Hi guys,
hoping someone can help me. I seem to have been infected with a nasty virus.
I have the little red balloon in my task bar that keeps popping up saying my computer is infected with spyware. I have tried running AVG, Superantispyware, Spybot and HJT and none of these can even run :-(. I did manage to run adaware and removed some things, but to no avail. it is still there.
Even trying to access certain websites is a nightmare, coming up wih mywebsearch or something.
Don't know if you can help me as i can't post a hjt log.
Eagerly awaiting response b4 i toss this thing out the window
mezzmorized
0
Newbie Poster
Recommended Answers
Jump to PostDownload Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch …
Jump to PostPlease download ComboFix by sUBs from HERE or HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your …
Jump to PostCan you download and run combofix? Both those links work fine.
Jump to PostPM me your email address and I will send it to you.
All 13 Replies
crunchie
990
Most Valuable Poster
Team Colleague
Featured Poster
Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Make sure that you restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
=========
Try safe mode if you have problems running it.
mezzmorized
0
Newbie Poster
Hi Crunchie,
Thanx for your reply:) . had trouble downloading from the link, but managed to download it from another site.
I alos got a new pop up stating :
16 bit ms dos subsystem
c:\windows\sysvxd.exe
c:\windows\system32/autoexec.nt. the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.
not too sure what it is, but i think i chose close last time and my system went into shutdown.
anyways, below is the log you requested.:)
Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 2
22/10/2008 12:32:45 PM
mbam-log-2008-10-22 (12-32-45).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 228446
Time elapsed: 1 hour(s), 36 minute(s), 10 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 191
Registry Values Infected: 11
Registry Data Items Infected: 1
Folders Infected: 32
Files Infected: 217
Memory Processes Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b1cc6 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ce27f2e4-ed57-4453-8997-27c9e6f49ad9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cf26fac0-7d4e-46d8-ae64-b277b11443ac} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{41d0f55c-009d-45c8-a26e-a6d5024d86c7} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e5bd6642-494a-4326-9803-f2ba07b73d3d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afc0af8e-41f7-4d76-c31b-8464ca9b84a3} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b4942dc4-69d1-4a63-9773-884c78c04459} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispyware (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00110a9 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00489fa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\stfngdvw.bbvf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\stfngdvw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c3aba952-3f9e-43a7-99f8-20be97bba96a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IQSoftware (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00e70e1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msram.tchongabho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ce27f2e4-ed57-4453-8997-27c9e6f49ad9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdkcj.exe -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Delete on reboot.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\DAP\NTLOG (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\DAP\LOG (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\PC-Antispyware (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\DAP (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\IEToolbar (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\jdqejjfg.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\DesktopEditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\DesktopFWebdEditor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\DesktopTrojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\!KillBox\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32ps1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Program Files\PC-Antispyware\PopupBlocker.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A2A64E5-33C2-448C-B6CC-19D989A1C4BC}\RP318\A0048900.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A2A64E5-33C2-448C-B6CC-19D989A1C4BC}\RP318\A0048901.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A2A64E5-33C2-448C-B6CC-19D989A1C4BC}\RP318\A0048904.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A2A64E5-33C2-448C-B6CC-19D989A1C4BC}\RP318\A0048906.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A2A64E5-33C2-448C-B6CC-19D989A1C4BC}\RP318\A0048909.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A2A64E5-33C2-448C-B6CC-19D989A1C4BC}\RP318\A0048910.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\cygcrypt-0.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\DesktopEditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktopfilemanagerclient.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktopfkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktopfkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktopfwebd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\PC-Antispyware\IeExtension.dll (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\02F4448D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\25F7CA1D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\25F7D037.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\25F7DEED.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\25F7ECD7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\25F7F052.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\2A6F0809.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\2A6F0D19.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\2A6F170C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\2A6F1E30.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\nav.bmp (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A2A64E5-33C2-448C-B6CC-19D989A1C4BC}\RP318\A0048902.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\2A6EE9C3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\cygwin1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\servicesmgr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\basis.xml (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\newversion.txt (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\svchostlogon.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\ntauth.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\toolbar.crc (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\servicelogon.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktopblackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\version.txt (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\basis.key (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PC-Antispyware (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\New Text Document (5).txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\winlogon.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\google2.bmp (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\Copy (5) of 3.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\error.html (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
