Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91818 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved]áMultiple issues


  • This topic is locked This topic is locked
14 replies to this topic

#1 pastimage

pastimage

    Authentic Member

  • Authentic Member
  • PipPip
  • 121 posts

Posted 23 October 2009 - 01:17 PM

Hey guys I have my neighbors computer and need to have it looked at. I was able to get it running enough to get here and a few things working.
I have used the full smitfraud fix from the self help thread and that did do some good and ran the atf cleaner. Larry/LDTate has helpped me a lot in the past as have a couple of other guys that had a lot of knowledge. I am looking for that same help again please!
here are the logs:
SmitFraudFix v2.424

Scan done at 13:31:53.60, Fri 10/23/2009
Run from C:\Documents and Settings\Catina Scarlett\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ hosts


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\Web


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system32


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system32\LogFiles


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Documents and Settings\Catina Scarlett


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\DOCUME~1\CATINA~1\LOCALS~1\Temp


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Documents and Settings\Catina Scarlett\Application Data


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Start Menu


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\DOCUME~1\CATINA~1\FAVORI~1


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Desktop


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Program Files


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Corrupted keys


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 68.87.68.166
DNS Server Search Order: 68.87.74.166

HKLM\SYSTEM\CCS\Services\Tcpip\..\{42CCFC8A-BFD3-4FD5-819A-9430C9CA5DA5}: DhcpNameServer=68.87.68.166 68.87.74.166
HKLM\SYSTEM\CS1\Services\Tcpip\..\{42CCFC8A-BFD3-4FD5-819A-9430C9CA5DA5}: DhcpNameServer=68.87.68.166 68.87.74.166
HKLM\SYSTEM\CS2\Services\Tcpip\..\{42CCFC8A-BFD3-4FD5-819A-9430C9CA5DA5}: DhcpNameServer=68.87.68.166 68.87.74.166
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.166 68.87.74.166
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.166 68.87.74.166
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.166 68.87.74.166


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Scanning for wininet.dll infection


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ End

SmitFraudFix v2.424

Scan done at 13:51:21.71, Fri 10/23/2009
Run from C:\Documents and Settings\Catina Scarlett\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Killing process


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ hosts


127.0.0.1 localhost

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Generic Renos Fix

GenericRenosFix by S!Ri


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Deleting infected files


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ RK


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ DNS



╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Deleting Temp Files


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ RK.2



╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Registry Cleaning

Registry Cleaning done.

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ End
Malwarebytes' Anti-Malware 1.41
Database version: 3019
Windows 5.1.2600 Service Pack 2

10/23/2009 12:37:38 PM
mbam-log-2009-10-23 (12-37-27).txt

Scan type: Quick Scan
Objects scanned: 125544
Time elapsed: 31 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 154
Registry Values Infected: 12
Registry Data Items Infected: 7
Folders Infected: 84
Files Infected: 350

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\nunbj.dll (Trojan.Downloader) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{314f88d6-80ce-408a-9e8f-b2389b81e8b8} (Rogue.Multiple) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7a7f202e-af91-4889-9dd5-2fe241085cc1} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{faad2038-c371-473d-86f1-5b11d39c3775} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Trojan.Banker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{19b8572f-894f-41e0-9309-00091b688905} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4ad3a71e-8ed4-40f5-9a81-69245bdcbb75} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{932f0047-2e1c-48b0-882c-0989afbc0b76} (Rogue.DriveCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2b9584c5-f3ec-4256-aa96-6202ba27fe99} (Rogue.DriveCleaner) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1ac15a0c-4e70-419f-8bfa-266624b490ed} (Rogue.DriveCleaner) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea3-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\System90 (Backdoor.Bifrose) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\System90 (Backdoor.Bifrose) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mfc64 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShopGuide (Adware.Rewardnet) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopGuide (Adware.Rewardnet) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_CLASSES_ROOT\AppID\PG.dll (Rogue.WinSecureAv) -> No action taken.
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ExplorerWAS (Rogue.WinAntiSpyware) -> No action taken.
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ExplorerWAS (Rogue.WinAntiSpyware) -> No action taken.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BndDrive (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\drivecleaner freeware (Rogue.DriveCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\IEAntiVirus (Rogue.IEAntiVirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MalwareAlarm (Rogue.Malware.Alarm) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\LJNCYBak (Password.Stealer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\platriumsa (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TrafficEngine (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Accoona (Adware.Accoona) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirusPro (Rogue.AntiVirusPro) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\drivecleaner freeware (Rogue.DriveCleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoTrace (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RTVSCN95 (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tftp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZAPS.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hpstp (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kbdbr32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlatriumSA (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideHelp (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UAVIEN_is1 (Rogue.Menace.Rescue) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ugcw (Rogue.WinSecureAv) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Services\Jiox68 (Trojan.Srizbi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FMTR (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Bvak62 (Trojan.Srizbi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CbEvbSvc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cqhcyenc (Rootkit.Sentinel) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Dxl63 (Trojan.Srizbi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Fue00 (Trojan.Spammer) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Fybq68 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\glaide32 (Rootkit.Rustock) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Heh36 (Trojan.Srizbi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Hghk48 (Trojan.Srizbi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Hxc50 (Trojan.Srizbi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Iqp55 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Jflh46 (Trojan.Srizbi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\K4hostEL (Worm.AutoRun) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ltc42 (Trojan.Srizbi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msiupdata (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Nitd49 (Trojan.Srizbi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rly50 (Trojan.Srizbi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sej27 (Trojan.Srizbi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sne31 (Trojan.Srizbi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winmgmtSENS (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Wrxy74 (Trojan.Srizbi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Xfnl38 (Trojan.Srizbi) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.SpyGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe) Good: (Userinit.exe) -> No action taken.

