Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiMalware Doctor infection,Have logs, Am I clean?


  • Please log in to reply
1 reply to this topic

#1 james9999

james9999

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 04 August 2010 - 08:05 PM

Not sure exactly where the URL of the driveby download occurred. All I know was that I was using Absolute Poker and then a FILE OPERATION popup came on (VISTA home). I thought for a minute and DENIED it because I didn't initiate anything, so I sat back and thought I was infected by some type of virus. Then the FILE Operation occured again and again, I denied it after a couple of times. Then anti malware doctor popped up and was running and scanning my files

So I know how I got infected, from a java driveby download from some site (RWMAEONSXC.EXE ? ), I suspect vulnerability came in through one of Adbrites or someone elses ADs probably

Then my AV : Kaspersky was went crazy.



But long story short, I have removed some registry files, have located the main program: @ C:\Users\user\AppData\Roaming\B6D140381AC0738E2D583B79DCD20011\newreleaseversion70700.exe

and found registry:
CurrentVersion/Run/ > C:\Users\user\AppData\Roaming\B6D140381AC0738E2D583B79DCD20011\newreleaseversion70700.exe


Kaspersky does NOT pick up on this file. Nor Malwarebytes.

I sent through VirusTotal.com and Sent it in to Kaspersky.

Looking at the logs, it appears a trojan dropper () was downloaded by the java exploit and then the trojan installed new release version 70700.exe. Now what Im wondering is if it installed any other trojans or anytype of RAT or BOT on my computer besides that. And how bad antimalware doctor is (as in steals private info/creditcards/logins/etc...)





------------------------------------------
Heres are the logs


I have Malwarebytes running in the background right now. Did a quick scan and removed

CODE
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

8/4/2010 4:30:59 PM
mbam-log-2010-08-04 (16-30-59).txt

Scan type: Quick scan
Objects scanned: 132981
Time elapsed: 11 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{fa8edcdd-efa2-477b-b00a-7f28f02cd37e} (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\user\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.

I saved the log (thats why it says No action Taken) and then I removed them.




Here is my HJT log


CODE
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:08:47 PM, on 8/4/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\NoteTab Pro 6\NotePro.exe
C:\Windows\explorer.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\user\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.0.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: ICQToolbar - {00000000-0000-0000-0000-000000000000} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-8LAEE.exe" /REG
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (HKCU)
O9 - Extra button: TrustDefender - Safe Secure Check - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\TrustDefender\TrustDefender\TDIEButton.dll (HKCU)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\widecap\widecapdrv.dll
O10 - Unknown file in Winsock LSP: c:\program files\widecap\widecapdrv.dll
O10 - Unknown file in Winsock LSP: c:\program files\widecap\widecapdrv.dll
O10 - Unknown file in Winsock LSP: c:\program files\widecap\widecapdrv.dll
O10 - Unknown file in Winsock LSP: c:\program files\widecap\widecapdrv.dll
O10 - Unknown file in Winsock LSP: c:\program files\widecap\widecapdrv.dll
O10 - Unknown file in Winsock LSP: c:\program files\widecap\widecapdrv.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service:  Service - Unknown owner - C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Kaspersky Lab - (no file)
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15839 bytes