crunchie
990
Most Valuable Poster
Team Colleague
Featured Poster
Please download ComboFix by sUBs from HERE or HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply.
- Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
===============
Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
mezzmorized
0
Newbie Poster
hi, I am sorry for delayed rsponse. My computer seemed to be working fine, then when i restarted it this morning i have been having trouble getting computer to start. finally managed to log into safe mode, but have tried downloading combofix from above links but keep getting error messages.
I also think i have been infected with go.google.
Am running malwarebytes again and will post log when finished.
thanx
mezzmorized
0
Newbie Poster
here is the new log..
Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 2
30/10/2008 3:39:34 PM
mbam-log-2008-10-30 (15-39-34).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 226035
Time elapsed: 1 hour(s), 13 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
and here is a hjt log...
Logfile of HijackThis v1.99.1
Scan saved at 3:43:52 PM, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Cucusoft\avi-dvd-pro\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://cyberview.50webs.net/tvants.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://shop.getdigital.com.au/components/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dkqiqwxx - dkqiqwxx.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jdqejjfg - jdqejjfg.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: UnknownSys - {589d9279-c003-4caa-bdcb-3f177b1e8a79} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
mezzmorized
0
Newbie Poster
can still only boot up in safe mode - otherwise when windows is loading, a blue screeen flashes up real fast, then it starts to load again and keeps repeating...
crunchie
990
Most Valuable Poster
Team Colleague
Featured Poster
Can you download and run combofix? Both those links work fine.
mezzmorized
0
Newbie Poster
no - i have tried several times and they both display that the page can not be displayed - even tried doing a google search, but with the go.google am finding it very hard, and annoying. have even tried typing in address manually. but still not working :-(
crunchie
990
Most Valuable Poster
Team Colleague
Featured Poster
PM me your email address and I will send it to you.
mezzmorized
0
Newbie Poster
finally managed to crun combofix
here is the log as well s the hjt log... thanx again :-)
ComboFix 08-11-01.04 - Owner 2008-11-02 20:48:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.168 [GMT 11:00]
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALLUSE~1\STARTM~1\Live Safety Center.lnk
C:\DOCUME~1\Owner\APPLIC~1\inst.exe
C:\Documents and Settings\LocalService\My Documents\ICROSO~1
C:\Documents and Settings\LocalService\My Documents\ICROSO~1\?icrosoft.NET\
C:\Documents and Settings\LocalService\My Documents\ICROSO~1\?icrosoft\
C:\Documents and Settings\Owner\Application Data\inst.exe
C:\Program Files\INSTALL.LOG
C:\Program Files\Internet Explorer\msimg32.dll
C:\WINDOWS\FAVORI~1\Online Security Guide.lnk
C:\WINDOWS\Favorites\Online Security Guide.lnk
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\installer.exe
C:\WINDOWS\msnimport.exe
C:\WINDOWS\system32\cache329
C:\WINDOWS\system32\cache329\B_127300.htm
C:\WINDOWS\system32\cache329\B_134000.htm
C:\WINDOWS\system32\cache329\B_322400.htm
C:\WINDOWS\system32\cache329\B_329_0_0_105300.htm
C:\WINDOWS\system32\cache329\B_329_0_0_106800.htm
C:\WINDOWS\system32\cache329\B_329_0_0_107400.htm
C:\WINDOWS\system32\cache329\B_329_0_0_115300.gif
C:\WINDOWS\system32\cache329\B_329_0_0_121400.htm
C:\WINDOWS\system32\cache329\B_329_0_0_121400.swf
C:\WINDOWS\system32\cache329\B_329_0_0_126400.gif
C:\WINDOWS\system32\cache329\B_329_0_0_128000.gif
C:\WINDOWS\system32\cache329\B_329_0_0_164700.gif
C:\WINDOWS\system32\cache329\B_329_0_0_193900.gif
C:\WINDOWS\system32\cache329\B_329_0_0_246200.gif
C:\WINDOWS\system32\cache329\B_329_0_0_278900.gif
C:\WINDOWS\system32\cache329\B_329_0_0_336400.htm
C:\WINDOWS\system32\cache329\B_329_0_0_336400.swf
C:\WINDOWS\system32\cache329\B_329_0_0_355900.gif
C:\WINDOWS\system32\cache329\B_329_0_0_359900.htm
C:\WINDOWS\system32\cache329\B_329_0_0_359900.swf
C:\WINDOWS\system32\cache329\B_329_0_0_364700.gif
C:\WINDOWS\system32\cache329\B_329_0_0_366400.htm
C:\WINDOWS\system32\cache329\B_329_0_0_366400.swf
C:\WINDOWS\system32\cache329\B_329_0_0_394100.htm
C:\WINDOWS\system32\cache329\B_329_0_0_394100.swf
C:\WINDOWS\system32\cache329\B_329_0_0_394500.htm
C:\WINDOWS\system32\cache329\B_329_0_0_394500.swf
C:\WINDOWS\system32\cache329\B_329_0_0_397200.htm
C:\WINDOWS\system32\cache329\B_329_0_0_412800.htm
C:\WINDOWS\system32\cache329\B_329_0_0_412800.swf
C:\WINDOWS\system32\cache329\B_329_0_0_416700.gif
C:\WINDOWS\system32\cache329\B_329_0_0_422900.htm
C:\WINDOWS\system32\cache329\B_329_0_0_422900.swf
C:\WINDOWS\system32\cache329\B_329_0_0_446800.htm
C:\WINDOWS\system32\cache329\B_329_0_0_446900.htm
C:\WINDOWS\system32\cache329\B_329_0_0_488300.htm
C:\WINDOWS\system32\cache329\B_329_0_0_488300.swf
C:\WINDOWS\system32\cache329\B_329_0_0_809100.htm
C:\WINDOWS\system32\cache329\B_329_0_1_128000.gif
C:\WINDOWS\system32\cache329\B_329_0_1_339900.gif
C:\WINDOWS\system32\cache329\B_329_0_1_340100.gif
C:\WINDOWS\system32\cache329\B_329_0_1_340400.gif
C:\WINDOWS\system32\cache329\B_329_0_1_340600.gif
C:\WINDOWS\system32\cache329\B_329_0_1_355900.gif
C:\WINDOWS\system32\cache329\B_329_0_1_402300.htm
C:\WINDOWS\system32\cache329\B_329_0_1_402300.swf
C:\WINDOWS\system32\cache329\B_329_0_1_422900.htm
C:\WINDOWS\system32\cache329\B_329_0_1_422900.swf
C:\WINDOWS\system32\cache329\B_329_0_2_109800.gif
C:\WINDOWS\system32\cache329\B_329_0_2_126800.gif
C:\WINDOWS\system32\cache329\B_329_0_2_128000.gif
C:\WINDOWS\system32\cache329\B_329_0_2_150300.gif
C:\WINDOWS\system32\cache329\B_329_0_2_150400.gif
C:\WINDOWS\system32\cache329\B_329_0_2_246700.gif
C:\WINDOWS\system32\cache329\B_329_0_2_274800.gif
C:\WINDOWS\system32\cache329\B_329_0_3_126400.gif
C:\WINDOWS\system32\cache329\B_329_0_3_394500.htm
C:\WINDOWS\system32\cache329\B_329_0_3_394500.swf
C:\WINDOWS\system32\cache329\B_329_0_3_397200.htm
C:\WINDOWS\system32\cache329\B_329_0_4_113700.gif
C:\WINDOWS\system32\cache329\B_329_0_4_126800.gif
C:\WINDOWS\system32\cache329\B_329_0_4_127900.gif
C:\WINDOWS\system32\cache329\B_329_0_4_128000.gif
C:\WINDOWS\system32\cache329\B_329_0_4_164700.gif
C:\WINDOWS\system32\cache329\B_329_0_4_165400.gif
C:\WINDOWS\system32\cache329\B_329_0_4_188300.gif
C:\WINDOWS\system32\cache329\B_329_0_4_188400.gif
C:\WINDOWS\system32\cache329\B_329_0_4_250700.gif
C:\WINDOWS\system32\cache329\B_329_0_4_340200.gif
C:\WINDOWS\system32\cache329\B_329_0_4_340300.gif
C:\WINDOWS\system32\cache329\B_329_0_4_340900.gif
C:\WINDOWS\system32\cache329\B_329_0_4_341900.gif