Folders Infected:
C:\Documents and Settings\Catina Scarlett\Application Data\DriveCleaner Freeware (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Application Data\DriveCleaner Freeware\Logs (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\Cory Burroughs\Application Data\DriveCleaner Freeware (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\Cory Burroughs\Application Data\DriveCleaner Freeware\Logs (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\buttons (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\contexts (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Games (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Manager (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\PopupBlocker (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Reference (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\ScreenSavers (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\SmileyTown (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\System Doctor Free (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\System Doctor Free\Data (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SystemDoctor (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Application Data\SystemDoctor (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Application Data\SystemDoctor\Logs (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Application Data\SystemDoctor Free (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Application Data\SystemDoctor Free\Logs (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Cory Burroughs\Application Data\SystemDoctor (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Cory Burroughs\Application Data\SystemDoctor\Logs (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\Common Files\DriveCleaner Freeware (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\img (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\IEAntiVirus (Rogue.IEAntiVirus) -> No action taken.
C:\Program Files\InetGet2 (Trojan.Downloader) -> No action taken.
C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\5.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\6.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Search (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\5.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\6.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> No action taken.
C:\Program Files\Outerinfo (Adware.PurityScan) -> No action taken.
C:\Program Files\Outerinfo\FF (Adware.PurityScan) -> No action taken.
C:\Program Files\Outerinfo\FF\components (Adware.PurityScan) -> No action taken.
C:\Program Files\Registry Defender (Rogue.Registry.Defender) -> No action taken.
C:\Program Files\Registry Defender\backup (Rogue.Registry.Defender) -> No action taken.
C:\Program Files\SystemDoctor (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\WinPop (Adware.WinPop) -> No action taken.
C:\Program Files\XP AntiVirus (Rogue.XPantiVirus) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner Freeware (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Start Menu\Programs\MalwareAlarm (Rogue.Malware.Alarm) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Start Menu\Programs\Outerinfo (Malware.Trace) -> No action taken.
C:\UGA6P (Rogue.Multiple) -> No action taken.
C:\UGA6P\Quar (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Start Menu\XP Antivirus 2008 (Rogue.XPantiVirus) -> No action taken.
C:\WINDOWS\SYSTEM32\f02WtR (Malware.Trace) -> No action taken.