HERE IS Kasperskys Logs


CODE
8/4/2010 3:25:46 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache7093163397127071610.tmp/Main.class        
8/4/2010 3:25:46 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache8710550426548647426.tmp/Main.class        
8/4/2010 3:25:46 PM    Kaspersky Internet Security    Protection Center    Detected: HEUR:Exploit.Script.Generic            C:\Documents and Settings\user\AppData\Local\Temp\nps3471.tmp/data0000        
8/4/2010 3:27:21 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://content.yieldmanager.edgesuite.net/atoms/1f/eb/8b/bc/1feb8bbca2cff5f22291a8b3626068fb.swf?clickTag=http%3A%2F%2Fad%2Efoxnetworks%2Ecom%2Fclk%3F2%2C13%253B7b7f79b1b8cff583%253B12a3f3747b8%2C0%253B%253B%253B3082547792%2CAAAAAKvjDQAx9FkAAAAAAKljGAAAAAAAAgBEAAYAAAAAAP8AAAAEEC19FwAAAAAAQjkFAAAAAADzhCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiggcAAAAAAAIAAwAAAAAAV0c3PyoBAAAAAAAAADcyZDQxODEyLWEwMTctMTFkZi04ODIyLTAwMzA0OGQ3NWI4NAAHAAAAAAA%3D%2C%2Chttp%253A%252F%252Fv%2Ei%2Ej%2Ecltomedia%2Einfo%252Fdelivery%252Fafr%2Ephp%253Fzoneid%253D7%2526cb%253D579391587%2C        
8/4/2010 3:27:21 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://content.yieldmanager.edgesuite.net/atoms/d2/b8/75/34/d2b8753431ccf86db3a3b671ea48e25e.swf?clickTAG=http%3A%2F%2Fad%2Esmowtion%2Ecom%2Fclk%3F2%2C13%253B732c17e11a5bca98%253B12a3f37506c%2C0%253B%253B%253B4187461975%2CAAAAAETrEAANCjYAAAAAAPANEgAAAAAAAwBIAAEAAAAAAP8AAAAEELafHAAAAAAAot0OAAAAAAAA4xgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5%2DwkAAAAAAAIAAwAAAAAA0k83PyoBAAAAAAAAADc0MWY0Zjg0LWEwMTctMTFkZi05ZDBkLTAwMzA0OGQ3NjA4NAAJAAAAAAA%3D%2Chttp%253A%252F%252Fads%2Esmowtion%2Ecom%252Fclick%253Furl%253D%2Chttp%253A%252F%252Fv%2Ei%2Ej%2Ecltomedia%2Einfo%252Fdelivery%252Fafr%2Ephp%253Fzoneid%253D3%2526cb%253D1622227230%2C        
8/4/2010 3:27:38 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_000037        
8/4/2010 3:27:38 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_000038        
8/4/2010 3:27:43 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://content.yieldmanager.edgesuite.net/atoms/1f/eb/8b/bc/1feb8bbca2cff5f22291a8b3626068fb.swf?clickTag=http%3A%2F%2Fad%2Efoxnetworks%2Ecom%2Fclk%3F2%2C13%253B3f53758fac21dbe1%253B12a3f379ac6%2C0%253B%253B%253B191106097%2CAAAAAKvjDQAx9FkAAAAAAKljGAAAAAAAAgBMAAYAAAAAAP8AAAAEEC19FwAAAAAAQjkFAAAAAADzhCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiggcAAAAAAAIAAwAAAAAAZ5o3PyoBAAAAAAAAADdmODBiYjEwLWEwMTctMTFkZi1iN2JmLTAwMzA0OGQ3NTZiMgAHAAAAAAA%3D%2C%2Chttp%253A%252F%252Fv%2Ei%2Ej%2Ecltomedia%2Einfo%252Fdelivery%252Fafr%2Ephp%253Fzoneid%253D5%2526cb%253D1510910498%2C        
8/4/2010 3:27:44 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://www.analyticnet.info/analytics/files/8.php        
8/4/2010 3:27:54 PM    browser    Application Control    Allowed: Using system program interfaces (DNS)    Use DNS caching system for conversion        www.absolutebanking.com    Using system program interfaces (DNS)    
8/4/2010 3:27:59 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_00003c        
8/4/2010 3:28:21 PM    mainclient    Application Control    Allowed: Using system program interfaces (DNS)    Use DNS caching system for conversion        user-PC    Using system program interfaces (DNS)    
8/4/2010 3:28:31 PM    mainclient    Web Anti-Virus    Packed: Swf2Swc            http://banner.absolutepoker.com//2010-07-27_62734_A_1.swf        
8/4/2010 3:28:33 PM    mainclient    Web Anti-Virus    Packed: Swf2Swc            http://www.absolutepoker.net/share/banners/client/ap/apbanner_signup.swf        
8/4/2010 3:28:35 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\YIJJFK8D\2010-07-27_62734_A_1[2].swf        
8/4/2010 3:28:35 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\3EEVV04F\apbanner_signup[1].swf        
8/4/2010 3:28:44 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://content.yieldmanager.edgesuite.net/atoms/31/6a/78/e0/316a78e02c69181b7ef6d5aaf2f395b5.swf?clickTag=http%3A%2F%2Fad%2Efoxnetworks%2Ecom%2Fclk%3F2%2C13%253Bbd5ee1c66a30bceb%253B12a3f389305%2C0%253B%253B%253B2629176112%2CAAAAAKvjDQAOxlkAAAAAAE9TGAAAAAAAAgBYAAYAAAAAAP8AAAAEEC19FwAAAAAAhN8ZAAAAAADccCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiggcAAAAAAAIAAwAAAAAAppI4PyoBAAAAAAAAAGE1NjFlMDM0LWEwMTctMTFkZi04MjllLTAwMzA0OGQ3MjBiOAAHAAAAAAA%3D%2C%2Chttp%253A%252F%252Fv%2Ei%2Ej%2Ecltomedia%2Einfo%252Fdelivery%252Fafr%2Ephp%253Fzoneid%253D5%2526cb%253D2141032491%2C        
8/4/2010 3:28:45 PM    mainclient    Web Anti-Virus    Packed: Swf2Swc            http://www.absolutepoker.net/share/banners/client/ap/20100702-uboc5-starts-538x111-ap-v2.swf        
8/4/2010 3:28:45 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\7CRBWYTU\20100702-uboc5-starts-538x111-ap-v2[1].swf        
8/4/2010 3:28:45 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\7CRBWYTU\20100702-uboc5-starts-538x111-ap-v2[1].swf        
8/4/2010 3:28:55 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\7CRBWYTU\20100713-uboc5satellite-538x111-ap-v1[2].swf        
8/4/2010 3:28:59 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\7CRBWYTU\20100702-uboc5-starts-538x111-ap-v2[1].swf        
8/4/2010 3:29:08 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\3EEVV04F\20100720-uboc5sescp-538x111-ap-v1[1].swf        
8/4/2010 3:29:21 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\FAN4ZD7M\20100720-1millionsatelliteaug8-538x111-ap-v1[1].swf        
8/4/2010 3:29:30 PM    browser    Application Control    Allowed: Using system program interfaces (DNS)    Use DNS caching system for conversion        www.absolutebanking.com    Using system program interfaces (DNS)    
8/4/2010 3:29:33 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\3EEVV04F\apbanner_signup[1].swf        
8/4/2010 3:29:37 PM    browser    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\7CRBWYTU\jStore[2].swf        
8/4/2010 3:30:15 PM    WMI Provider Host    Self-Defense    Denied    Open        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe        
8/4/2010 3:30:27 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://s.ytimg.com/yt/swf/watch_as3-vfl181426.swf        
8/4/2010 3:30:43 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_000047        
8/4/2010 3:31:01 PM    Yahoo! Toolbar Assistant    Application Control        Assigned application status        Trusted    Signed by the digital signature of entrusted manufacturers    