C:\WINDOWS\system32\cache329\B_329_0_4_343100.gif
C:\WINDOWS\system32\cache329\B_329_0_4_355900.gif
C:\WINDOWS\system32\cache329\B_329_0_4_394100.htm
C:\WINDOWS\system32\cache329\B_329_0_4_394100.swf
C:\WINDOWS\system32\cache329\B_329_0_4_399100.gif
C:\WINDOWS\system32\cache329\B_329_0_4_399300.gif
C:\WINDOWS\system32\cache329\B_329_0_4_418300.gif
C:\WINDOWS\system32\cache329\B_329_0_4_422100.htm
C:\WINDOWS\system32\cache329\B_329_0_4_422100.swf
C:\WINDOWS\system32\cache329\B_329_0_4_434900.gif
C:\WINDOWS\system32\cache329\B_329_1_0_387800.htm
C:\WINDOWS\system32\cache329\B_329_1_0_449200.htm
C:\WINDOWS\system32\cache329\B_329_1_0_449600.htm
C:\WINDOWS\system32\cache329\B_329_1_0_454300.htm
C:\WINDOWS\system32\cache329\B_329_2_0_105300.htm
C:\WINDOWS\system32\cache329\B_329_2_0_106800.htm
C:\WINDOWS\system32\cache329\B_329_2_0_107400.htm
C:\WINDOWS\system32\cache329\B_329_2_0_115300.gif
C:\WINDOWS\system32\cache329\B_329_2_0_121400.htm
C:\WINDOWS\system32\cache329\B_329_2_0_121400.swf
C:\WINDOWS\system32\cache329\B_329_2_0_126400.gif
C:\WINDOWS\system32\cache329\B_329_2_0_126700.gif
C:\WINDOWS\system32\cache329\B_329_2_0_128000.gif
C:\WINDOWS\system32\cache329\B_329_2_0_164700.gif
C:\WINDOWS\system32\cache329\B_329_2_0_177600.gif
C:\WINDOWS\system32\cache329\B_329_2_0_177700.gif
C:\WINDOWS\system32\cache329\B_329_2_0_246200.gif
C:\WINDOWS\system32\cache329\B_329_2_0_278900.gif
C:\WINDOWS\system32\cache329\B_329_2_0_336400.htm
C:\WINDOWS\system32\cache329\B_329_2_0_336400.swf
C:\WINDOWS\system32\cache329\B_329_2_0_355900.gif
C:\WINDOWS\system32\cache329\B_329_2_0_359900.htm
C:\WINDOWS\system32\cache329\B_329_2_0_359900.swf
C:\WINDOWS\system32\cache329\B_329_2_0_364700.gif
C:\WINDOWS\system32\cache329\B_329_2_0_366400.htm
C:\WINDOWS\system32\cache329\B_329_2_0_366400.swf
C:\WINDOWS\system32\cache329\B_329_2_0_387400.gif
C:\WINDOWS\system32\cache329\B_329_2_0_394100.htm
C:\WINDOWS\system32\cache329\B_329_2_0_394100.swf
C:\WINDOWS\system32\cache329\B_329_2_0_394500.htm
C:\WINDOWS\system32\cache329\B_329_2_0_394500.swf
C:\WINDOWS\system32\cache329\B_329_2_0_397200.htm
C:\WINDOWS\system32\cache329\B_329_2_0_412800.htm
C:\WINDOWS\system32\cache329\B_329_2_0_412800.swf
C:\WINDOWS\system32\cache329\B_329_2_0_416700.gif
C:\WINDOWS\system32\cache329\B_329_2_0_422100.htm
C:\WINDOWS\system32\cache329\B_329_2_0_422100.swf
C:\WINDOWS\system32\cache329\B_329_2_0_422900.htm
C:\WINDOWS\system32\cache329\B_329_2_0_422900.swf
C:\WINDOWS\system32\cache329\B_329_2_0_446800.htm
C:\WINDOWS\system32\cache329\B_329_2_0_446900.htm
C:\WINDOWS\system32\cache329\B_329_2_0_488300.htm
C:\WINDOWS\system32\cache329\B_329_2_0_488300.swf
C:\WINDOWS\system32\cache329\B_329_2_0_809100.htm
C:\WINDOWS\system32\cache329\B_329_2_0_809200.htm
C:\WINDOWS\system32\cache329\B_329_2_1_128000.gif
C:\WINDOWS\system32\cache329\B_329_2_1_250700.gif
C:\WINDOWS\system32\cache329\B_329_2_1_260100.gif
C:\WINDOWS\system32\cache329\B_329_2_1_340100.gif
C:\WINDOWS\system32\cache329\B_329_2_1_340400.gif
C:\WINDOWS\system32\cache329\B_329_2_1_340600.gif
C:\WINDOWS\system32\cache329\B_329_2_1_355900.gif
C:\WINDOWS\system32\cache329\B_329_2_1_402300.htm
C:\WINDOWS\system32\cache329\B_329_2_1_402300.swf
C:\WINDOWS\system32\cache329\B_329_2_1_402700.htm
C:\WINDOWS\system32\cache329\B_329_2_1_402700.swf
C:\WINDOWS\system32\cache329\B_329_2_2_109800.gif
C:\WINDOWS\system32\cache329\B_329_2_2_126400.gif
C:\WINDOWS\system32\cache329\B_329_2_2_126700.gif
C:\WINDOWS\system32\cache329\B_329_2_2_126800.gif
C:\WINDOWS\system32\cache329\B_329_2_2_127900.gif
C:\WINDOWS\system32\cache329\B_329_2_2_128000.gif
C:\WINDOWS\system32\cache329\B_329_2_2_150300.gif
C:\WINDOWS\system32\cache329\B_329_2_2_150400.gif
C:\WINDOWS\system32\cache329\B_329_2_2_246700.gif
C:\WINDOWS\system32\cache329\B_329_2_2_274800.gif
C:\WINDOWS\system32\cache329\B_329_2_2_339900.gif
C:\WINDOWS\system32\cache329\B_329_2_2_340100.gif
C:\WINDOWS\system32\cache329\B_329_2_2_340400.gif
C:\WINDOWS\system32\cache329\B_329_2_2_340600.gif
C:\WINDOWS\system32\cache329\B_329_2_3_126400.gif
C:\WINDOWS\system32\cache329\B_329_2_3_278900.gif
C:\WINDOWS\system32\cache329\B_329_2_3_394500.htm
C:\WINDOWS\system32\cache329\B_329_2_3_394500.swf
C:\WINDOWS\system32\cache329\B_329_2_3_397200.htm
C:\WINDOWS\system32\cache329\B_329_2_4_100300.gif
C:\WINDOWS\system32\cache329\B_329_2_4_101100.gif
C:\WINDOWS\system32\cache329\B_329_2_4_101200.gif
C:\WINDOWS\system32\cache329\B_329_2_4_101300.gif
C:\WINDOWS\system32\cache329\B_329_2_4_113700.gif
C:\WINDOWS\system32\cache329\B_329_2_4_121300.gif
C:\WINDOWS\system32\cache329\B_329_2_4_121400.htm
C:\WINDOWS\system32\cache329\B_329_2_4_121400.swf
C:\WINDOWS\system32\cache329\B_329_2_4_126400.gif
C:\WINDOWS\system32\cache329\B_329_2_4_126800.gif
C:\WINDOWS\system32\cache329\B_329_2_4_127600.gif
C:\WINDOWS\system32\cache329\B_329_2_4_127800.htm
C:\WINDOWS\system32\cache329\B_329_2_4_127800.swf
C:\WINDOWS\system32\cache329\B_329_2_4_127900.gif
C:\WINDOWS\system32\cache329\B_329_2_4_128000.gif
C:\WINDOWS\system32\cache329\B_329_2_4_164700.gif
C:\WINDOWS\system32\cache329\B_329_2_4_165400.gif
C:\WINDOWS\system32\cache329\B_329_2_4_188300.gif
C:\WINDOWS\system32\cache329\B_329_2_4_188400.gif
C:\WINDOWS\system32\cache329\B_329_2_4_194700.htm
C:\WINDOWS\system32\cache329\B_329_2_4_194700.swf
C:\WINDOWS\system32\cache329\B_329_2_4_250700.gif
C:\WINDOWS\system32\cache329\B_329_2_4_260100.gif
C:\WINDOWS\system32\cache329\B_329_2_4_286500.htm
C:\WINDOWS\system32\cache329\B_329_2_4_286500.swf
C:\WINDOWS\system32\cache329\B_329_2_4_286700.htm
C:\WINDOWS\system32\cache329\B_329_2_4_286700.swf
C:\WINDOWS\system32\cache329\B_329_2_4_290400.gif
C:\WINDOWS\system32\cache329\B_329_2_4_300300.gif
C:\WINDOWS\system32\cache329\B_329_2_4_300600.gif
C:\WINDOWS\system32\cache329\B_329_2_4_301300.gif
C:\WINDOWS\system32\cache329\B_329_2_4_301400.gif
C:\WINDOWS\system32\cache329\B_329_2_4_329600.gif
C:\WINDOWS\system32\cache329\B_329_2_4_330900.gif
C:\WINDOWS\system32\cache329\B_329_2_4_340200.gif
C:\WINDOWS\system32\cache329\B_329_2_4_340300.gif
C:\WINDOWS\system32\cache329\B_329_2_4_340900.gif
C:\WINDOWS\system32\cache329\B_329_2_4_341900.gif
C:\WINDOWS\system32\cache329\B_329_2_4_343100.gif
C:\WINDOWS\system32\cache329\B_329_2_4_355900.gif
C:\WINDOWS\system32\cache329\B_329_2_4_387400.gif
C:\WINDOWS\system32\cache329\B_329_2_4_394100.htm
C:\WINDOWS\system32\cache329\B_329_2_4_394100.swf
C:\WINDOWS\system32\cache329\B_329_2_4_399100.gif
C:\WINDOWS\system32\cache329\B_329_2_4_399300.gif
C:\WINDOWS\system32\cache329\B_329_2_4_399400.gif
C:\WINDOWS\system32\cache329\B_329_2_4_418300.gif
C:\WINDOWS\system32\cache329\B_329_2_4_422100.htm
C:\WINDOWS\system32\cache329\B_329_2_4_422100.swf
C:\WINDOWS\system32\cache329\B_329_2_4_434900.gif
C:\WINDOWS\system32\cache329\B_329_3_0_105300.htm
C:\WINDOWS\system32\cache329\B_329_3_0_106800.htm
C:\WINDOWS\system32\cache329\B_329_3_0_107400.htm
C:\WINDOWS\system32\cache329\B_329_3_0_115300.gif
C:\WINDOWS\system32\cache329\B_329_3_0_121400.htm
C:\WINDOWS\system32\cache329\B_329_3_0_121400.swf
C:\WINDOWS\system32\cache329\B_329_3_0_126400.gif
C:\WINDOWS\system32\cache329\B_329_3_0_126700.gif
C:\WINDOWS\system32\cache329\B_329_3_0_128000.gif