Files Infected:
C:\WINDOWS\SYSTEM32\nunbj.dll (Trojan.Downloader) -> No action taken.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\SYSTEM32\wpv1511.cpx (Worm.Spambot) -> No action taken.
C:\WINDOWS\SYSTEM32\dmram.sys (Trojan.Goldun) -> No action taken.
C:\WINDOWS\system32\Drivers\RQMVNVSS.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\Temp\1448169319exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\1457398159exe. 1680 (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\1756482243exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\1916391718exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\826558652exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Cory Burroughs\Local Settings\Temp\34.tmp.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6OTF6CN0\m190[1].exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MSH39E3X\vwipxspxw[1].exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Application Data\DriveCleaner Freeware\Logs\update.log (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\Cory Burroughs\Application Data\DriveCleaner Freeware\Logs\update.log (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\contexts\Travel.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Games\GamesOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Games\GamesOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Reference\ReferenceOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\ScreenSavers\ScreenSaversOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\ScreenSavers\ScreenSaversOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\SmileyTown\SmileyTownOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\System Doctor Free\Data\hours (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\System Doctor Free\Data\ProductCode (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Application Data\SystemDoctor\Logs\Activate.log (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Application Data\SystemDoctor\Logs\update.log (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Application Data\SystemDoctor Free\Logs\update.log (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Cory Burroughs\Application Data\SystemDoctor\Logs\update.log (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Activate.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\atl71.dll (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\AV.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\bnlink.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\diagnosis.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\err.log (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\errors.log (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\InstHelp.exe (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\lapv.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\license.rtf (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\manual.url (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\mfc71.dll (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\msvcp71.dll (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\msvcr71.dll (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\pv.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\readme.rtf (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\remnag.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\ScanReport.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Schedule.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\sr.log (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\support.url (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\UDC.dmp (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\UDC.xml (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\UDC6.url (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\UDCPChk.dll (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\unins000.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\unins000.exe (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\uninstall.ico (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\UninstallPage.html (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\up.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\updater.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\vbpv.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\AE_CD_Cr.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\AReadr4.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\AReadr5.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\ASDSEEpv.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\ASPack.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\Babylon.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\BDelphi5.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\CatchUp.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\CBuildr5.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\CCGA.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\CManager.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\CuteFTP4.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\CuteHTML.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\DAcceler.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\DiscJug.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\ECDCreat4.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\Far.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\FFTsks.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\FlashFXP.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\FrntPage.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\FrontPEx.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\FtpEXP.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\FtpVoya.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\GetRight.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\GoZilla.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\GravMRU.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\HomeSite.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\HotDogPr.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\H_TxtPad.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\IconExtr.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\iMesh.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\ImgReady3.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\InsShExp.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\JASC_P_P.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\KaZaA.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\LView.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MacDir.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MacDrWea.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MicAng.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MicDes.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MMUnDisk.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MM_CON.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\Morpheus.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MPaint.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MPicPub.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MPImaGal.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MSExplorer.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MSoffice.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MSRegEdit.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MSWMP.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\MSWordPad.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\Nero.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\NetShow.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\NTBackup.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\pfilelst.xda (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\PhotShel.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\PHPCoder.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\PowerZIP.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\RapidBr.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\RealAuPl.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\RealDown.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\SecurCRT.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\SL_BlWin.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\SmartClr.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\Sonique.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\StuffIt.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\TelepPro.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\UGifAnim.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\UltraEd.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\UMedStud.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\UPhImpV.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\UPhotoEx.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\UVidStud.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\VNC.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\WebFeret.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\WebReap.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\WinACE.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\WinGate.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\WinRAR.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\WinZIP.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\WiseInst.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\wordslst.xda (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\YahooPl.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\Appbase\ZipMagic.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\img\button.gif (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\img\button2.gif (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\img\header.gif (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\img\logo.gif (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\img\spacer.gif (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\img\top1.jpg (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\img\top2.jpg (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Freeware\img\top_line.gif (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\IEAntiVirus\ieav.db2 (Rogue.IEAntiVirus) -> No action taken.
C:\Program Files\IEAntiVirus\ieav.db3 (Rogue.IEAntiVirus) -> No action taken.
C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\MalwareAlarm0.ma (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\mfc71.dll (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\msvcp71.dll (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\msvcr71.dll (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\pv.dat (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\up.dat (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\6.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001AAB64 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001CD912.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001CE130.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001CF2D3.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001D0245.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001D0CA5.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001D1724.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001D2CDF.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001D3839.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001FCDE8.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0025D676 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\004ED3B0 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0058CB33 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0058FB5B (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\005BF300.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\005C06F5.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\005C1230.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\005C1993.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\005C2173.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\005C399E.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0060DFCE.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0060E7DC.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00C0CB29 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Search\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Outerinfo\Terms.rtf (Adware.PurityScan) -> No action taken.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.PurityScan) -> No action taken.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.PurityScan) -> No action taken.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.PurityScan) -> No action taken.
C:\Program Files\Registry Defender\report.csv (Rogue.Registry.Defender) -> No action taken.
C:\Program Files\Registry Defender\backup\11_1_2007.reg (Rogue.Registry.Defender) -> No action taken.
C:\Program Files\Registry Defender\backup\11_6_2007.reg (Rogue.Registry.Defender) -> No action taken.
C:\Program Files\SystemDoctor\main.exe (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\SystemDoctor\st.dat (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner Freeware\DriveCleaner HomePage.lnk (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner Freeware\DriveCleaner Online Manual.lnk (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner Freeware\DriveCleaner Online Support.lnk (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner Freeware\Uninstall DriveCleaner.lnk (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Start Menu\Programs\MalwareAlarm\MalwareAlarm.lnk (Rogue.Malware.Alarm) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Start Menu\Programs\MalwareAlarm\Uninstall.lnk (Rogue.Malware.Alarm) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk (Rogue.XPantiVirus) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Desktop\IE AntiVirus 3.3.lnk (Rogue.IEAntiVirus) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Desktop\XP Antivirus 2008.lnk (Rogue.XPantiVirus) -> No action taken.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Start Menu\Programs\IE AntiVirus 3.3.lnk (Rogue.IEAntiVirus) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk (Rogue.XPantiVirus) -> No action taken.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\dlds8.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\f3PSSavr.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\k86.bin (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\SYSTEM32\kr_done1 (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
C:\WINDOWS\SYSTEM32\vx.tll (Malware.Trace) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Catina Scarlett\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\b128.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\casinoprophet.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\wr.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\xpupdate.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk (Rootkit.Agent) -> No action taken.
______________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:01 PM, on 10/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O18 - Filter hijack: text/html - {1aefba4e-677a-45f0-9ef5-3477a721de68} - C:\WINDOWS\system32\msiebbar.dll
O20 - Winlogon Notify: reset5e - reset5e.dll (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5373 bytes

Edited by pastimage, 23 October 2009 - 01:19 PM.

Killer of Windoze

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 25 October 2009 - 04:15 PM

:welcome:

All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

You had Malwarebytes set to TAKE NO ACTION, which didn't accomplish much, do it this way

Please download Malwarebytes' Anti-Malware from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please




Please download RootRepeal one of these locations and save it to your desktop
Here
Here
Here
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check just these boxes:
  • Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:, and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#3 pastimage

pastimage

    Authentic Member

  • Authentic Member
  • PipPip
  • 121 posts

Posted 25 October 2009 - 07:33 PM

Hello Ken 545,
Thank you for being so swift. I actually did have it set to remove selected so I am not sure as to why it shows no action was taken. here are the new logs you wanted and I am about to start on the last to do item and will post after that too.

HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:02 PM, on 10/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O18 - Filter hijack: text/html - {1aefba4e-677a-45f0-9ef5-3477a721de68} - C:\WINDOWS\system32\msiebbar.dll
O20 - Winlogon Notify: reset5e - reset5e.dll (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 4524 bytes

MBAM:
Malwarebytes' Anti-Malware 1.41
Database version: 3033
Windows 5.1.2600 Service Pack 2

10/25/2009 9:03:45 PM
mbam-log-2009-10-25 (21-03-45).txt

Scan type: Quick Scan
Objects scanned: 126531
Time elapsed: 27 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

last item: However I should note that R.R. did give an error that says "Error: invalid PE image found." Do not know what that means.
ROOTREPEAL ę AD, 2007-2009
==================================================
Scan Start Time: 2009/10/25 21:35
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF080A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF97A2000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF0604000 Size: 49152 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xF909E000 Size: 81920 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0939040

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0935930

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0940a80

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0939510

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf093f870

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf093faa0

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0942fd0

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0939600

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0935f20

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf09416e0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0941440

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf093f580

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf09418b0

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0935d70

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf093f350

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf093f150

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0942250

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0941cb0

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0938c00

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0942080

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0939220

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0936120

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0941140

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf093fcd0

==EOF==

Edited by pastimage, 25 October 2009 - 08:03 PM.

Killer of Windoze


#4 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 October 2009 - 02:21 AM

Hi,

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)

O18 - Filter hijack: text/html - {1aefba4e-677a-45f0-9ef5-3477a721de68} - C:\WINDOWS\system32\msiebbar.dll

O20 - Winlogon Notify: reset5e - reset5e.dll (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe




Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.




Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#5 pastimage

pastimage

    Authentic Member

  • Authentic Member
  • PipPip
  • 121 posts

Posted 26 October 2009 - 01:46 PM

Hi,

ComboFix 09-10-25.02 - Catina Scarlett 10/26/2009 9:49.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.96 [GMT -4:00]
Running from: c:\documents and settings\Catina Scarlett\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Catina Scarlett\err.log
c:\documents and settings\Catina Scarlett\ResErrors.log
c:\documents and settings\Cory Burroughs\Application Data\HbTools
c:\documents and settings\Cory Burroughs\err.log
c:\documents and settings\Cory Burroughs\ResErrors.log
c:\program files\Common Files\crosof~1.net
c:\program files\Common Files\dobe~1
c:\program files\Common Files\ecurit~1
c:\program files\Common Files\icroso~1.net
c:\program files\Common Files\wnsxs~1
c:\program files\Common Files\ystem3~1
c:\program files\Common
c:\program files\crosof~1
c:\program files\crosof~1.net
c:\program files\dobe~1
c:\program files\ecurit~1
c:\program files\INSTALL.LOG
c:\program files\mantec~1
c:\program files\mantec~1\??mantec\ctxad-570.0000
c:\program files\mantec~1\??mantec\ctxad-570.0001
c:\program files\mantec~1\??mantec\ctxad-570.0002
c:\program files\mantec~1\??mantec\ctxad-570.0003
c:\program files\mantec~1\??mantec\ctxad-570.0004
c:\program files\mantec~1\??mantec\ctxad-570.0005
c:\program files\mantec~1\??mantec\ctxad-570.0006
c:\program files\wnsxs~1
c:\temp\fse
c:\temp\tn3
c:\windows\crosof~1.net
c:\windows\dobe~1
c:\windows\Downloaded Program Files\Install.inf
c:\windows\fnts~1
c:\windows\ppatch~1
c:\windows\ppatch~1\??pPatch\ctxad-555.0000
c:\windows\ppatch~1\??pPatch\ctxad-555.0001
c:\windows\ppatch~1\??pPatch\ctxad-555.0002
c:\windows\ppatch~1\??pPatch\ctxad-555.0003
c:\windows\ppatch~1\??pPatch\ctxad-555.0004
c:\windows\ppatch~1\??pPatch\ctxad-555.0005
c:\windows\ppatch~1\??pPatch\ctxad-555.0006
c:\windows\smante~1
c:\windows\system32\cfg.dat
c:\windows\system32\crosof~1.net
c:\windows\system32\dobe~1
c:\windows\system32\drivers\fad.sys
c:\windows\system32\icroso~1
c:\windows\system32\icroso~1.net
c:\windows\system32\iefltr.dll
c:\windows\system32\scurit~1
c:\windows\system32\sks~1
c:\windows\system32\ssembl~1
c:\windows\system32\sstem~1
c:\windows\system32\stem~1
c:\windows\system32\tmp.reg
c:\windows\system32\ymbols~1
c:\windows\system32\ystem~1
c:\windows\wiaservv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CORE
-------\Legacy_FCI