8/4/2010 3:31:24 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://ibuzz.co.in/sachin/design-sto-cut22-nosound_opt.swf        
8/4/2010 3:31:30 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://s0.2mdn.net/2810479/2-InBannerVideo_ViPrPf_kwSkus.swf?clickTag=http%3A%2F%2Fad.doubleclick.net%2Fclick%253Bh%253Dv8%2F39ec%2Ff%2F1e4%2F%252a%2Fp%253B226433155%253B0-0%253B0%253B51199819%253B4307-300%2F250%253B37418924%2F37436801%2F1%253B%253B%257Esscs%253D%253fhttp%3A%2F%2Fclick.adbrite.com%2Fmb%2Fclick.php%3Fsid%3D455864%26banner_id%3D13398066%26variation_id%3D1784642%26uts%3D1280961090%26keyword_id%3D%26ab%3D168296559%26sscup%3Ddf48e2f4542ee4fa1fc99c649eadfd0f%26sscra%3D217aa6657fdd55bd9d267c10d4ada632%26ub%3D1198069922%26guid%3D168296506x0.573_1274084371x-2143346266%26odc%3Dsvx%26rs%3Dtp%26tgt%3Dhttp%253A%252F%252Fwww.adbrite.com%252Fmb%252Fcommerce%252Fpurchase_form.php%253Fother_product_id%253D455864%26sc%3D%26adt%3D1%26bg%3D12591242%26rhash%3D66ecfe641c8bc5ad4ecdb5aa0341fb5c%26nsscup%3D22502f66967320d47d0e823b5417cd81%26bkw%3D%26r%3D&xmlFile=InBannerVideo_ViPrPf_AdBrite1_ronQ3.xml&taxonomyId=21&taxonomyType=dep&productCID=654321&keywords=&skus=932355|11068795|11748603|12504432|10339993|12283620|12299957|11157437|10399538|80001080|12329416|12605527|12958071|12096129|10774372|12064178|12534884|12299967|12110881|11191005|10720259|12352574|12354905|10100181|12262003|11043907|12670210|11261117|12698252|12409068|12534882|12388961|10808982|12882079|11924784|12246610|12613640|12931739|12673778        
8/4/2010 3:31:33 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://s0.2mdn.net/2810479/2-InBannerVideo_ViPrPf_kwSkus.swf?clickTag=http%3A%2F%2Fad.doubleclick.net%2Fclick%253Bh%253Dv8%2F39ec%2Ff%2F1f3%2F%252a%2Fx%253B226433155%253B0-0%253B0%253B51199815%253B4307-300%2F250%253B37418924%2F37436801%2F1%253B%253B%257Esscs%253D%253fhttp%3A%2F%2Fclick.adbrite.com%2Fmb%2Fclick.php%3Fsid%3D455864%26banner_id%3D13423766%26variation_id%3D1784638%26uts%3D1280961093%26cpc%3D302e393733%26keyword_id%3D%26ab%3D168296535%26sscup%3D14f9b136147ca9dcc77843338b2eab63%26sscra%3D217aa6657fdd55bd9d267c10d4ada632%26ub%3D1198069922%26guid%3D168296506x0.573_1274084371x-2143346266%26odc%3Dsvx%26rs%3Dtp%26tgt%3Dhttp%253A%252F%252Fwww.adbrite.com%252Fmb%252Fcommerce%252Fpurchase_form.php%253Fother_product_id%253D455864%26sc%3D%26adt%3D1%26bg%3D12616942%26rhash%3D66ecfe641c8bc5ad4ecdb5aa0341fb5c%26nsscup%3D206ba5bc260e3c7c03b95b588fe3f140%26bkw%3D%26r%3D&xmlFile=InBannerVideo_ViPrPf_AdBrite1_ronQ3.xml&taxonomyId=21&taxonomyType=dep&productCID=654321&keywords=&skus=932355|11068795|11748603|12504432|10339993|12283620|12299957|11157437|10399538|80001080|12329416|12605527|12958071|12096129|10774372|12064178|12534884|12299967|12110881|11191005|10720259|12352574|12354905|10100181|12262003|11043907|12670210|11261117|12698252|12409068|12534882|12388961|10808982|12882079|11924784|12246610|12613640|12931739|12673778        
8/4/2010 3:31:41 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://konac.kontera.com/javascript/lib/2010_08_04/flash/konalayer.swf//konalayer        
8/4/2010 3:31:43 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_00004d        
8/4/2010 3:31:46 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://images.kontera.com/IMAGE_DIR/6675/17313/22745_1280446671.swf        
8/4/2010 3:31:46 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://images.kontera.com/IMAGE_DIR/6504/16965/21298_1278466832.swf        
8/4/2010 3:31:47 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_00004f        
8/4/2010 3:31:50 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_000052        
8/4/2010 3:31:54 PM    mainclient    Web Anti-Virus    Packed: Swf2Swc            http://www.absolutepoker.net/share/banners/client/ap/20100720-uboc5sescp-538x111-ap-v1.swf        
8/4/2010 3:31:54 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\3EEVV04F\20100720-uboc5sescp-538x111-ap-v1[1].swf        
8/4/2010 3:31:55 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\3EEVV04F\20100720-uboc5sescp-538x111-ap-v1[1].swf        
8/4/2010 3:31:57 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_000054/packed        
8/4/2010 3:32:02 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_000056        
8/4/2010 3:32:02 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_000057        
8/4/2010 3:32:02 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\3EEVV04F\20100720-uboc5sescp-538x111-ap-v1[1].swf        
8/4/2010 3:32:06 PM    mainclient    Web Anti-Virus    Packed: Swf2Swc            http://www.absolutepoker.net/share/banners/client/ap/20100720-1millionsatelliteaug8-538x111-ap-v1.swf        
8/4/2010 3:32:08 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\7CRBWYTU\20100720-1millionsatelliteaug8-538x111-ap-v1[1].swf        
8/4/2010 3:32:17 PM    mainclient    Web Anti-Virus    Packed: Swf2Swc            http://www.absolutepoker.net/share/banners/client/ap/apbanner_signup.swf        
8/4/2010 3:32:19 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\3EEVV04F\apbanner_signup[1].swf        
8/4/2010 3:32:28 PM    mainclient    Web Anti-Virus    Packed: Swf2Swc            http://www.absolutepoker.net/share/banners/client/ap/20100702-uboc5-starts-538x111-ap-v2.swf        
8/4/2010 3:32:39 PM    mainclient    Web Anti-Virus    Packed: Swf2Swc            http://www.absolutepoker.net/share/banners/client/ap/20100713-uboc5satellite-538x111-ap-v1.swf        
8/4/2010 3:32:39 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\7CRBWYTU\20100702-uboc5-starts-538x111-ap-v2[1].swf        
8/4/2010 3:32:49 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\3EEVV04F\20100713-uboc5satellite-538x111-ap-v1[2].swf        
8/4/2010 3:33:00 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\7CRBWYTU\20100720-1millionsatelliteaug8-538x111-ap-v1[1].swf        
8/4/2010 3:33:11 PM    mainclient    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\3EEVV04F\apbanner_signup[1].swf        
8/4/2010 3:34:26 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://s.ytimg.com/yt/swf/iv3_module-vfl181412.swf        
8/4/2010 3:34:42 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_00005c        