C:\WINDOWS\system32\cache329\B_329_3_0_164700.gif
C:\WINDOWS\system32\cache329\B_329_3_0_246200.gif
C:\WINDOWS\system32\cache329\B_329_3_0_278900.gif
C:\WINDOWS\system32\cache329\B_329_3_0_336400.htm
C:\WINDOWS\system32\cache329\B_329_3_0_336400.swf
C:\WINDOWS\system32\cache329\B_329_3_0_355900.gif
C:\WINDOWS\system32\cache329\B_329_3_0_359900.htm
C:\WINDOWS\system32\cache329\B_329_3_0_359900.swf
C:\WINDOWS\system32\cache329\B_329_3_0_364700.gif
C:\WINDOWS\system32\cache329\B_329_3_0_366400.htm
C:\WINDOWS\system32\cache329\B_329_3_0_366400.swf
C:\WINDOWS\system32\cache329\B_329_3_0_394100.htm
C:\WINDOWS\system32\cache329\B_329_3_0_394100.swf
C:\WINDOWS\system32\cache329\B_329_3_0_394500.htm
C:\WINDOWS\system32\cache329\B_329_3_0_394500.swf
C:\WINDOWS\system32\cache329\B_329_3_0_397200.htm
C:\WINDOWS\system32\cache329\B_329_3_0_412800.htm
C:\WINDOWS\system32\cache329\B_329_3_0_412800.swf
C:\WINDOWS\system32\cache329\B_329_3_0_416700.gif
C:\WINDOWS\system32\cache329\B_329_3_0_422900.htm
C:\WINDOWS\system32\cache329\B_329_3_0_422900.swf
C:\WINDOWS\system32\cache329\B_329_3_0_446800.htm
C:\WINDOWS\system32\cache329\B_329_3_0_446900.htm
C:\WINDOWS\system32\cache329\B_329_3_0_488400.htm
C:\WINDOWS\system32\cache329\B_329_3_0_488400.swf
C:\WINDOWS\system32\cache329\B_329_3_0_809100.htm
C:\WINDOWS\system32\cache329\B_329_3_1_128000.gif
C:\WINDOWS\system32\cache329\B_329_3_1_339900.gif
C:\WINDOWS\system32\cache329\B_329_3_1_340100.gif
C:\WINDOWS\system32\cache329\B_329_3_1_340400.gif
C:\WINDOWS\system32\cache329\B_329_3_1_340600.gif
C:\WINDOWS\system32\cache329\B_329_3_1_355900.gif
C:\WINDOWS\system32\cache329\B_329_3_1_402300.htm
C:\WINDOWS\system32\cache329\B_329_3_1_402300.swf
C:\WINDOWS\system32\cache329\B_329_3_1_402700.htm
C:\WINDOWS\system32\cache329\B_329_3_1_402700.swf
C:\WINDOWS\system32\cache329\B_329_3_1_422900.htm
C:\WINDOWS\system32\cache329\B_329_3_1_422900.swf
C:\WINDOWS\system32\cache329\B_329_3_2_109800.gif
C:\WINDOWS\system32\cache329\B_329_3_2_126800.gif
C:\WINDOWS\system32\cache329\B_329_3_2_128000.gif
C:\WINDOWS\system32\cache329\B_329_3_2_150300.gif
C:\WINDOWS\system32\cache329\B_329_3_2_150400.gif
C:\WINDOWS\system32\cache329\B_329_3_2_246700.gif
C:\WINDOWS\system32\cache329\B_329_3_2_274800.gif
C:\WINDOWS\system32\cache329\B_329_3_3_126400.gif
C:\WINDOWS\system32\cache329\B_329_3_3_394500.htm
C:\WINDOWS\system32\cache329\B_329_3_3_394500.swf
C:\WINDOWS\system32\cache329\B_329_3_3_397200.htm
C:\WINDOWS\system32\cache329\B_329_3_4_113700.gif
C:\WINDOWS\system32\cache329\B_329_3_4_126800.gif
C:\WINDOWS\system32\cache329\B_329_3_4_127900.gif
C:\WINDOWS\system32\cache329\B_329_3_4_128000.gif
C:\WINDOWS\system32\cache329\B_329_3_4_164700.gif
C:\WINDOWS\system32\cache329\B_329_3_4_165400.gif
C:\WINDOWS\system32\cache329\B_329_3_4_188300.gif
C:\WINDOWS\system32\cache329\B_329_3_4_188400.gif
C:\WINDOWS\system32\cache329\B_329_3_4_250700.gif
C:\WINDOWS\system32\cache329\B_329_3_4_340200.gif
C:\WINDOWS\system32\cache329\B_329_3_4_340300.gif
C:\WINDOWS\system32\cache329\B_329_3_4_340900.gif
C:\WINDOWS\system32\cache329\B_329_3_4_341900.gif
C:\WINDOWS\system32\cache329\B_329_3_4_343100.gif
C:\WINDOWS\system32\cache329\B_329_3_4_355900.gif
C:\WINDOWS\system32\cache329\B_329_3_4_387400.gif
C:\WINDOWS\system32\cache329\B_329_3_4_394100.htm
C:\WINDOWS\system32\cache329\B_329_3_4_394100.swf
C:\WINDOWS\system32\cache329\B_329_3_4_399100.gif
C:\WINDOWS\system32\cache329\B_329_3_4_399300.gif
C:\WINDOWS\system32\cache329\B_329_3_4_418300.gif
C:\WINDOWS\system32\cache329\B_329_3_4_422100.htm
C:\WINDOWS\system32\cache329\B_329_3_4_422100.swf
C:\WINDOWS\system32\cache329\B_329_3_4_434900.gif
C:\WINDOWS\system32\cache329\B_329_4_0_111600.htm
C:\WINDOWS\system32\cache329\B_329_4_0_118100.gif
C:\WINDOWS\system32\cache329\B_329_4_0_118100.htm
C:\WINDOWS\system32\cache329\B_329_4_0_132000.gif
C:\WINDOWS\system32\cache329\B_329_4_0_132000.htm
C:\WINDOWS\system32\cache329\B_329_4_0_152400.htm
C:\WINDOWS\system32\cache329\B_329_4_0_155300.htm
C:\WINDOWS\system32\cache329\B_329_4_0_164100.htm
C:\WINDOWS\system32\cache329\B_329_4_0_165100.gif
C:\WINDOWS\system32\cache329\B_329_4_0_165100.htm
C:\WINDOWS\system32\cache329\B_329_4_0_165600.htm
C:\WINDOWS\system32\cache329\B_329_4_0_216800.htm
C:\WINDOWS\system32\cache329\B_329_4_0_260700.htm
C:\WINDOWS\system32\cache329\B_329_4_0_284600.htm
C:\WINDOWS\system32\cache329\B_329_4_0_299100.htm
C:\WINDOWS\system32\cache329\B_329_4_0_317100.htm
C:\WINDOWS\system32\cache329\B_329_4_0_340900.gif
C:\WINDOWS\system32\cache329\B_329_4_0_340900.htm
C:\WINDOWS\system32\cache329\B_329_4_0_394700.htm
C:\WINDOWS\system32\cache329\B_329_4_0_394700.swf
C:\WINDOWS\system32\cache329\B_329_4_0_395000.gif
C:\WINDOWS\system32\cache329\B_329_4_0_395000.htm
C:\WINDOWS\system32\cache329\B_329_4_0_395000.swf
C:\WINDOWS\system32\cache329\B_329_4_0_395300.htm
C:\WINDOWS\system32\cache329\B_329_4_0_395300.swf
C:\WINDOWS\system32\cache329\B_329_4_0_405600.htm
C:\WINDOWS\system32\cache329\B_329_4_0_405700.htm
C:\WINDOWS\system32\cache329\B_329_4_0_435300.gif
C:\WINDOWS\system32\cache329\B_329_4_0_435300.htm
C:\WINDOWS\system32\cache329\B_329_4_0_435400.gif
C:\WINDOWS\system32\cache329\B_329_4_0_435400.htm
C:\WINDOWS\system32\cache329\B_329_4_0_435500.gif
C:\WINDOWS\system32\cache329\B_329_4_0_435500.htm
C:\WINDOWS\system32\cache329\B_329_4_0_808000.htm
C:\WINDOWS\system32\cache329\B_329_4_1_132000.gif
C:\WINDOWS\system32\cache329\B_329_4_1_132000.htm
C:\WINDOWS\system32\cache329\B_329_4_1_136300.htm
C:\WINDOWS\system32\cache329\B_329_4_1_245200.gif
C:\WINDOWS\system32\cache329\B_329_4_1_245200.htm
C:\WINDOWS\system32\cache329\B_329_4_1_299100.htm
C:\WINDOWS\system32\cache329\B_329_4_1_397400.htm
C:\WINDOWS\system32\cache329\B_329_4_2_103800.htm
C:\WINDOWS\system32\cache329\B_329_4_2_132000.gif
C:\WINDOWS\system32\cache329\B_329_4_2_132000.htm
C:\WINDOWS\system32\cache329\B_329_4_2_219700.htm
C:\WINDOWS\system32\cache329\B_329_4_2_281000.htm
C:\WINDOWS\system32\cache329\B_329_4_2_289700.htm
C:\WINDOWS\system32\cache329\B_329_4_2_297900.htm
C:\WINDOWS\system32\cache329\B_329_4_2_299100.htm
C:\WINDOWS\system32\cache329\B_329_4_2_492800.htm
C:\WINDOWS\system32\cache329\B_329_4_3_128200.htm
C:\WINDOWS\system32\cache329\B_329_4_3_128200.swf
C:\WINDOWS\system32\cache329\B_329_4_3_128500.gif
C:\WINDOWS\system32\cache329\B_329_4_3_128500.htm
C:\WINDOWS\system32\cache329\B_329_4_3_128800.gif
C:\WINDOWS\system32\cache329\B_329_4_3_128800.htm
C:\WINDOWS\system32\cache329\B_329_4_3_132000.gif
C:\WINDOWS\system32\cache329\B_329_4_3_132000.htm
C:\WINDOWS\system32\cache329\B_329_4_3_136300.htm
C:\WINDOWS\system32\cache329\B_329_4_3_213000.htm
C:\WINDOWS\system32\cache329\B_329_4_3_213000.jpg
C:\WINDOWS\system32\cache329\B_329_4_3_273200.htm
C:\WINDOWS\system32\cache329\B_329_4_3_273200.swf
C:\WINDOWS\system32\cache329\B_329_4_3_299100.htm
C:\WINDOWS\system32\cache329\B_329_4_3_304000.gif
C:\WINDOWS\system32\cache329\B_329_4_3_304000.htm
C:\WINDOWS\system32\cache329\B_329_4_3_318400.htm
C:\WINDOWS\system32\cache329\B_329_4_3_318400.swf
C:\WINDOWS\system32\cache329\B_329_4_3_366200.htm
C:\WINDOWS\system32\cache329\B_329_4_3_366800.htm
