl alt del) EXPLORER.EXE - The ICONS and STARTMENU appear (It shows all!) - Shutting Down the PC makes : Dump of Phisical Memory STOP : 0X0000009F, ... DRIVER_POWER_STATE_FAILURE Bythe way, regarding the Microsoft K.Base, I found 3 Userinit.exe. Which one is the right one? And .. REGEDIT : HKLM\software\micrososft\winNT\Current ver\winlogon\ 2 entries and its values: - USERINIT (NO DOT) - C:\WINDOWS\SYSTEM32\USERINIT.EXE, - USERINIT. (WITH DOT) - USERINIT.EXE thanks for help. Lee
  15. Dear hftmrock, Thanks for your reply. Its worth a try. Its my big fault. This happens after a careless deletion of a (active) virus. Please help analyze the caracteristic of ARCLDR and ALCSETUP virus. And is it possible to replace the USERINIT.EXE or doing some editing what "inside" the USERINIT ? (Like doing regedit or sysedit?) Thank you. I appreciates your help. Pls still in contact. (Late reply. GMT +7 here) rgds, Lee
×
×
  • Create New...