8/4/2010 3:36:43 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://content.yieldmanager.edgesuite.net/atoms/a0/ac/2a/95/a0ac2a958478897386160e5beabbc4be.swf?clickTag=http%3A%2F%2Fad%2Esmowtion%2Ecom%2Fclk%3F2%2C13%253B5343d7975496c161%253B12a3f3fdf74%2C0%253B%253B%253B1434025551%2CAAAAAETrEAA3j1cAAAAAALLeFwAAAAAAAgFgAAYAAAAAAP8AAAAEELafHAAAAAAAvNAfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5%2DwkAAAAAAAIAAgAAAAAAjN4%2EPyoBAAAAAAAAAGMyNjY4YmRlLWEwMTgtMTFkZi04NjI4LTAwMzA0OGQ2NmE5MAAJAAAAAAA%3D%2Chttp%253A%252F%252Fads%2Esmowtion%2Ecom%252Fclick%253Furl%253D%2Chttp%253A%252F%252Fv%2Ei%2Ej%2Ecltomedia%2Einfo%252Fdelivery%252Fafr%2Ephp%253Fzoneid%253D7%2526cb%253D1043725633%2C        
8/4/2010 3:36:44 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://content.yieldmanager.edgesuite.net/atoms/f7/89/42/38/f7894238ae75fc5700284d931fe92276.swf?clickTAG=http%3A%2F%2Fad%2Efoxnetworks%2Ecom%2Fclk%3F2%2C13%253B8669c32de2973b1d%253B12a3f3fe04f%2C0%253B%253B%253B932081955%2CAAAAAKvjDQBfiVYAAAAAAAqbFwAAAAAAAgBgAAYAAAAAAP8AAAAEEC19FwAAAAAATHwfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiggcAAAAAAAIAAgAAAAAA8N8%2EPyoBAAAAAAAAAGMyOWQwNTYwLWEwMTgtMTFkZi05NzgxLTAwMzA0OGQ3MWQzMgAHAAAAAAA%3D%2C%2Chttp%253A%252F%252Fv%2Ei%2Ej%2Ecltomedia%2Einfo%252Fdelivery%252Fafr%2Ephp%253Fzoneid%253D5%2526cb%253D389142557%2C        
8/4/2010 3:36:44 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://content.yieldmanager.edgesuite.net/atoms/d1/03/5a/24/d1035a24b2f674f4cb30e8f20cd4782a.swf?clickTAG=http%3A%2F%2Fad%2Esmowtion%2Ecom%2Fclk%3F2%2C13%253Bedaf3c3a78ef2f66%253B12a3f3fe01d%2C0%253B%253B%253B1536431237%2CAAAAAETrEAA85EwAAAAAABMeFQAAAAAAAgBgAAEAAAAAAP8AAAAEELafHAAAAAAA8gscAAAAAACPfBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5%2DwkAAAAAAAIAAwAAAAAAb98%2EPyoBAAAAAAAAAGMyODk0ZWE4LWEwMTgtMTFkZi04OWM4LTAwMzA0OGQ3NWM1YwAJAAAAAAA%3D%2Chttp%253A%252F%252Fads%2Esmowtion%2Ecom%252Fclick%253Furl%253D%2Chttp%253A%252F%252Fv%2Ei%2Ej%2Ecltomedia%2Einfo%252Fdelivery%252Fafr%2Ephp%253Fzoneid%253D3%2526cb%253D611651313%2C        
8/4/2010 3:36:54 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://content.yieldmanager.edgesuite.net/atoms/d1/03/5a/24/d1035a24b2f674f4cb30e8f20cd4782a.swf?clickTAG=http%3A%2F%2Fad%2Esmowtion%2Ecom%2Fclk%3F2%2C13%253Bbfa5688a43ac2e6e%253B12a3f400b01%2C0%253B%253B%253B3248181243%2CAAAAAETrEAA85EwAAAAAABMeFQAAAAAAAgBkAAEAAAAAAP8AAAAEELafHAAAAAAA8gscAAAAAACPfBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5%2DwkAAAAAAAIAAwAAAAAAaApAPyoBAAAAAAAAAGM5MTdlM2JhLWEwMTgtMTFkZi1hOTBkLTAwMzA0OGQ3MzEyNgBoAAAAAAA%3D%2Chttp%253A%252F%252Fads%2Esmowtion%2Ecom%252Fclick%253Furl%253D%2Chttp%253A%252F%252Fv%2Ei%2Ej%2Ecltomedia%2Einfo%252Fdelivery%252Fafr%2Ephp%253Fzoneid%253D3%2526cb%253D1490928433%2C        
8/4/2010 3:36:54 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://content.yieldmanager.edgesuite.net/atoms/f7/89/42/38/f7894238ae75fc5700284d931fe92276.swf?clickTAG=http%3A%2F%2Fad%2Efoxnetworks%2Ecom%2Fclk%3F2%2C13%253Babf9e466753d570b%253B12a3f400c7f%2C0%253B%253B%253B575219382%2CAAAAAKvjDQBfiVYAAAAAAAqbFwAAAAAAAgBkAAYAAAAAAP8AAAAEEC19FwAAAAAATHwfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiggcAAAAAAAIAAgAAAAAAIQxAPyoBAAAAAAAAAGM5NWIyNjVjLWEwMTgtMTFkZi05ZTQ4LTAwMzA0OGQ3NTc3OAAHAAAAAAA%3D%2C%2Chttp%253A%252F%252Fv%2Ei%2Ej%2Ecltomedia%2Einfo%252Fdelivery%252Fafr%2Ephp%253Fzoneid%253D7%2526cb%253D753127840%2C        
8/4/2010 3:36:59 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://content.yieldmanager.edgesuite.net/atoms/f7/89/42/38/f7894238ae75fc5700284d931fe92276.swf?clickTAG=http%3A%2F%2Fad%2Efoxnetworks%2Ecom%2Fclk%3F2%2C13%253B698073d9063570bb%253B12a3f402277%2C0%253B%253B%253B2870181480%2CAAAAAKvjDQBfiVYAAAAAAAqbFwAAAAAAAgBoAAYAAAAAAP8AAAAEEC19FwAAAAAATHwfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiggcAAAAAAAIAAgAAAAAACiJAPyoBAAAAAAAAAGNjYjMwZjkwLWEwMTgtMTFkZi1hOGQyLTAwMzA0OGQ3MWRiYwAHAAAAAAA%3D%2C%2Chttp%253A%252F%252Fv%2Ei%2Ej%2Ecltomedia%2Einfo%252Fdelivery%252Fafr%2Ephp%253Fzoneid%253D5%2526cb%253D33201023%2C        
8/4/2010 3:36:59 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_000069        
8/4/2010 3:37:00 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_00006a        
8/4/2010 3:37:00 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_00006b        
8/4/2010 3:37:10 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_00006c        
8/4/2010 3:37:10 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_00006d        
8/4/2010 3:37:15 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_00006e        
8/4/2010 3:41:15 PM    RAWESCNMOX.EXE    Application Control        Assigned application status        Low Restricted    Heuristically calculated threat rating     
8/4/2010 3:41:19 PM    Windows Command Processor    File Anti-Virus    Packed: PE_Patch            C:\USERS\USER\APPDATA\LOCAL\TEMP\sronmawecx.exe        
8/4/2010 3:41:20 PM    Windows Command Processor    File Anti-Virus    Packed: PE_Patch            C:\USERS\USER\APPDATA\LOCAL\TEMP\sronmawecx.exe        
8/4/2010 3:41:20 PM    WMI Provider Host    File Anti-Virus    Packed: PE_Patch            C:\USERS\USER\APPDATA\LOCAL\TEMP\sronmawecx.exe        
8/4/2010 3:41:22 PM    sronmawecx.exe    Application Control        Assigned application status        Low Restricted    Heuristically calculated threat rating     
8/4/2010 3:41:24 PM    sronmawecx.exe    Application Control    Allowed: Setting debug privileges    Setting debug privileges            Setting debug privileges    
8/4/2010 3:41:24 PM    sronmawecx.exe    Application Control    Allowed: Setting debug privileges    Setting debug privileges            Setting debug privileges    
8/4/2010 3:41:24 PM    sronmawecx.exe    Application Control    Allowed: Code intrusion    Code intrusion        c:\windows\explorer.exe    Code intrusion    
8/4/2010 3:41:24 PM    sronmawecx.exe    Application Control    Allowed: Code intrusion    Code intrusion        c:\windows\explorer.exe    Code intrusion    
8/4/2010 3:41:28 PM    Windows Command Processor    File Anti-Virus    Detected: Packed.Win32.Krap.ao            C:\USERS\USER\APPDATA\LOCAL\TEMP\amnrwxesoc.exe        
8/4/2010 3:41:28 PM    Kaspersky Internet Security    Protection Center    Threats have been detected                    
8/4/2010 3:41:33 PM    Windows Command Processor    File Anti-Virus    Packed: UPX            C:\USERS\USER\APPDATA\LOCAL\TEMP\sxcmeawrno.exe        
8/4/2010 3:41:34 PM    Windows Command Processor    File Anti-Virus    Packed: UPX            C:\USERS\USER\APPDATA\LOCAL\TEMP\sxcmeawrno.exe        