C:\WINDOWS\system32\cache329\B_329_4_3_394700.htm
C:\WINDOWS\system32\cache329\B_329_4_3_394700.swf
C:\WINDOWS\system32\cache329\B_329_4_3_395000.gif
C:\WINDOWS\system32\cache329\B_329_4_3_395000.htm
C:\WINDOWS\system32\cache329\B_329_4_3_397400.htm
C:\WINDOWS\system32\cache329\B_329_4_3_438800.gif
C:\WINDOWS\system32\cache329\B_329_4_3_438800.htm
C:\WINDOWS\system32\cache329\B_329_4_3_442700.gif
C:\WINDOWS\system32\cache329\B_329_4_3_442700.htm
C:\WINDOWS\system32\cache329\B_329_4_3_493100.htm
C:\WINDOWS\system32\cache329\B_329_4_4_102400.gif
C:\WINDOWS\system32\cache329\B_329_4_4_102400.htm
C:\WINDOWS\system32\cache329\B_329_4_4_102800.gif
C:\WINDOWS\system32\cache329\B_329_4_4_102800.htm
C:\WINDOWS\system32\cache329\B_329_4_4_103600.gif
C:\WINDOWS\system32\cache329\B_329_4_4_103600.htm
C:\WINDOWS\system32\cache329\B_329_4_4_104100.htm
C:\WINDOWS\system32\cache329\B_329_4_4_118200.htm
C:\WINDOWS\system32\cache329\B_329_4_4_118200.swf
C:\WINDOWS\system32\cache329\B_329_4_4_125500.gif
C:\WINDOWS\system32\cache329\B_329_4_4_125500.htm
C:\WINDOWS\system32\cache329\B_329_4_4_132000.gif
C:\WINDOWS\system32\cache329\B_329_4_4_132000.htm
C:\WINDOWS\system32\cache329\B_329_4_4_133500.htm
C:\WINDOWS\system32\cache329\B_329_4_4_133500.swf
C:\WINDOWS\system32\cache329\B_329_4_4_133700.htm
C:\WINDOWS\system32\cache329\B_329_4_4_133700.swf
C:\WINDOWS\system32\cache329\B_329_4_4_133800.htm
C:\WINDOWS\system32\cache329\B_329_4_4_133800.swf
C:\WINDOWS\system32\cache329\B_329_4_4_133900.htm
C:\WINDOWS\system32\cache329\B_329_4_4_133900.swf
C:\WINDOWS\system32\cache329\B_329_4_4_136300.htm
C:\WINDOWS\system32\cache329\B_329_4_4_204300.htm
C:\WINDOWS\system32\cache329\B_329_4_4_216800.htm
C:\WINDOWS\system32\cache329\B_329_4_4_245200.gif
C:\WINDOWS\system32\cache329\B_329_4_4_245200.htm
C:\WINDOWS\system32\cache329\B_329_4_4_260700.htm
C:\WINDOWS\system32\cache329\B_329_4_4_261200.gif
C:\WINDOWS\system32\cache329\B_329_4_4_261200.htm
C:\WINDOWS\system32\cache329\B_329_4_4_265100.htm
C:\WINDOWS\system32\cache329\B_329_4_4_265100.swf
C:\WINDOWS\system32\cache329\B_329_4_4_281000.htm
C:\WINDOWS\system32\cache329\B_329_4_4_297900.htm
C:\WINDOWS\system32\cache329\B_329_4_4_299100.htm
C:\WINDOWS\system32\cache329\B_329_4_4_304000.gif
C:\WINDOWS\system32\cache329\B_329_4_4_304000.htm
C:\WINDOWS\system32\cache329\B_329_4_4_317100.htm
C:\WINDOWS\system32\cache329\B_329_4_4_340900.gif
C:\WINDOWS\system32\cache329\B_329_4_4_340900.htm
C:\WINDOWS\system32\cache329\B_329_4_4_359400.htm
C:\WINDOWS\system32\cache329\B_329_4_4_364700.gif
C:\WINDOWS\system32\cache329\B_329_4_4_364700.htm
C:\WINDOWS\system32\cache329\B_329_4_4_366200.htm
C:\WINDOWS\system32\cache329\B_329_4_4_366800.htm
C:\WINDOWS\system32\cache329\B_329_4_4_391100.gif
C:\WINDOWS\system32\cache329\B_329_4_4_391100.htm
C:\WINDOWS\system32\cache329\B_329_4_4_394700.htm
C:\WINDOWS\system32\cache329\B_329_4_4_394700.swf
C:\WINDOWS\system32\cache329\B_329_4_4_395000.gif
C:\WINDOWS\system32\cache329\B_329_4_4_395000.htm
C:\WINDOWS\system32\cache329\B_329_4_4_395000.swf
C:\WINDOWS\system32\cache329\B_329_4_4_395300.htm
C:\WINDOWS\system32\cache329\B_329_4_4_395300.swf
C:\WINDOWS\system32\cache329\B_329_4_4_397400.htm
C:\WINDOWS\system32\cache329\B_329_4_4_435300.gif
C:\WINDOWS\system32\cache329\B_329_4_4_435300.htm
C:\WINDOWS\system32\cache329\B_329_4_4_435400.gif
C:\WINDOWS\system32\cache329\B_329_4_4_435400.htm
C:\WINDOWS\system32\cache329\B_329_4_4_435500.gif
C:\WINDOWS\system32\cache329\B_329_4_4_435500.htm
C:\WINDOWS\system32\cache329\B_329_4_4_438800.gif
C:\WINDOWS\system32\cache329\B_329_4_4_438800.htm
C:\WINDOWS\system32\cache329\B_329_4_4_442700.gif
C:\WINDOWS\system32\cache329\B_329_4_4_442700.htm
C:\WINDOWS\system32\cache329\B_329_4_4_492800.htm
C:\WINDOWS\system32\cache329\B_329_4_4_493100.htm
C:\WINDOWS\system32\cache329\B_356000.htm
C:\WINDOWS\system32\cache329\B_356300.htm
C:\WINDOWS\system32\cache329\B_377900.htm
C:\WINDOWS\system32\cache329\B_380000.htm
C:\WINDOWS\system32\cache329\B_471100.htm
C:\WINDOWS\system32\cache329\B_471200.htm
C:\WINDOWS\system32\cache329\B_471400.htm
C:\WINDOWS\system32\cache329\t_B_127300.htm
C:\WINDOWS\system32\cache329\t_B_134000.htm
C:\WINDOWS\system32\cache329\t_B_308300.htm
C:\WINDOWS\system32\cache329\t_B_322400.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_105300.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_106800.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_107400.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_397200.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_446800.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_446900.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_809100.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_809200.htm
C:\WINDOWS\system32\cache329\t_B_329_0_3_397200.htm
C:\WINDOWS\system32\cache329\t_B_329_1_0_387800.htm
C:\WINDOWS\system32\cache329\t_B_329_1_0_449200.htm
C:\WINDOWS\system32\cache329\t_B_329_1_0_449600.htm
C:\WINDOWS\system32\cache329\t_B_329_1_0_454300.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_105300.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_106800.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_107400.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_397200.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_446800.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_446900.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_809100.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_809200.htm
C:\WINDOWS\system32\cache329\t_B_329_2_3_397200.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_105300.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_106800.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_107400.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_397200.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_446800.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_446900.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_809100.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_809200.htm
C:\WINDOWS\system32\cache329\t_B_329_3_3_397200.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_111600.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_152400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_155300.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_164100.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_165600.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_216800.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_260700.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_284600.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_299100.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_317100.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_405600.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_405700.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_808000.htm
C:\WINDOWS\system32\cache329\t_B_329_4_1_136300.htm
C:\WINDOWS\system32\cache329\t_B_329_4_1_299100.htm