((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-26 02:22 . 2009-02-16 04:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-24 02:40 . 2009-10-24 02:40 -------- d-----w- c:\documents and settings\Cory Burroughs\Application Data\Malwarebytes
2009-10-24 01:06 . 2009-10-24 01:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-23 23:50 . 2009-10-23 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier
2009-10-23 23:49 . 2009-10-26 02:23 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-23 23:49 . 2008-07-09 13:05 75248 ----a-w- c:\windows\zllsputility.exe
2009-10-23 23:48 . 2009-02-16 04:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-10-23 23:48 . 2009-02-16 04:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-10-23 23:48 . 2009-10-26 13:17 -------- d-----w- c:\windows\system32\ZoneLabs
2009-10-23 23:48 . 2009-10-23 23:48 -------- d-----w- c:\program files\Zone Labs
2009-10-23 23:45 . 2009-10-26 14:05 -------- d-----w- c:\windows\Internet Logs
2009-10-23 19:21 . 2009-10-23 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-23 18:38 . 2009-10-23 18:38 -------- d-----w- c:\program files\Trend Micro
2009-10-23 17:44 . 2004-03-26 12:23 40080 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 17:09 . 2009-10-23 17:09 48904 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 15:49 . 2009-10-23 15:49 -------- d-----w- c:\documents and settings\Catina Scarlett\Application Data\Malwarebytes
2009-10-23 15:49 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 15:48 . 2009-10-23 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-23 15:48 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 15:48 . 2009-10-23 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 01:07 . 2009-10-23 01:07 -------- d-----w- c:\program files\CONEXANT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 13:29 . 2004-03-26 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-24 02:50 . 2004-10-18 22:04 -------- d-----w- c:\program files\Maxis
2009-10-24 02:41 . 2004-10-15 20:30 48904 -c--a-w- c:\documents and settings\Cory Burroughs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-24 01:14 . 2004-03-26 12:08 -------- d-----w- c:\program files\Common Files\Real
2009-10-24 01:11 . 2007-03-09 12:34 -------- d-----w- c:\documents and settings\Catina Scarlett\Application Data\Yahoo!
2009-10-24 01:11 . 2005-11-28 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-10-24 01:05 . 2004-03-26 11:49 -------- d-----w- c:\program files\Java
2009-10-24 00:22 . 2004-10-09 20:03 48904 -c--a-w- c:\documents and settings\Catina Scarlett\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 19:05 . 2007-09-18 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-23 02:09 . 2004-03-26 12:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 02:09 . 2004-03-26 12:08 -------- d-----w- c:\program files\QuickTime
2009-10-23 02:07 . 2005-09-28 14:37 -------- d-----w- c:\program files\3B Software
2009-10-23 02:02 . 2005-02-08 22:40 -------- d-----w- c:\program files\WildTangent
2009-10-23 02:01 . 2005-02-15 13:07 -------- d-----w- c:\program files\Yahoo!
2009-10-23 01:46 . 2005-04-18 23:07 -------- d-----w- c:\program files\Napster
2009-10-23 01:46 . 2005-04-18 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Napster
2009-10-23 01:42 . 2004-03-26 12:16 -------- d-----w- c:\program files\MUSICMATCH
2009-10-23 01:39 . 2008-08-24 20:14 -------- d-----w- c:\program files\Panasonic
2009-10-23 01:39 . 2008-08-24 20:32 -------- d-----w- c:\documents and settings\Catina Scarlett\Application Data\Panasonic
2009-10-23 01:35 . 2007-11-01 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-10-23 01:35 . 2007-11-01 22:49 -------- d-----w- c:\program files\WildGames
2009-10-23 01:35 . 2008-04-01 23:35 -------- d-----w- c:\program files\FrostWire
2009-10-23 01:34 . 2004-03-26 11:59 -------- d-----w- c:\program files\Dell
2009-10-23 01:32 . 2007-05-11 18:03 -------- d-----w- c:\program files\Spyware Terminator
2009-10-23 01:30 . 2007-11-06 17:36 -------- d-----w- c:\program files\ComcastToolbar
2009-10-23 01:29 . 2007-11-06 20:42 -------- d-----w- c:\documents and settings\Catina Scarlett\Application Data\Comcast
2009-10-23 01:28 . 2007-05-10 00:25 -------- d-----w- c:\program files\Transparent
2005-08-02 20:58 . 2007-06-27 14:54 293888 -csha-r- c:\windows\Q2F0aW5hIFNjYXJsZXR0\command.exe
2005-07-29 20:24 . 2007-06-27 14:54 472 -csha-r- c:\windows\Q2F0aW5hIFNjYXJsZXR0\kZIXuqc1KIh3srLPtrlX.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-24 149280]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wATV03nt.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Catina Scarlett^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
path=c:\documents and settings\Catina Scarlett\Start Menu\Programs\Startup\Registry Repair Pro.lnk
backup=c:\windows\pss\Registry Repair Pro.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Catina Scarlett^Start Menu^Programs^Startup^RegistryDefender.lnk]
path=c:\documents and settings\Catina Scarlett\Start Menu\Programs\Startup\RegistryDefender.lnk
backup=c:\windows\pss\RegistryDefender.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Catina Scarlett^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:\documents and settings\Catina Scarlett\Start Menu\Programs\Startup\Scheduler.lnk
backup=c:\windows\pss\Scheduler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

S2 RQMVNVSS;RQMVNVSS;\??\c:\windows\system32\drivers\RQMVNVSS.sys --> c:\windows\system32\drivers\RQMVNVSS.sys [?]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 4:47 PM 20640]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
IE: &Search
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
HKU-Default-Run-CSmileys - c:\progra~1\Crawler\Smileys\CSmileysIM.exe
AddRemove-HP Imaging Device Functions - c:\program files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 10:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\ed2k]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\ed2k\shell\open\ddeexec]
@DACL=(02 0000)
@="%1"