8/4/2010 3:41:36 PM    Windows Explorer    Web Anti-Virus    Packed: PE_Patch            http://trafok.in/newreleaseversion70700.exe        
8/4/2010 3:41:36 PM    Windows Explorer    Web Anti-Virus    Packed: PE_Patch            http://trafok.in/newreleaseversion70700.exe        
8/4/2010 3:41:40 PM    Windows Command Processor    File Anti-Virus    Packed: PE_Patch.UPX            C:\USERS\USER\APPDATA\LOCAL\TEMP\rwmaeonsxc.exe        
8/4/2010 3:41:40 PM    Windows Command Processor    File Anti-Virus    Packed: UPX            C:\USERS\USER\APPDATA\LOCAL\TEMP\rwmaeonsxc.exe/PE_Patch.UPX        
8/4/2010 3:41:41 PM    Windows Command Processor    File Anti-Virus    Packed: PE_Patch.UPX            C:\USERS\USER\APPDATA\LOCAL\TEMP\rwmaeonsxc.exe        
8/4/2010 3:41:41 PM    Windows Command Processor    File Anti-Virus    Packed: UPX            C:\USERS\USER\APPDATA\LOCAL\TEMP\rwmaeonsxc.exe/PE_Patch.UPX        
8/4/2010 3:41:43 PM    WMI Provider Host    File Anti-Virus    Packed: PE_Patch.UPX            C:\USERS\USER\APPDATA\LOCAL\TEMP\rwmaeonsxc.exe        
8/4/2010 3:41:43 PM    WMI Provider Host    File Anti-Virus    Packed: UPX            C:\USERS\USER\APPDATA\LOCAL\TEMP\rwmaeonsxc.exe/PE_Patch.UPX        
8/4/2010 3:41:47 PM    Windows Explorer    File Anti-Virus    Packed: PE_Patch            C:\USERS\USER\APPDATA\Roaming\B6D140381AC0738E2D583B79DCD20011\newreleaseversion70700.exe        
8/4/2010 3:41:47 PM    rwmaeonsxc.exe    Application Control        Assigned application status        Low Restricted    Heuristically calculated threat rating     
8/4/2010 3:41:50 PM    Windows Explorer    Web Anti-Virus    Packed: PE_Patch            http://trafok.in/newreleaseversion70700.exe        
8/4/2010 3:41:53 PM    rwmaeonsxc.exe    Application Control    Allowed: Using system program interfaces (DNS)    Use DNS caching system for conversion        datastub.com    Using system program interfaces (DNS)    
8/4/2010 3:41:53 PM    rwmaeonsxc.exe    Application Control    Allowed: Using system program interfaces (DNS)    Use DNS caching system for conversion        datastub.com    Using system program interfaces (DNS)    
8/4/2010 3:41:55 PM    rwmaeonsxc.exe    Web Anti-Virus    Packed: PE-Crypt.XorPE            http://datastub.com/files/daily/stpb271b        
8/4/2010 3:41:56 PM    rwmaeonsxc.exe    Web Anti-Virus    Packed: PE-Crypt.XorPE            http://datastub.com/files/daily/stpb271b        
8/4/2010 3:41:56 PM    rwmaeonsxc.exe    Web Anti-Virus    Packed: PE-Crypt.XorPE            http://datastub.com/files/daily/stpb271b        
8/4/2010 3:41:57 PM    rwmaeonsxc.exe    Web Anti-Virus    Packed: PE-Crypt.XorPE            http://datastub.com/files/daily/stpb63e6        
8/4/2010 3:41:57 PM    rwmaeonsxc.exe    Web Anti-Virus    Packed: PE-Crypt.XorPE            http://datastub.com/files/daily/stpb63e6        
8/4/2010 3:41:57 PM    rwmaeonsxc.exe    Web Anti-Virus    Detected: Trojan-Downloader.Win32.Mufanom.zff            http://datastub.com/files/daily/stpb63e6//PE-Crypt.XorPE        
8/4/2010 3:41:57 PM    rwmaeonsxc.exe    Web Anti-Virus    Detected: Trojan-Downloader.Win32.Mufanom.zff            http://datastub.com/files/daily/stpb63e6//PE-Crypt.XorPE        
8/4/2010 3:41:57 PM    rwmaeonsxc.exe    Web Anti-Virus    Denied: Trojan-Downloader.Win32.Mufanom.zff            http://datastub.com/files/daily/stpb63e6//PE-Crypt.XorPE        
8/4/2010 3:41:57 PM    rwmaeonsxc.exe    Web Anti-Virus    Denied: Trojan-Downloader.Win32.Mufanom.zff            http://datastub.com/files/daily/stpb63e6//PE-Crypt.XorPE        
8/4/2010 3:42:04 PM    rwmaeonsxc.exe    Web Anti-Virus    Packed: PE-Crypt.XorPE            http://datastub.com/files/daily/stpd5a27        
8/4/2010 3:42:04 PM    rwmaeonsxc.exe    Web Anti-Virus    Packed: PE-Crypt.XorPE            http://datastub.com/files/daily/stpd5a27        
8/4/2010 3:42:06 PM    rwmaeonsxc.exe    Web Anti-Virus    Packed: PE-Crypt.XorPE            http://datastub.com/files/daily/stpb63e6        
8/4/2010 3:42:06 PM    rwmaeonsxc.exe    Web Anti-Virus    Detected: Trojan-Downloader.Win32.Mufanom.zff            http://datastub.com/files/daily/stpb63e6//PE-Crypt.XorPE        
8/4/2010 3:42:06 PM    rwmaeonsxc.exe    Web Anti-Virus    Denied: Trojan-Downloader.Win32.Mufanom.zff            http://datastub.com/files/daily/stpb63e6//PE-Crypt.XorPE        
8/4/2010 3:42:06 PM    STPD5A27.EXE    Application Control        Assigned application status        Low Restricted    Heuristically calculated threat rating     
8/4/2010 3:42:13 PM    STPD5A27.EXE    Proactive Defense    Detected: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\STPD5A27.EXE        
8/4/2010 3:42:13 PM    STPD5A27.EXE    Proactive Defense    Detected: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\STPD5A27.EXE    Action selected by user    
8/4/2010 3:42:13 PM    STPD5A27.EXE    Proactive Defense    Terminated: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\STPD5A27.EXE    Action selected by user    
8/4/2010 3:42:14 PM    newreleaseversion70700.exe    Application Control        Assigned application status        Low Restricted    Heuristically calculated threat rating     
8/4/2010 3:42:16 PM    newreleaseversion70700.exe    Application Control    Allowed: Using system program interfaces (DNS)    Use DNS caching system for conversion        mystts.in    Using system program interfaces (DNS)    
8/4/2010 3:42:22 PM    STPD5A27.EXE    Proactive Defense    Moved to Quarantine: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\STPD5A27.EXE    Action selected by user    
8/4/2010 3:42:22 PM    rwmaeonsxc.exe    Proactive Defense    Detected: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE        
8/4/2010 3:42:22 PM    rwmaeonsxc.exe    Proactive Defense    Detected: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE    Action selected by user    
8/4/2010 3:42:22 PM    rwmaeonsxc.exe    Proactive Defense    Not terminated: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE    Action selected by user    
8/4/2010 3:42:23 PM    rwmaeonsxc.exe    Proactive Defense    Moved to Quarantine: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE    Action selected by user    
8/4/2010 3:42:42 PM    Kaspersky Anti-Virus GUI Windows part    Application Control        Assigned application status        Trusted    Signed by the digital signature of entrusted manufacturers    