C:\WINDOWS\system32\cache329\t_B_329_4_1_397400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_103800.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_219700.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_281000.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_289700.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_297900.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_299100.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_492800.htm
C:\WINDOWS\system32\cache329\t_B_329_4_3_136300.htm
C:\WINDOWS\system32\cache329\t_B_329_4_3_299100.htm
C:\WINDOWS\system32\cache329\t_B_329_4_3_366200.htm
C:\WINDOWS\system32\cache329\t_B_329_4_3_366800.htm
C:\WINDOWS\system32\cache329\t_B_329_4_3_397400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_3_493100.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_103800.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_104100.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_136300.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_204300.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_216800.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_260700.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_281000.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_297900.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_299100.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_317100.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_359400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_366200.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_366800.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_397400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_492800.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_493100.htm
C:\WINDOWS\system32\cache329\t_B_356000.htm
C:\WINDOWS\system32\cache329\t_B_356300.htm
C:\WINDOWS\system32\cache329\t_B_377900.htm
C:\WINDOWS\system32\cache329\t_B_380000.htm
C:\WINDOWS\system32\cache329\t_B_471100.htm
C:\WINDOWS\system32\cache329\t_B_471200.htm
C:\WINDOWS\system32\cache329\t_B_471400.htm
C:\WINDOWS\system32\cdlciuwh.ini
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\djbefqsh.ini
C:\WINDOWS\system32\drivers\TDSSfqcb.sys
C:\WINDOWS\system32\drivers\TDSSpqxt.sys
C:\WINDOWS\system32\fwghnnef.ini
C:\WINDOWS\system32\hhawyghd.ini
C:\WINDOWS\system32\hnofwbwg.ini
C:\WINDOWS\system32\ictbuuhx.ini
C:\WINDOWS\system32\iluwrnsy.ini
C:\WINDOWS\system32\kidcoyxb.ini
C:\WINDOWS\system32\kqjiafcn.ini
C:\WINDOWS\system32\lixovnxi.ini
C:\WINDOWS\system32\ljingati.ini
C:\WINDOWS\system32\lmviuffo.ini
C:\WINDOWS\system32\mspknyad.ini
C:\WINDOWS\system32\mUCKRqru.ini
C:\WINDOWS\system32\mUCKRqru.ini2
C:\WINDOWS\system32\open.ico
C:\WINDOWS\system32\oxjuinsc.ini
C:\WINDOWS\system32\pmgxhxam.ini
C:\WINDOWS\system32\prvdelkd.ini
C:\WINDOWS\system32\pxivnknr.ini
C:\WINDOWS\system32\qbnqnhts.ini
C:\WINDOWS\system32\qqiytltv.ini
C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\qqstv.tmp
C:\WINDOWS\system32\sodchtos.ini
C:\WINDOWS\system32\TDSSayyi.dat
C:\WINDOWS\system32\TDSSbnin.dll
C:\WINDOWS\system32\TDSSbrbt.dll
C:\WINDOWS\system32\TDSSdgnu.dll
C:\WINDOWS\system32\TDSSghnm.dll
C:\WINDOWS\system32\TDSSjwrd.dll
C:\WINDOWS\system32\TDSSnmxh.log
C:\WINDOWS\system32\TDSSoeqh.dll
C:\WINDOWS\system32\TDSStxhc.dll
C:\WINDOWS\system32\TDSSuylh.dll
C:\WINDOWS\system32\tpwupyrs.ini
C:\WINDOWS\system32\vbtjmfer.ini
C:\WINDOWS\system32\vvadikdj.ini
C:\WINDOWS\system32\wjquwvrm.ini
C:\WINDOWS\Sysvxd.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSserv
-------\Legacy_TDSSserv
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NTBOOT
-------\Legacy_NTLOAD
((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 )))))))))))))))))))))))))))))))
.
2008-11-02 20:45 . 2008-11-02 20:45 26,624 --a------ C:\WINDOWS\system32\TDSSbivk.dll
2008-11-02 18:57 . 2008-11-02 18:58 15,083,520 --a------ C:\Program Files\spybotsd160.exe
2008-11-02 17:47 . 2008-11-02 17:47 26,624 --a------ C:\WINDOWS\system32\TDSSvvbi.dll
2008-11-01 18:54 . 2008-11-01 18:54 64 --a--c--- C:\ComboFix.txt.bat
2008-10-31 16:50 . 2008-10-31 16:50 26,624 --a------ C:\WINDOWS\system32\TDSSbubx.dll
2008-10-31 15:33 . 2008-10-31 15:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-30 15:46 . 2008-10-30 15:46 26,624 --a------ C:\WINDOWS\system32\TDSSxbdr.dll
2008-10-30 11:27 . 2008-10-30 11:27 26,624 --a------ C:\WINDOWS\system32\TDSSdhym.dll
2008-10-30 08:05 . 2008-10-31 07:42 73,728 --a------ C:\WINDOWS\system32\TDSScfub.dll
2008-10-30 08:05 . 2008-10-31 07:42 31,232 --a------ C:\WINDOWS\system32\TDSSosvd.dll
2008-10-30 08:05 . 2008-11-01 18:41 2,432 --a------ C:\WINDOWS\system32\TDSSnmxh.dll
2008-10-30 08:04 . 2008-10-31 07:42 50,688 --a------ C:\WINDOWS\system32\drivers\TDSSoiqh.sys
2008-10-30 08:04 . 2008-10-31 07:42 164 --a------ C:\WINDOWS\system32\TDSSpaxt.dat
2008-10-22 15:52 . 2008-10-31 07:42 26,624 --a------ C:\WINDOWS\system32\TDSSfpmp.dll
2008-10-22 13:47 . 2008-10-22 13:47 77,824 --a------ C:\WINDOWS\system32\TDSScbqp.dll
2008-10-22 13:47 . 2008-10-22 13:47 31,232 --a------ C:\WINDOWS\system32\TDSSnrse.dll
2008-10-22 13:47 . 2008-10-22 13:47 30,720 --a------ C:\WINDOWS\system32\TDSSsbhc.dll
2008-10-22 13:47 . 2008-10-22 13:47 29,696 --a------ C:\WINDOWS\system32\TDSSosvn.dll
2008-10-22 13:47 . 2008-10-22 13:47 2,748 --a------ C:\WINDOWS\system32\TDSSciou.dll
2008-10-22 13:47 . 2008-10-22 13:47 164 --a------ C:\WINDOWS\system32\TDSSpqxt.dat
2008-10-22 13:42 . 2008-10-22 13:42 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\eBay
2008-10-22 13:41 . 2008-10-22 13:41 77,824 --a------ C:\WINDOWS\system32\TDSScfum.dll
2008-10-22 13:41 . 2008-10-22 13:41 31,232 --a------ C:\WINDOWS\system32\TDSSriqp.dll
2008-10-22 13:41 . 2008-10-22 13:41 30,720 --a------ C:\WINDOWS\system32\TDSSrhym.dll
2008-10-22 13:41 . 2008-10-22 13:41 29,696 --a------ C:\WINDOWS\system32\TDSSnrsr.dll
2008-10-22 13:41 . 2008-10-22 13:41 2,748 --a------ C:\WINDOWS\system32\TDSSfxwp.dll
2008-10-22 13:41 . 2008-10-22 13:41 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
2008-10-22 13:39 . 2008-10-22 13:47 36,864 --a------ C:\WINDOWS\system32\TDSSoiqh.dll
2008-10-22 10:45 . 2008-10-22 10:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 10:45 . 2008-10-22 10:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-22 10:45 . 2008-10-22 10:45 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Malwarebytes
2008-10-22 10:45 . 2008-10-22 10:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-10-22 10:45 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 10:45 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 09:46 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
2008-10-29 21:05 --------- d-----w C:\Program Files\Lx_cats
2008-10-29 21:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-10-29 21:05 --------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2008-10-22 02:52 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-29 06:12 --------- d-----w C:\Program Files\Renegade And The Missing Forum Members - Part 2
2008-09-28 04:51 99 ----a-w C:\Program Files\rss.dat
2008-09-28 04:51 202,974 ----a-w C:\Program Files\resume.dat
2008-09-28 04:51 202,736 ----a-w C:\Program Files\resume.dat.old
2008-09-28 04:51 2,870 ----a-w C:\Program Files\dht.dat
2008-09-28 04:51 2,403 ----a-w C:\Program Files\settings.dat