[HKEY_LOCAL_MACHINE\software\Classes\gnutella]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\gnutella\shell\open\ddeexec]
@DACL=(02 0000)
@="%1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1268)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\combofix\CF8155.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-26 15:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-26 19:34

Pre-Run: 22,771,957,760 bytes free
Post-Run: 23,133,593,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - A240C7CDA1B92E74B0DBE0EAE74D4C56


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:30 PM, on 10/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 3909 bytes

Killer of Windoze


#6 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 October 2009 - 03:18 PM

Hi,

A few things to go over.

c:\program files\FrostWire <--Any P2P (File Sharing ) programs are dangerous, you downloading files from and unknown source, most contain malicious programs as malware writers are using this as the latest way of infecting your computer. Its kind of like playing Russian Roulette malwarewise. Your call to remove it but if you dont you will be back here pretty soon infected again. :blush:


RegistryDefender <--This is a trojan, I doubt it but see if you can use Add Remove Programs to remove it.




You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see.

c:\windows\Q2F0aW5hIFNjYXJsZXR0\command.exe
c:\windows\system32\drivers\RQMVNVSS.sys

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#7 pastimage

pastimage

    Authentic Member

  • Authentic Member
  • PipPip
  • 121 posts

Posted 26 October 2009 - 06:55 PM

A few things to go over.
c:\program files\FrostWire <--Any P2P (File Sharing ) programs are dangerous, you downloading files from and unknown source, most contain malicious programs as malware writers are using this as the latest way of infecting your computer. Its kind of like playing Russian Roulette malwarewise. Your call to remove it but if you dont you will be back here pretty soon infected again.
RegistryDefender <--This is a trojan, I doubt it but see if you can use Add Remove Programs to remove it.
You need to enable windows to show all files and folders, instructions Here

As for the frost wire. I deleted it via add/remove but I did follow the path and saw I could delete that folder. I will do this manually and hope that is enough to remove traces of it.

Registry defender; Same thing here almost. I have not looked for a folder for it but I can if you want me too. I did delete it from add/remove as well so if it is showing it is still on here than I do not know where or how.

I did enable show all folders and files since you asked that I do that. To tell the truth it is one of the first things I do as this is not my first battle with malware etc for others.

I only have so much say so in what happens and what is installed after I fix this thing with your help. I will explain to my neighbor what that program is and what all was on here and I will explain the problems with cleaning it all up and getting it back to the point that it is useable. Alas, I can only do as good as you all can since I am only a messenger and the person almost savy enough to get this done. If not for you all, I know I could never do what I have done. Many thanks to LDTate and Doug and you of course!!!!!

Will post the other items asap.
analisis/9a9fdfd860eda1ce8539f33ffd232055c695f15ff3773bef266d736fc6d33bf8-1241021507
Antivirus Version Last Update Result
AhnLab-V3 5.0.0.2 2009.04.29 Win-Trojan/Proxy.293888
AntiVir 7.9.0.156 2009.04.29 ADSPY/CommAd.a.1
Antiy-AVL 2.0.3.1 2009.04.29 AdWare/Win32.CommAd
Authentium 5.1.2.4 2009.04.29 W32/Agent.WF
Avast 4.8.1335.0 2009.04.28 Win32:Adware-gen
AVG 8.5.0.287 2009.04.29 Generic2.OQO
BitDefender 7.2 2009.04.29 Adware.CommAd.A
CAT-QuickHeal 10.00 2009.04.29 AdWare.CommAd.a (Not a Virus)
ClamAV 0.94.1 2009.04.29 Trojan.Downloader.VB-104
Comodo 1138 2009.04.29 Application.Win32.Adware.CommAd
DrWeb 4.44.0.09170 2009.04.29 Trojan.Proxy.493
eSafe 7.0.17.0 2009.04.27 Spyware.Gen
eTrust-Vet 31.6.6482 2009.04.29 -
F-Prot 4.4.4.56 2009.04.29 W32/Agent.WF
F-Secure 8.0.14470.0 2009.04.29 AdWare.Win32.CommAd.a
Fortinet 3.117.0.0 2009.04.29 Adware/CommAd
GData 19 2009.04.29 Adware.CommAd.A
Ikarus T3.1.1.49.0 2009.04.29 not-a-virus:AdWare.Win32.CommAd.a
K7AntiVirus 7.10.719 2009.04.29 Non-Virus:AdWare.Win32.CommAd.a
Kaspersky 7.0.0.125 2009.04.29 not-a-virus:AdWare.Win32.CommAd.a
McAfee 5600 2009.04.29 potentially unwanted program Adware-Isearch
McAfee+Artemis 5600 2009.04.29 potentially unwanted program Artemis!2C234DDE711C
McAfee-GW-Edition 6.7.6 2009.04.29 Ad-Spyware.CommAd.a.1
Microsoft 1.4602 2009.04.29 Adware:Win32/CMDService
NOD32 4043 2009.04.29 Win32/Adware.CommAd
Norman 2009.04.29 W32/CommAd.A
nProtect 2009.1.8.0 2009.04.29 -
Panda 10.0.0.14 2009.04.28 Adware/CommAd
PCTools 4.4.2.0 2009.04.29 Adware.I-Search_Desktop_Search_Toolbar
Prevx1 3.0 2009.04.29 Low Risk Adware
Rising 21.27.22.00 2009.04.29 Backdoor.BlackHole.ax
Sophos 4.41.0 2009.04.29 CommAd
Sunbelt 3.2.1858.2 2009.04.28 Command Service
Symantec 1.4.4.12 2009.04.29 Spyware.ISearch
TheHacker 6.3.4.1.317 2009.04.29 Adware/CommAd.a
TrendMicro 8.950.0.1092 2009.04.29 -
VBA32 3.12.10.3 2009.04.29 AdWare.Win32.CommAd.a
ViRobot 2009.4.29.1715 2009.04.29 Trojan.Win32.CommAd.293888
VirusBuster 4.6.5.0 2009.04.29 Adware.CommAd.C
Additional information
File size: 293888 bytes
MD5 : 3e2c234dde711c6754f2df994fb3cc94
SHA1 : 14ed43e58d0fea3404886824d011814a241caaac
SHA256: 9a9fdfd860eda1ce8539f33ffd232055c695f15ff3773bef266d736fc6d33bf8
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xBA1A0
timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x73000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x74000 0x47000 0x46400 7.93 b94e50a0e8c48e9a24aa107c90ff871f
.rsrc 0xBB000 0x2000 0x1400 3.48 d9898a4ea78a6a8c58d29b50207eab95