8/4/2010 3:42:50 PM    rwmaeonsxc.exe    Proactive Defense    Moved to Quarantine: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE    Action selected by user    
8/4/2010 3:42:50 PM    rwmaeonsxc.exe    Proactive Defense    Detected: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE        
8/4/2010 3:42:50 PM    rwmaeonsxc.exe    Proactive Defense    Detected: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE    Action selected according to the previous action    
8/4/2010 3:42:50 PM    rwmaeonsxc.exe    Proactive Defense    Not terminated: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE    Action selected according to the previous action    
8/4/2010 3:42:50 PM    rwmaeonsxc.exe    Proactive Defense    Detected: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE        
8/4/2010 3:42:50 PM    rwmaeonsxc.exe    Proactive Defense    Detected: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE    Action selected according to the previous action    
8/4/2010 3:42:50 PM    rwmaeonsxc.exe    Proactive Defense    Not terminated: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE    Action selected according to the previous action    
8/4/2010 3:42:50 PM    rwmaeonsxc.exe    Proactive Defense    Detected: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE        
8/4/2010 3:42:50 PM    rwmaeonsxc.exe    Proactive Defense    Detected: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE    Action selected according to the previous action    
8/4/2010 3:42:50 PM    rwmaeonsxc.exe    Proactive Defense    Not terminated: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE    Action selected according to the previous action    
8/4/2010 3:42:50 PM    STPD5A27.EXE    Proactive Defense    Deleted: PDM.Trojan.generic            C:\USERS\USER\APPDATA\LOCAL\TEMP\STPD5A27.EXE    Action selected by user    
8/4/2010 3:42:53 PM    Kaspersky Internet Security    Protection Center    Detected legal software that can be used by criminals for damaging your computer or personal data                    
8/4/2010 3:42:53 PM    Windows Command Processor    File Anti-Virus    Deleted: Packed.Win32.Krap.ao            C:\USERS\USER\APPDATA\LOCAL\TEMP\amnrwxesoc.exe        
8/4/2010 3:42:53 PM    Windows Command Processor    File Anti-Virus    Packed: UPX            C:\USERS\USER\APPDATA\LOCAL\TEMP\sxcmeawrno.exe        
8/4/2010 3:42:53 PM    Windows Command Processor    File Anti-Virus    Detected: Backdoor.Win32.VB.lvn            C:\USERS\USER\APPDATA\LOCAL\TEMP\sxcmeawrno.exe/UPX        
8/4/2010 3:42:53 PM    Kaspersky Internet Security    Protection Center    Threats have been detected                    
8/4/2010 3:42:54 PM    Kaspersky Internet Security    Protection Center    Detected legal software that can be used by criminals for damaging your computer or personal data                    
8/4/2010 3:42:54 PM    Windows Command Processor    File Anti-Virus    Deleted: Backdoor.Win32.VB.lvn            C:\USERS\USER\APPDATA\LOCAL\TEMP\sxcmeawrno.exe        
8/4/2010 3:43:28 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache7093163397127071610.tmp/Main.class        
8/4/2010 3:43:28 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache8710550426548647426.tmp/Main.class        
8/4/2010 3:43:28 PM    Kaspersky Internet Security    Protection Center    Detected: HEUR:Exploit.Script.Generic            C:\Documents and Settings\user\AppData\Local\Temp\nps3471.tmp/data0000        
8/4/2010 3:45:02 PM    newreleaseversion70700.exe    Application Control    Allowed: Using system program interfaces (DNS)    Use DNS caching system for conversion        user-PC    Using system program interfaces (DNS)    
8/4/2010 3:45:41 PM    newreleaseversion70700.exe    Self-Defense    Denied    Modify        Device\HarddiskVolume2\Windows\System32\klogon.dll        
8/4/2010 3:47:03 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache7093163397127071610.tmp/Main.class        
8/4/2010 3:47:03 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache8710550426548647426.tmp/Main.class        
8/4/2010 3:47:03 PM    Kaspersky Internet Security    Protection Center    Detected: HEUR:Exploit.Script.Generic            C:\Documents and Settings\user\AppData\Local\Temp\nps3471.tmp/data0000        
8/4/2010 3:50:05 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache7093163397127071610.tmp/Main.class        
8/4/2010 3:50:05 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache8710550426548647426.tmp/Main.class        
8/4/2010 3:50:05 PM    Kaspersky Internet Security    Protection Center    Detected: HEUR:Exploit.Script.Generic            C:\Documents and Settings\user\AppData\Local\Temp\nps3471.tmp/data0000        
8/4/2010 3:50:24 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache7093163397127071610.tmp/Main.class        
8/4/2010 3:50:24 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache8710550426548647426.tmp/Main.class        
8/4/2010 3:50:24 PM    Kaspersky Internet Security    Protection Center    Detected: HEUR:Exploit.Script.Generic            C:\Documents and Settings\user\AppData\Local\Temp\nps3471.tmp/data0000        
8/4/2010 3:50:32 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache7093163397127071610.tmp/Main.class        
8/4/2010 3:50:32 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache8710550426548647426.tmp/Main.class        
8/4/2010 3:50:32 PM    Kaspersky Internet Security    Protection Center    Detected: HEUR:Exploit.Script.Generic            C:\Documents and Settings\user\AppData\Local\Temp\nps3471.tmp/data0000        
8/4/2010 3:50:42 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache7093163397127071610.tmp/Main.class        
8/4/2010 3:50:42 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache8710550426548647426.tmp/Main.class        
8/4/2010 3:50:42 PM    Kaspersky Internet Security    Protection Center    Detected: HEUR:Exploit.Script.Generic            C:\Documents and Settings\user\AppData\Local\Temp\nps3471.tmp/data0000        
8/4/2010 3:51:54 PM    Windows Explorer    Web Anti-Virus    Packed: PE_Patch            http://trafok.in/newreleaseversion70700.exe        
8/4/2010 3:51:57 PM    Windows Explorer    Web Anti-Virus    Packed: PE_Patch            http://trafok.in/newreleaseversion70700.exe        