2008-09-28 04:44 2,403 ----a-w C:\Program Files\settings.dat.old
2008-09-27 08:07 99 ----a-w C:\Program Files\rss.dat.old
2008-09-27 08:07 2,766 ----a-w C:\Program Files\dht.dat.old
2008-09-27 02:36 14,932 ----a-w C:\Program Files\[isoHunt]_Hancock_[2008]DvDrip_R5[Eng]-NikonXp.torrent
2008-09-27 02:33 225,434 ----a-w C:\Program Files\[isoHunt]_Hancock[2008]DvDrip[Eng]-FXG.4369012.TPB.torrent
2008-09-25 01:00 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\PCPitstop
2008-09-25 00:58 463,128 ----a-w C:\Program Files\optimize2-setup-0002.exe
2008-09-25 00:58 --------- d-----w C:\Program Files\PCPitstop
2008-09-23 03:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-19 12:34 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2008-09-15 17:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-15 05:31 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-02 07:33 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2008-09-02 07:24 --------- d-----w C:\Program Files\SlySoft
2008-09-02 07:23 2,616,240 ----a-w C:\Program Files\SetupAnyDVD6462.exe
2008-09-01 22:31 568,748 ----a-w C:\Program Files\DVD43_4-3-1_Setup.exe
2008-09-01 22:27 202,071 ----a-w C:\Program Files\RipIt4Me.zip
2008-09-01 00:15 47,360 -c--a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2008-09-01 00:15 47,360 -c--a-w C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
2008-08-31 23:06 11,138 ----a-w C:\Program Files\[isoHunt]_Ashampoo_Burning_Studio_v8.03_Final.rar.torrent
2008-08-31 08:44 550 ----a-w C:\Program Files\DVD_Decrypter_3.5.4.0_(FINAL_VERSION)_[DVD_ripping_tool].3578460.TPB[1]_[mininova].torrent
2008-08-31 08:41 4,237 ----a-w C:\Program Files\DVD_Decrypter_3.5.4.0_FINAL_VERSION_DVD_ripping_tool[www.btmon.com].torrent
2008-08-31 06:46 2,220 ----a-w C:\Program Files\CLONE_DVD_2.9.1.7-_Final_-_(New-with_serial_keys)_[mininova].torrent
2008-08-31 06:43 1,497 ----a-w C:\Program Files\1CLICK_DVD_Copy_5_4_3_8_With_Key_[mininova].torrent
2008-08-31 06:16 465,332 -c--a-w C:\Program Files\utorrent.lng
2008-08-31 06:16 267,056 -c--a-w C:\Program Files\utorrent.exe
2008-08-31 05:13 5,626,485 ----a-w C:\Program Files\dvdcopy.exe
2008-08-06 22:46 10,865 ----a-w C:\Program Files\Ultimate Tycoon Collection - Game #31 - Las Vegas Tycoon.torrent
2008-08-04 05:06 20,160 ----a-w C:\Program Files\HANCOCK [2008][ENG][AC3][R5RIP-M333]-FLAWL3SS.torrent
2008-07-30 02:13 12,558 ----a-w C:\Program Files\GabriellaCilmi-LessonsToBeLearned[2008][CD+SkidVid_XviD+Cov].torrent
2008-07-24 00:51 56,985 ----a-w C:\Program Files\Run Fat Boy Run[2007]DvDrip[Eng]-FXG.torrent
2008-07-21 22:29 10,957 ----a-w C:\Program Files\Farmer_Jane-VACE_cracked_2008.torrent
2008-07-21 22:15 17,448 ----a-w C:\Program Files\Hancock 2008 cam XviD-KingBen (Kingdom-Release).torrent
2008-07-19 04:21 15,670 ----a-w C:\Program Files\Mind control - sounds of stillness.torrent
2008-07-17 00:02 56,986 ----a-w C:\Program Files\o[SUMOTorrent.com]o_Baby_Einstein_-_Collection.torrent
2008-07-16 05:29 14,346 ----a-w C:\Program Files\Hancock.Eng.2008.CAM.XviD-KK060TV.avi_[mininova].torrent
2008-07-16 04:58 19,038 ----a-w C:\Program Files\Bigfish_Games_-_Farmer_Jane_+_Adnan_Boy_2008_+_Precracked.torrent
2008-07-16 04:55 4,898,144 -c--a-w C:\Program Files\LimeWireWin.exe
2008-07-14 11:36 14,573 ----a-w C:\Program Files\Hancock - CAM.XviD-PLUBE.AVI (2008).torrent
2008-07-14 11:30 53,769 ----a-w C:\Program Files\Hancock_July_2008[Cam][GoodQuality].wmv.torrent
2008-07-14 08:50 3,916,706 ----a-w C:\Program Files\House Escape(beta2).exe
2008-07-12 12:51 5,251 -c--a-w C:\Program Files\Dora the explorer.torrent
2008-07-12 12:44 30,658 -c--a-w C:\Program Files\Mindfulness For Beginners - Jon Kabat-Zinn.torrent
2008-07-09 04:25 11,433 -c--a-w C:\Program Files\The Monroe Institute - Mind Food - Deep 10 Relaxation [FLAC].torrent
2008-07-09 04:14 15,708 -c--a-w C:\Program Files\The Linden Method Anti-Anxiety Program.zip.torrent
2008-07-09 04:06 464 -c--a-w C:\Program Files\Hypnosis and Sleep Audio Books.torrent.torrent
2008-07-09 03:50 13,044 -c--a-w C:\Program Files\Guided Meditation.torrent
2008-07-09 03:49 20,163 -c--a-w C:\Program Files\Mindful Way Through Depression - Guided Meditation Practices.torrent
2008-06-29 04:10 28,797 -c--a-w C:\Program Files\Try_It_On_Everything_[www.SeductionGR.com].torrent
2008-06-27 10:21 18,194 -c--a-w C:\Program Files\Top 40 singles Uk 15.06.2008 DHZ.Inc Release.torrent
2008-06-27 08:27 10,980 -c--a-w C:\Program Files\VA-Now-The Hits Of Winter 2008-Australian Edition-2008.torrent
2008-06-27 08:26 3,350 -c--a-w C:\Program Files\Jordan Sparks feat. Chris Brown - No Air.mp3.torrent
2008-06-16 05:50 23,128 -c--a-w C:\Program Files\Britney Spears - Best Of Britney Spears (2008).torrent
2008-06-16 05:46 9,924 -c--a-w C:\Program Files\Britney Spears-Blackout [2007][CD+SkidVid_XviD+Cov]192Kbps.torrent
2008-05-30 23:45 27,709,704 -c--a-w C:\Program Files\Update_Service_Setup-2.8.5.12.exe
2008-05-29 23:24 14,159 -c--a-w C:\Program Files\Dr._Seuss_-_Seuss_Celebration__9_Favorite_Televised_Classics.torrent
2008-05-29 23:22 90,991 -c--a-w C:\Program Files\Dr.Seuss.The.Cat.In.The.Hat.2003.PAL.DVDR-FileHunter.torrent
2008-05-28 03:47 1,884 -c--a-w C:\Program Files\SMSPlanetS40.jad
2008-05-28 01:32 29,889 -c--a-w C:\Program Files\Rodney_Carrington_(4_albums).torrent
2008-05-22 09:55 8,578,014 -c--a-w C:\Program Files\W.E.C.P.Codec.Package.Setup.exe
2008-05-22 09:48 5,236,748 -c--a-w C:\Program Files\CucuMPEGDivX2DVD_ConPro7.07.rar
2008-05-22 07:57 4,644,220 -c--a-w C:\Program Files\easy_rm_to_dvd.exe
2008-05-22 07:55 5,178,905 -c--a-w C:\Program Files\avi-pro.exe
2008-05-22 07:51 1,374,942 -c--a-w C:\Program Files\videofixer.exe
2008-05-22 06:00 15,801,844 -c--a-w C:\Program Files\apex-video-converter-free.exe
2008-05-22 05:35 5,424,974 -c--a-w C:\Program Files\dvdmaker.zip
2008-05-21 02:31 29,389 -c--a-w C:\Program Files\Krystal_Method[DVDRIP][1CD][2004][English].3286600.TPB.torrent
2008-05-21 00:46 28,324 -c--a-w C:\Program Files\Extratorrent_com_Natural.Wonders.of.The.World.54.English.XXX.DVDRip.XVID.torrent
2008-05-19 23:50 21,841 -c--a-w C:\Program Files\Dirty+Little+Adult+Cartoons+3.avi.torrent
2008-05-16 03:41 449 -c--a-w C:\Program Files\[isoHunt]_Anxiety_and_Panic_Attacks.pdf.1173286.SN.torrent
2008-05-09 04:28 5,136,789 -c--a-w C:\Program Files\feug_shui.exe
2008-05-08 00:34 1,041,885 -c--a-w C:\Program Files\cartoonmaker_setup.exe
2008-05-01 03:47 81,399,204 -c--a-w C:\Program Files\fylakh.rar
2008-05-01 03:09 28,402 -c--a-w C:\Program Files\Hi-5.Travelling.Circus[2007]-Bearmeister.avi.4023588.TPB.torrent
2008-04-23 01:54 1,470,968 -c--a-w C:\Program Files\FOB_Install_FB022.exe
2008-04-23 00:58 4,229,456 -c--a-w C:\Program Files\PhotoCardMaker.exe
2008-04-23 00:56 2,961,957 -c--a-w C:\Program Files\setup11.exe
2008-04-21 06:39 77,824 -c--a-w C:\Program Files\TaskManagerFix.exe
2008-04-12 03:02 13,106 -c--a-w C:\Program Files\dlworkgamecode1.zip
2008-04-10 01:29 12,647 -c--a-w C:\Program Files\Dr._Seuss_Collection_16_Audio_Books.torrent
2008-04-09 05:54 303,759 -c--a-w C:\Program Files\Motorola_MIDway_v2.8.rar
2008-04-09 02:04 16,258 -c--a-w C:\Program Files\145 Mobile games ALL WORKING Nokia, Motorola, Sony ericsson, LG, - Spinky.rar.torrent