( 9 imports )

> advapi32.dll: EqualSid
> comctl32.dll: ImageList_Add
> gdi32.dll: SaveDC
> kernel32.dll: LoadLibraryA, GetProcAddress, ExitProcess
> netapi32.dll: Netbios
> ole32.dll: OleDraw
> oleaut32.dll: VariantCopy
> user32.dll: GetDC
> version.dll: VerQueryValueA

( 0 exports )

TrID : File type identification
UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%)
ThreatExpert: http://www.threatexp...4f2df994fb3cc94
ssdeep: 6144:K6C76Qa1QBwrd86VwOkcVrJdL7KzHmJnmXc6cW6PH8mDlBO:O611QkqMnR6zHouu/a
Prevx Info: http://info.prevx.co...DB2200038FAAD4A
PEiD : -
packers (Kaspersky): UPX
CWSandbox: http://research.sunb...4f2df994fb3cc94
RDS : NSRL Reference Data Set


analisis/a9468209ba2d2acd4f443c47d0df768f0ae235fb2a9b0bb8195f5635d73028d6-1253719277
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.09.23 AdWare.Isearch!IK
AhnLab-V3 5.0.0.2 2009.09.23 -
AntiVir 7.9.1.23 2009.09.23 ADSPY/Isearch
Antiy-AVL 2.0.3.7 2009.09.23 AdWare/Win32.MDH
Authentium 5.1.2.4 2009.09.23 -
Avast 4.8.1351.0 2009.09.21 VBS:Malware-gen
AVG 8.5.0.412 2009.09.23 -
BitDefender 7.2 2009.09.23 Adware.Isearch.D
CAT-QuickHeal 10.00 2009.09.23 VBS/CommAd.A
ClamAV 0.94.1 2009.09.23 -
Comodo 2414 2009.09.23 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.09.23 -
eSafe 7.0.17.0 2009.09.23 Spyware.Gen
eTrust-Vet 31.6.6756 2009.09.23 -
F-Prot 4.5.1.85 2009.09.23 -
F-Secure 8.0.14470.0 2009.09.23 -
Fortinet 3.120.0.0 2009.09.23 Adware/Isearch
GData 19 2009.09.23 Adware.Isearch.D
Ikarus T3.1.1.72.0 2009.09.23 AdWare.Isearch
Jiangmin 11.0.800 2009.09.23 -
K7AntiVirus 7.10.852 2009.09.23 -
Kaspersky 7.0.0.125 2009.09.23 -
McAfee 5749 2009.09.22 potentially unwanted program Adware-Isearch
McAfee+Artemis 5749 2009.09.22 potentially unwanted program Adware-Isearch
McAfee-GW-Edition 6.8.5 2009.09.23 Ad-Spyware.Isearch
Microsoft 1.5005 2009.09.23 Adware:Win32/CMDService
NOD32 4450 2009.09.23 Win32/Adware.ISearch
Norman 6.01.09 2009.09.23 VBS/CommAd.A
nProtect 2009.1.8.0 2009.09.23 -
Panda 10.0.2.2 2009.09.23 Adware/CommAd
PCTools 4.4.2.0 2009.09.23 -
Prevx 3.0 2009.09.23 -
Rising 21.48.24.00 2009.09.23 -
Sophos 4.45.0 2009.09.23 CommAd
Sunbelt 3.2.1858.2 2009.09.23 -
Symantec 1.4.4.12 2009.09.23 Spyware.ISearch
TheHacker 6.5.0.2.015 2009.09.22 -
TrendMicro 8.950.0.1094 2009.09.23 -
VBA32 3.12.10.10 2009.09.23 -
ViRobot 2009.9.23.1950 2009.09.23 -
VirusBuster 4.6.5.0 2009.09.23 -
Additional information
File size: 472 bytes
MD5 : 387edbb90a5275d1b464eb31f3162c40
SHA1 : 40c7e89572e2bee9f8bd24a0163c500205d0cfb8
SHA256: a9468209ba2d2acd4f443c47d0df768f0ae235fb2a9b0bb8195f5635d73028d6
TrID : File type identification
Unknown!
ssdeep: 6:9cNAWdgUgUmY9oQlr4+HXyB9ref/3JDp5ZOx2j6NqhdFjFa+hdF3kDmIIVTgiSK8:9vWdaY9P3yzwE2hHo+hH34oTgiSKa7D
Prevx Info: http://info.prevx.co...4EB3100F3162C40
PEiD : -
CWSandbox: http://research.sunb...464eb31f3162c40
RDS : NSRL Reference Data Set