8/4/2010 3:52:10 PM    Windows Explorer    File Anti-Virus    Packed: PE_Patch            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\3EEVV04F\newreleaseversion70700[1].exe        
8/4/2010 3:52:18 PM    ONLYWIREWINDOWS.EXE    Application Control        Assigned application status        Low Restricted    Heuristically calculated threat rating     
8/4/2010 3:52:28 PM    Windows Explorer    File Anti-Virus    Packed: PE_Patch            C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\3EEVV04F\newreleaseversion70700[2].exe        
8/4/2010 3:54:27 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://static.ak.fbcdn.net/rsrc.php/z6D2S/hash/c729bxo3.swf        
8/4/2010 3:55:29 PM    Kaspersky Internet Security    Update Center    Task started            Update Center        
8/4/2010 3:57:27 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://img-cdn.mediaplex.com/0/3992/techtips_388_redhead_300x250.swf        
8/4/2010 3:57:33 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://img-cdn.mediaplex.com/0/3992/crucial_300x250_windows7_fix.swf        
8/4/2010 3:57:43 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_00008c        
8/4/2010 3:57:49 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_000090        
8/4/2010 3:59:12 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache7093163397127071610.tmp/Main.class        
8/4/2010 3:59:12 PM    Kaspersky Internet Security    Protection Center    Detected: Exploit.Java.CVE-2009-3867.d            C:\Documents and Settings\user\AppData\Local\Temp\jar_cache8710550426548647426.tmp/Main.class        
8/4/2010 3:59:12 PM    Kaspersky Internet Security    Protection Center    Detected: HEUR:Exploit.Script.Generic            C:\Documents and Settings\user\AppData\Local\Temp\nps3471.tmp/data0000        
8/4/2010 3:59:17 PM    Kaspersky Internet Security    Update Center    Task completed            Update Center        
8/4/2010 3:59:47 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_00008c        
8/4/2010 4:01:15 PM    Windows Explorer    File Anti-Virus    Packed: PE_Patch.UPX            C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe        
8/4/2010 4:01:16 PM    Windows Explorer    File Anti-Virus    Packed: UPX            C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe/PE_Patch.UPX        
8/4/2010 4:01:18 PM    HijackThis    Application Control        Assigned application status        Trusted    Listed in the database of known software    
8/4/2010 4:02:19 PM    Windows Explorer    File Anti-Virus    Packed: PE_Patch            C:\USERS\USER\APPDATA\Roaming\B6D140381AC0738E2D583B79DCD20011\newreleaseversion70700.exe        
8/4/2010 4:02:37 PM    Java(TM) Platform SE binary    Application Control        Assigned application status        Trusted    Listed in the database of known software    
8/4/2010 4:02:48 PM    Java(TM) Platform SE binary    Application Control        Assigned application status        Trusted    Listed in the database of known software    
8/4/2010 4:02:49 PM    Java(TM) Platform SE binary    Application Control    Allowed: Using system program interfaces (DNS)    Use DNS caching system for conversion        user-PC    Using system program interfaces (DNS)    
8/4/2010 4:02:55 PM    Java(TM) Platform SE binary    Application Control    Allowed: Using system program interfaces (DNS)    Use DNS caching system for conversion        user-PC    Using system program interfaces (DNS)    
8/4/2010 4:03:04 PM    Wireshark    Application Control        Assigned application status        Trusted    Listed in the database of known software    
8/4/2010 4:03:11 PM    Extended Copy Utility    Application Control        Assigned application status        Trusted    Signed by the digital signature of entrusted manufacturers    
8/4/2010 4:03:24 PM    Dumpcap    Application Control        Assigned application status        Trusted    Listed in the database of known software    
8/4/2010 4:03:41 PM    Unknown    Application Control    Allowed: Start driver    Start driver        C:\WINDOWS\SYSTEM32\DRIVERS\NPF.SYS    Start driver    
8/4/2010 4:09:22 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://s0.2mdn.net/1196992/PID_1266070_twc_xml_tri_gen2_q210_728x90_shell.swf        
8/4/2010 4:09:23 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://s0.2mdn.net/1196992/PID_1266076_twc_xml_dbl_gen1_q210_300x250_shell.swf        
8/4/2010 4:09:24 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://s0.2mdn.net/1196992/PID_1266077_twc_xml_tri_gen1_q210_160x600_shell.swf        
8/4/2010 4:09:25 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://s0.2mdn.net/1196992/PID_1266071_twc_xml_dbl_gen2_q210_300x250_shell.swf        
8/4/2010 4:09:28 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://s0.2mdn.net/1196992/PID_1266077_twc_xml_tri_gen1_q210_160x600.swf        
8/4/2010 4:09:28 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://s0.2mdn.net/1196992/PID_1266070_twc_xml_tri_gen2_q210_728x90.swf        
8/4/2010 4:09:28 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://s0.2mdn.net/1196992/PID_1266076_twc_xml_dbl_gen1_q210_300x250.swf        
8/4/2010 4:09:29 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://s0.2mdn.net/1196992/PID_1266071_twc_xml_dbl_gen2_q210_300x250.swf        
8/4/2010 4:09:44 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_0000a2        
8/4/2010 4:09:44 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_0000a3        
8/4/2010 4:09:44 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_0000a4        
8/4/2010 4:09:45 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_0000a5        
8/4/2010 4:10:18 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://pagead2.googlesyndication.com/pagead/imgad?id=CKbUldymqa_bXxDYBRhaMgjF6INS4H_xCA        
8/4/2010 4:10:21 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://speed.pointroll.com/PointRoll/Media/Panels/Johnson&Johnson/702043/728x90_staring_pnl_8210_r01_fh.swf?PRCampID=35242&PRPubID=ggle&PRAdSize=728x90&PRFormat=PO        
8/4/2010 4:10:22 PM    Google Chrome    Web Anti-Virus    Packed: Swf2Swc            http://speed.pointroll.com/PointRoll/Media/Panels/Johnson&Johnson/702043/video_p.swf        
8/4/2010 4:10:34 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_0000a8        
8/4/2010 4:10:37 PM    Google Chrome    File Anti-Virus    Packed: Swf2Swc            C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\User Data\Default\Cache\f_0000aa