2008-04-09 01:48 28,996 -c--a-w C:\Program Files\Gry.torrent
2008-04-08 04:58 2,890,328 -c--a-w C:\Program Files\mybudgetkeeper.exe
2008-04-08 04:46 23,040 -c--a-w C:\Program Files\budget.xls
2008-04-05 06:56 35,960,792 -c--a-w C:\Program Files\avg75free_519a1276.exe
2008-03-31 04:03 22,252 -c--a-w C:\Program Files\The Veronicas - Hook Me Up.torrent
2008-03-31 02:46 13,682 -c--a-w C:\Program Files\Kylie Minogue - X [MixEd] (2007).torrent
2008-03-31 02:42 13,536 -c--a-w C:\Program Files\Kylie-Wow&In My Arms Remixes.torrent
2007-07-17 10:59 168 -csh--r C:\WINDOWS\system32\CFC4E2479B.sys
2007-07-17 10:59 5,852 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
<pre>
-c--a-w 6,262,872 2004-01-12 03:03:20 C:\Documents and Settings\Owner\My Documents\Adobe Photoshop Album 2.0 Starter Edition (Activation Code)(By Black Knight)\Adobe Photoshop Album 2.0\Adobe Photoshop Album 2.0 .exe
</pre>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.Exe" [N/A]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"Acme.PCHButton"="C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe" [2003-07-28 159744]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2005-02-02 163840]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-08-07 160568]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 103712]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 139264]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 53248]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-06-14 155648]
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [2004-06-22 192512]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-03 192512]
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 103712]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-21 73728]
"Media Codec Update Service"="C:\Program Files\Cucusoft\avi-dvd-pro\Essentials Codec Pack\update.exe" [2007-04-09 303104]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 155648]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"WinDVR SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-06-14 155648]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"PC Pitstop Optimize Reminder"="C:\Program Files\PCPitstop\Optimize2\Reminder.exe" [2008-08-27 203504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-05 219136]
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 53248]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 27136]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= L3codecp.acm
"vidc.iv41"= ir41_32.dll
"vidc.avrn"= AvidAVICodec.dll
"VIDC.mszh"= avimszh.dll
"vidc.zlib"= avizlib.dll
"vidc.div3"= DivXc32.dll
"vidc.div4"= DivXc32f.dll
"vidc.ap41"= DivXc32f.dll
"vidc.dvx4"= divx4.dll
"vidc.em2v"= ETXCodec.dll
"vidc.hfyu"= huffyuv.dll
"vidc.vp31"= vp31vfw.dll
"vidc.sjpg"= pmjpeg32.dll
"vidc.rud0"= rududu.dll
"msacm.wrpr"= aviwrap.dll
"vidc.wrpr"= aviwrap.dll
"vidc.wnv1"= WNVPLAY1.DLL
"msacm.divxa32"= DivXa32.acm
"vidc.advs"= Dvc.dll
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"vidc.aasc"= Aasc32.dll
"vidc.asv1"= asusasv1.dll
"vidc.asv2"= asusasv2.dll
"vidc.mwv1"= icmw_32.dll
"vidc.bt20"= btvvc32.drv
"vidc.y41p"= btvvc32.drv
"msacm.pcdv"= pcdv.acm
"vidc.cdvc"= CSCCDVC.DLL
"vidc.ddvc"= CSCdvsd.DLL
"vidc.dps0"= DpsAviCC.dll
"MSVideo"= DPSVidCap.drv
"vidc.frwu"= frwu.dll
"vidc.frwd"= frwd.dll
"vidc.frwt"= frwt.dll
"vidc.glzw"= GLZW.dll
"vidc.gpeg"= GPEG.dll
"msacm.imc"= IMC32.ACM
"vidc.i263"= i263_32.drv
"vidc.ir21"= IR21_R.DLL
"vidc.rt21"= IR21_R.DLL
"vidc.dcmj"= MCMJPG32.DLL
"vidc.dv25"= DigiVCap.dll
"vidc.dv50"= DigiVCap.dll
"vidc.msmc"= DigiVCap.dll
"vidc.mmjp"= DigiVCap.dll
"vidc.mmes"= DigiVCap.dll
"vidc.vixl"= Miroxl32.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.mj2c"= M3JP2K32.dll
"vidc.tvmj"= MMTVMJ.dll
"vidc.fljp"= MMTVMJ.dll
"vidc.nt00"= NTCodec.dll
"vidc.pdvc"= idvcodec.dll
"vidc.ipdv"= idvcodec.dll
"vidc.pvw2"= pvwv220.dll
"vidc.pimj"= pvljpg20.dll
"vidc.mjpx"= pvmjpg21.dll
"vidc.miro"= mirodv2avi.dll
"vidc.mjpa"= rtmjpgcdc.dll
"vidc.pim1"= pclepim1.dll
"msacm.qmpeg"= qmpeg.acm
"vidc.rmp4"= rmp4.dll
"vidc.sony"= sonydv.dll
"vidc.s422"= tekyuv.dll
"vidc.vssv"= vsscodec.dll
"vidc.cscd"= camcodec.dll
"vidc.xvid"= xvid.dll
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Zeno.lnk]
backup=C:\WINDOWS\pss\Zeno.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-05-09 331392]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-04-28 24192]
S2 Parclass;Parclass;C:\WINDOWS\system32\Drivers\Parclass.sys [2000-04-04 19824]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 28224]
S3 bfastfao;bfastfao;C:\DOCUME~1\Owner\LOCALS~1\Temp\bfastfao.sys [ ]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-05-31 13352]
S3 glauiad;D-Link DSL-302G Modem;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2003-03-07 29603]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [ ]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [ ]
.
- - - - ORPHANS REMOVED - - - -
SSODL-UnknownSys-{589d9279-c003-4caa-bdcb-3f177b1e8a79} - (no file)
Notify-dkqiqwxx - dkqiqwxx.dll
Notify-jdqejjfg - jdqejjfg.dll
SafeBoot-TDSSfqcb.sys
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\DOCUME~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\wk4xwuu3.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.au/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 21:20:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\WINDOWS\explorer.exe [336] 0x828F9BC0
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSosvn.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-11-02 21:42:16 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-11-02 10:42:10
Pre-Run: 10,252,599,296 bytes free
Post-Run: 11,266,572,288 bytes free
938 --- E O F --- 2008-11-02 09:53:30
HJT LOG
Logfile of HijackThis v1.99.1
Scan saved at 10:15:57 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Cucusoft\avi-dvd-pro\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.
crunchie
990
Most Valuable Poster
Team Colleague
Featured Poster
Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.
C:\WINDOWS\system32\drivers\TDSSosvn.sys
C:\WINDOWS\system32\TDSSbivk.dll
C:\WINDOWS\system32\TDSSvvbi.dll
C:\WINDOWS\system32\TDSSbubx.dll
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\TDSSxbdr.dll
C:\WINDOWS\system32\TDSSdhym.dll
C:\WINDOWS\system32\TDSScfub.dll
C:\WINDOWS\system32\TDSSosvd.dll
C:\WINDOWS\system32\TDSSnmxh.dll
C:\WINDOWS\system32\drivers\TDSSoiqh.sys
C:\WINDOWS\system32\TDSSpaxt.dat
C:\WINDOWS\system32\TDSSfpmp.dll
C:\WINDOWS\system32\TDSScbqp.dll
C:\WINDOWS\system32\TDSSnrse.dll
C:\WINDOWS\system32\TDSSsbhc.dll
C:\WINDOWS\system32\TDSSosvn.dll
C:\WINDOWS\system32\TDSSciou.dll
C:\WINDOWS\system32\TDSSpqxt.dat
C:\WINDOWS\system32\TDSScfum.dll
C:\WINDOWS\system32\TDSSriqp.dll
C:\WINDOWS\system32\TDSSrhym.dll
C:\WINDOWS\system32\TDSSnrsr.dll
C:\WINDOWS\system32\TDSSfxwp.dll
C:\WINDOWS\system32\TDSSosvd.dat
C:\WINDOWS\system32\TDSSoiqh.dll
DOAWK
0
Newbie Poster
:) i wonder how you kill a virus on a computer? ")
crunchie
990
Most Valuable Poster
Team Colleague
Featured Poster
I wonder how you stop doawks from posting :).
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.