c:\windows\system32\drivers\RQMVNVSS.sys ------> could not be found following this path.
the first one was a folder with two items in it. I have the info for both here for you.
I do hope I did that right for you.
Thank you.
Any other place I might look to help?
Thank you

Edited by pastimage, 26 October 2009 - 07:40 PM.

Killer of Windoze


#8 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 October 2009 - 02:41 AM

Good Morning,

We will deal with them in a bit.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean





Please download Malwarebytes' Anti-Malware from Here[/color] or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#9 pastimage

pastimage

    Authentic Member

  • Authentic Member
  • PipPip
  • 121 posts

Posted 27 October 2009 - 05:06 PM

here are the new logs {EDIT=== And now for what ever reason since I have run those last three programs TFC, HJT, and MB, I know cannot get online for anything unless I completely eliminate my router and go straight into the modem. Got any ideas? I am running two other computers, both are mac, one hard wired/wireless at the same time and the other just wireless. I have done a reset of the modem and router both multiple time to no avail. but the other computers work. I just dont get it. I will see if it might have a self assigned ip but if not then I am stumped.
Yep it is getting a 169. addy and that is false

Malwarebytes' Anti-Malware 1.41
Database version: 3044
Windows 5.1.2600 Service Pack 2

10/27/2009 7:01:30 PM
mbam-log-2009-10-27 (19-01-30).txt

Scan type: Quick Scan
Objects scanned: 112847
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_____________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:21 PM, on 10/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 4004 bytes

Edited by pastimage, 27 October 2009 - 05:57 PM.

Killer of Windoze


#10 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 October 2009 - 06:56 PM

Hi,

c:\windows\Q2F0aW5hIFNjYXJsZXR0 <--Go ahead and delete this folder.

Why don't you post in our networking forum and see if they can help you get back online. When they do, come on back to this thread and we will run a free online virus scanner to make sure your all clear

http://forums.whatth...rking_f128.html

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#11 pastimage

pastimage

    Authentic Member

  • Authentic Member
  • PipPip
  • 121 posts

Posted 28 October 2009 - 06:00 AM

I can still get online so lets get this finished if you dont mind. I just have to get it hard wired into comcast. will delete the folder if I can find it.

Killer of Windoze


#12 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 October 2009 - 06:18 AM

Delete that folder , outside of no internet, how are things running ?

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#13 pastimage

pastimage

    Authentic Member

  • Authentic Member
  • PipPip
  • 121 posts

Posted 28 October 2009 - 08:13 AM

not considering internet connection it seems to be running a LOT better. I can get up and running on it faster but compared to what I am used to it is slow as heck. Hard for me to remember what it is like for a MS OS to get up and going. I recall it being slow though even for mine. I have deleted out the extra users and went in and deleter a lot of folders and removed multiple programs so free space is a lot better too. They could use better/more ram. It is an older Hp with a Dell name but the system as a whole I believe is a minimum. The computer cannot multi task well at all. malware and trojans seems to be gone. I have zone alarm on it now and pulled out the McAfee. Needs an anti virus but they could live without it since they use aol, yahoo and the like for mail clients. Hope to keep them away from limewire and the likes. I want to scan it with kaspersky or something like that just to make sure nothing is hidden and I am/ you are not seeing it. Something I am not sure about though is the stuff in the thread above you said we could address later and also when they had the multiple users there was different start up stuff for each one. Is that normal? I never had multiple users on one computer so I do not know. Like aol was on for two but not the one. then there was a game player on one but not for the other two. I removed them and deleted the user account to make it all one. Easy solution for me. I would like to set it up so they are limited accounts in the end but I am afraid I have no control over it once it leaves my house, since it is not mine or my families. Bottom line is it is a backside droppings load better! ! one thing I was not thinking of is that I went to MS to get updates and had problems .... well I could not get anything to happen. I will double check that tonight too and let you know about that as well.

Edited by pastimage, 28 October 2009 - 08:15 AM.

Killer of Windoze


#14 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 October 2009 - 09:52 AM

What I meant by doing it later was those two files, one you deleted and the other one is not present.

You can post in this windows forum for help with sorting out your startup entries, they may be slowing you down also.
http://forums.whatth...ndows_f119.html


You can go to
http://www.crucial.com/
download the free scanner and see if a memory upgrade is affordable.



TFC <--Yours to keep, run it about once aweek to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


    • Posted Image

  • When shown the disclaimer, Select "2"

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .



Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.6
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.


Safe Surfn
Ken

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#15 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 30 October 2009 - 06:30 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users