Heres the second AV log (ACTION LOG)






CODE
Infected (18)    
8/4/2010 3:41:57 PM    Infected    Trojan program Trojan-Downloader.Win32.Mufanom.zff    http://datastub.com/files/daily/stpb63e6//PE-Crypt.XorPE    High    
8/4/2010 3:42:50 PM    Infected    legal software that can be used by criminals for damaging your computer or personal data PDM.Trojan.generic    C:\USERS\USER\APPDATA\LOCAL\TEMP\RWMAEONSXC.EXE    High    
Quarantined (7)    
7/7/2010 4:06:29 AM    Quarantined    virus HEUR:Exploit.Script.Generic    C:\Documents and Settings\user\AppData\Local\Temp\jar_cache7093163397127071610.tmp    High    
7/8/2010 3:02:42 AM    Quarantined    virus HEUR:Exploit.Script.Generic    C:\Documents and Settings\user\AppData\Local\Temp\jar_cache8710550426548647426.tmp    High    
7/8/2010 3:02:42 AM    Quarantined    Trojan program Exploit.Java.CVE-2009-3867.d    C:\Documents and Settings\user\AppData\Local\Temp\jar_cache8710550426548647426.tmp/Main.class    High    
7/7/2010 4:06:29 AM    Quarantined    Trojan program Exploit.Java.CVE-2009-3867.d    C:\Documents and Settings\user\AppData\Local\Temp\jar_cache7093163397127071610.tmp/Main.class    High    
7/8/2010 3:02:42 AM    Quarantined    virus HEUR:Exploit.Script.Generic    C:\Documents and Settings\user\AppData\Local\Temp\nps3471.tmp    High    
7/8/2010 3:02:42 AM    Quarantined    virus HEUR:Exploit.Script.Generic    C:\Documents and Settings\user\AppData\Local\Temp\nps3471.tmp//data0000    High    
8/4/2010 3:42:22 PM    Quarantined    legal software that can be used by criminals for damaging your computer or personal data PDM.Trojan.generic    C:\USERS\USER\APPDATA\LOCAL\TEMP\STPD5A27.EXE    High    
Clean (2)    
8/4/2010 3:43:28 PM    Clean    Trojan program Exploit.JS.Pdfka.ckg    C:\Documents and Settings\user\AppData\Local\Temp\npsC4B0.tmp    High    
8/4/2010 3:47:03 PM    Clean    Trojan program Exploit.JS.Pdfka.ckg    C:\Documents and Settings\user\AppData\Local\Temp\npsC4B0.tmp//data0000    High    
Deleted (36)    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.JS.Pdfka.ckm    C:\Documents and Settings\user\AppData\Local\Temp\npsAC84.tmp    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.JS.Pdfka.ckm    C:\Documents and Settings\user\AppData\Local\Temp\npsAC84.tmp//data0000    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4a808d8a-7971b43e/myf/y/AppletX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-2e5d0613/vmain.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Trojan-Downloader.Java.OpenStream.ad    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4a808d8a-7971b43e/myf/y/PayloadX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7d8dde4c-5b539122/myf/y/AppletX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Trojan-Downloader.Java.Agent.ay    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7d8dde4c-5b539122/myf/y/LoaderX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Trojan-Downloader.Java.Agent.ay    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7d8dde4c-5b539122/myf/y/PayloadX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\770d4854-580d22d0/myf/y/AppletX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Trojan-Downloader.Java.OpenStream.ad    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\770d4854-580d22d0/myf/y/PayloadX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\b03b0d9-27008c06/myf/y/AppletX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Trojan-Downloader.Java.Agent.ay    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\b03b0d9-27008c06/myf/y/LoaderX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Trojan-Downloader.Java.Agent.ay    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\b03b0d9-27008c06/myf/y/PayloadX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-7dc4e08a/vmain.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\13053a1-4d761287/AppletX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\13053a1-73beca81/AppletX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\29a499c4-4be5899f/dev/s/AdgredY.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Trojan-Downloader.Java.Agent.ax    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\29a499c4-4be5899f/dev/s/DyesyasZ.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Trojan-Downloader.Java.Agent.ax    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\29a499c4-4be5899f/dev/s/LoaderX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\253cc5f1-7dc93d9b/AppletX.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Trojan-Downloader.Java.OpenConnection.at    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6b800f31-7eaf12af/vlocal.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6b800f31-7eaf12af/vmain.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\9b47178-5b4fb2ec/vmain.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1c3eaf07-558436ee/dev/s/AdgredY.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Trojan-Downloader.Java.Agent.ax    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1c3eaf07-558436ee/dev/s/DyesyasZ.class    High    
8/4/2010 3:47:03 PM    Deleted    Trojan program Trojan-Downloader.Java.Agent.ax    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1c3eaf07-558436ee/dev/s/LoaderX.class    High    
8/4/2010 3:42:53 PM    Deleted    Trojan program Packed.Win32.Krap.ao    C:\Users\user\AppData\Local\Temp\amnrwxesoc.exe    High    
8/4/2010 3:42:54 PM    Deleted    Trojan program Backdoor.Win32.VB.lvn    C:\Users\user\AppData\Local\Temp\sxcmeawrno.exe    High    
8/4/2010 3:42:54 PM    Deleted    Trojan program Backdoor.Win32.VB.lvn    C:\Users\user\AppData\Local\Temp\sxcmeawrno.exe//UPX    High    
Disinfected (16)    
8/4/2010 3:47:03 PM    Disinfected    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4a808d8a-7971b43e    High    
8/4/2010 3:47:03 PM    Disinfected    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-2e5d0613    High    
8/4/2010 3:47:03 PM    Disinfected    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7d8dde4c-5b539122    High    
8/4/2010 3:47:03 PM    Disinfected    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\770d4854-580d22d0    High    
8/4/2010 3:47:03 PM    Disinfected    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\b03b0d9-27008c06    High    
8/4/2010 3:47:03 PM    Disinfected    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-7dc4e08a    High    
8/4/2010 3:47:03 PM    Disinfected    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\13053a1-4d761287    High    
8/4/2010 3:47:03 PM    Disinfected    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\13053a1-73beca81    High    
8/4/2010 3:47:03 PM    Disinfected    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\29a499c4-4be5899f    High    
8/4/2010 3:47:03 PM    Disinfected    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\253cc5f1-7dc93d9b    High    
8/4/2010 3:47:03 PM    Disinfected    Trojan program Trojan-Downloader.Java.OpenConnection.at    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6b800f31-7eaf12af    High    
8/4/2010 3:47:03 PM    Disinfected    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\9b47178-5b4fb2ec    High    
8/4/2010 3:47:03 PM    Disinfected    Trojan program Exploit.Java.Agent.f    C:\Documents and Settings\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1c3eaf07-558436ee    High


"C:\Windows\is-8LAEE.exe" /REG from Current/Run is also freaking me out, so Im going to remove it. (cant find any info on it) Hopefully thats the end of it, I may need to check for rootkit as well?

Well... kaspersky didnt quarantine everything, and was really curious on how much it got. I noticed it did finally quarantine some files, but Alot of files were already installed on my comp before it got quarantined. Not sure how much damage was there. After looking around I suspect AntiMalware is not severe as I initially thought?

But anyways, Id like to get more info from you pros. Thanks

Edited by boopme, 04 August 2010 - 10:15 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Malware Response Team
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:09 AM

Posted 13 August 2010 - 07:09 AM

Hello james9999

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users