This computer hasn't been responding well for a while. The home page was hijacked by Alot Toolbar, which I removed through Control Panel, Add/Remove programs, Encarta stopped working, CD player stopped working, and Spyware Doctor (free) would not update.
I ran ATF Cleaner, Malware Bytes, Vundofix.exe and HijackThis. Vundofix.exe did not find infected files, but Spyware Doctor still shows it and Starware adware infections. I am posting my logs and would appreciate help in getting these infections cleaned up. Thank you! - Jcatsmom
Logfile of HijackThis v1.99.1
Scan saved at 12:20:03 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\windows\System32\alg.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:0/proxy.pac
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.char...in/ssctlsma.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163740666937
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.co...3,0,1,0/mvt.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
Malwarebytes' Anti-Malware 1.12
Database version: 775
Scan type: Quick Scan
Objects scanned: 35042
Time elapsed: 14 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
PCTOOLS Spyware Doctor Scan Type - Intelli-Scan
5/24/2008 12:36:15 PM:968 Infection was detected on this computer
Threat Name - Hijacker.Affiliated_with_Browser_Hijackers
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com, *
5/24/2008 12:36:15 PM:984 Infection was detected on this computer
Threat Name - Hijacker.Affiliated_with_Browser_Hijackers
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\de, *
5/24/2008 12:36:15 PM:984 Infection was detected on this computer
Threat Name - Hijacker.Affiliated_with_Browser_Hijackers
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\de
5/24/2008 12:36:15 PM:984 Infection was detected on this computer
Threat Name - Hijacker.Affiliated_with_Browser_Hijackers
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\download, *
5/24/2008 12:36:15 PM:984 Infection was detected on this computer
Threat Name - Hijacker.Affiliated_with_Browser_Hijackers
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\download
5/24/2008 12:36:15 PM:984 Infection was detected on this computer
Threat Name - Hijacker.Affiliated_with_Browser_Hijackers
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\www, *
5/24/2008 12:36:16 PM:0 Infection was detected on this computer
Threat Name - Hijacker.Affiliated_with_Browser_Hijackers
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com\www
5/24/2008 12:36:16 PM:0 Infection was detected on this computer
Threat Name - Hijacker.Affiliated_with_Browser_Hijackers
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com
5/24/2008 12:36:16 PM:0 Infection was detected on this computer
Threat Name - RogueAntiSpyware.WinAntiSpyware
Type - Registry Value
Risk Level - Low
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantispyware.com, *
5/24/2008 12:36:16 PM:0 Infection was detected on this computer
Threat Name - RogueAntiSpyware.WinAntiSpyware
Type - Registry Value
Risk Level - Low
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantispyware.com\www, *
5/24/2008 12:36:16 PM:31 Infection was detected on this computer
Threat Name - RogueAntiSpyware.WinAntiSpyware
Type - Registry Key
Risk Level - Low
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantispyware.com\www
5/24/2008 12:36:16 PM:31 Infection was detected on this computer
Threat Name - RogueAntiSpyware.WinAntiSpyware
Type - Registry Key
Risk Level - Low
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantispyware.com
5/24/2008 12:36:16 PM:31 Infection was detected on this computer
Threat Name - Spyware.Rogue_Anti-Spyware_Products
Type - Registry Value
Risk Level - High
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com, *
5/24/2008 12:36:16 PM:31 Infection was detected on this computer
Threat Name - Spyware.Rogue_Anti-Spyware_Products
Type - Registry Value
Risk Level - High
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\de, *
5/24/2008 12:36:16 PM:46 Infection was detected on this computer
Threat Name - Spyware.Rogue_Anti-Spyware_Products
Type - Registry Key
Risk Level - High
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\de
5/24/2008 12:36:16 PM:46 Infection was detected on this computer
Threat Name - Spyware.Rogue_Anti-Spyware_Products
Type - Registry Value
Risk Level - High
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\download, *
5/24/2008 12:36:16 PM:46 Infection was detected on this computer
Threat Name - Spyware.Rogue_Anti-Spyware_Products
Type - Registry Key
Risk Level - High
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\download
5/24/2008 12:36:16 PM:46 Infection was detected on this computer
Threat Name - Spyware.Rogue_Anti-Spyware_Products
Type - Registry Value
Risk Level - High
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\www, *
5/24/2008 12:36:16 PM:62 Infection was detected on this computer
Threat Name - Spyware.Rogue_Anti-Spyware_Products
Type - Registry Key
Risk Level - High
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\www
5/24/2008 12:36:16 PM:62 Infection was detected on this computer
Threat Name - Spyware.Rogue_Anti-Spyware_Products
Type - Registry Key
Risk Level - High
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com
5/24/2008 12:36:16 PM:62 Infection was detected on this computer
Threat Name - Adware.WinFixer
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com, *
5/24/2008 12:36:16 PM:62 Infection was detected on this computer
Threat Name - Adware.WinFixer
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\instlog, *
5/24/2008 12:36:16 PM:62 Infection was detected on this computer
Threat Name - Adware.WinFixer
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\instlog
5/24/2008 12:36:16 PM:78 Infection was detected on this computer
Threat Name - Adware.WinFixer
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\utils, *
5/24/2008 12:36:16 PM:78 Infection was detected on this computer
Threat Name - Adware.WinFixer
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\utils
5/24/2008 12:36:16 PM:78 Infection was detected on this computer
Threat Name - Adware.WinFixer
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\www.utils, *
5/24/2008 12:36:16 PM:78 Infection was detected on this computer
Threat Name - Adware.WinFixer
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com\www.utils
5/24/2008 12:36:16 PM:93 Infection was detected on this computer
Threat Name - Adware.WinFixer
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com
5/24/2008 12:36:50 PM:890 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3}\iexplore, Type
5/24/2008 12:36:50 PM:890 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3}\iexplore, Count
5/24/2008 12:36:50 PM:906 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3}\iexplore, Time
5/24/2008 12:36:50 PM:906 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3}\iexplore
5/24/2008 12:36:50 PM:906 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_USERS\S-1-5-21-1932620155-314220044-3242527114-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3}
5/24/2008 12:37:13 PM:250 Immunizer Results
ActiveX section has been immunized, Processed 178 items.
5/24/2008 12:38:24 PM:375 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 186905
Threats Detected - 5
Infections Detected - 33
Infections Ignored - 0