Computer badly infected with rogue antivirus help plz!

View previous topic View next topic Go down

Computer badly infected with rogue antivirus help plz!

Post by FugginBot1 on Wed 04 Apr 2012, 9:30 am

OTL logfile created on: 4/3/2012 4:07:26 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

191.48 Mb Total Physical Memory | 55.92 Mb Available Physical Memory | 29.20% Memory free
519.62 Mb Paging File | 168.09 Mb Available in Paging File | 32.35% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.85 Gb Total Space | 46.21 Gb Free Space | 66.15% Space Free | Partition Type: NTFS
Drive D: | 4.66 Gb Total Space | 0.81 Gb Free Space | 17.45% Space Free | Partition Type: FAT32
Drive E: | 542.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: YOUR-45C550F850 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/03 16:03:12 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.com
PRC - [2011/03/09 06:01:04 | 000,521,216 | -HS- | M] () -- C:\WINDOWS\iasradwow.exe
PRC - [2010/06/17 17:31:30 | 000,122,368 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\SystemProc\lsass.exe
PRC - [2009/12/15 21:33:17 | 000,032,838 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2004/08/11 21:51:35 | 000,016,423 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2004/08/06 01:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/06 02:05:48 | 002,550,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/06/04 18:46:46 | 000,174,208 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\navapsvc.exe
PRC - [2004/03/26 22:07:12 | 000,049,152 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2003/12/09 00:18:44 | 000,234,616 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2003/12/09 00:18:40 | 000,218,232 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2003/12/09 00:18:36 | 000,255,096 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2003/12/09 00:18:34 | 000,070,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2003/12/04 18:10:06 | 000,197,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 06:01:04 | 000,521,216 | -HS- | M] () -- C:\WINDOWS\iasradwow.exe
MOD - [2010/06/17 17:31:30 | 000,122,368 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\SystemProc\lsass.exe
MOD - [2010/06/11 22:59:15 | 000,216,576 | ---- | M] () -- C:\WINDOWS\system32\fxsst32.dll
MOD - [2004/08/11 21:51:35 | 000,147,493 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll
MOD - [2004/08/11 21:51:35 | 000,094,243 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll
MOD - [2004/08/11 21:51:35 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\frext-6750491.dll
MOD - [2004/08/11 21:51:35 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\BWfiles-6750491.dll
MOD - [2004/08/11 21:51:35 | 000,016,423 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
MOD - [2004/08/11 21:51:34 | 000,061,496 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll
MOD - [2004/08/11 21:51:29 | 000,114,688 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\HPClientExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/12/15 21:33:17 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2004/08/06 01:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/06/04 18:46:46 | 000,174,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2003/12/09 00:18:44 | 000,234,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2003/12/09 00:18:42 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2003/12/09 00:18:40 | 000,218,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2003/12/09 00:18:36 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/12/04 18:10:06 | 000,197,856 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2003/11/07 18:46:58 | 000,193,816 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton AntiVirus\SAVScan.exe -- (SAVScan)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2004/07/19 18:33:14 | 000,218,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/07/17 05:20:34 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/07/07 00:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/29 18:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/06/25 10:00:00 | 000,600,264 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040625.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/06/25 10:00:00 | 000,068,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040625.019\NAVENG.SYS -- (NAVENG)
DRV - [2004/06/15 06:08:20 | 000,626,220 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/12 07:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/04 18:09:44 | 000,263,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2003/12/04 18:09:42 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2003/12/04 18:09:40 | 000,136,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2003/12/04 18:09:40 | 000,046,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)
DRV - [2003/12/04 18:09:38 | 000,051,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2003/12/04 18:09:36 | 000,164,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)
DRV - [2003/12/04 18:09:34 | 000,010,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)
DRV - [2003/12/02 19:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/21 22:07:52 | 000,082,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/11/07 18:47:00 | 000,308,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2003/11/07 18:47:00 | 000,037,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003/07/18 17:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/07/02 12:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/10/04 18:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/29 23:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 75 E0 79 00 AA 4B FD 47 A2 40 92 D5 45 21 6B 60 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1879: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1939: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.872: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2009/11/09 18:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2009/11/09 18:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {0079E075-4BAA-47FD-A240-92D545216B60} - C:\WINDOWS\system32\basesrv32.dll (Borland Software Corporation)
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (20a78e38) - {3CDEA1A4-37D0-3409-C022-5E31138F28E7} - C:\WINDOWS\system32\fxsst32.dll ()
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [iasradwow.exe] C:\WINDOWS\iasradwow.exe ()
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [My Web Search Bar] C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Compaq_Owner\Application Data\SystemProc\lsass.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.] File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C0C187F-DCB5-4752-AC3D-1FC43B6DC055}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\fxsst32.dll) - C:\WINDOWS\system32\fxsst32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\50d4de6d954: DllName - (C:\WINDOWS\system32\fxsst32.dll) - C:\WINDOWS\system32\fxsst32.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:17:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2001/04/18 01:23:00 | 000,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a70402d8-8f30-11e0-ac2e-00112f6f97ac}\Shell\AutoRun\command - "" = G:\RunClubSanDisk.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[191 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Owner\Desktop\*.tmp files -> C:\Documents and Settings\Compaq_Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Owner\*.tmp files -> C:\Documents and Settings\Compaq_Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/03 16:13:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-826537413-2725875211-2414429343-1009UA.job
[2012/04/03 16:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/03 15:10:53 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\54d96a
[2012/04/03 15:10:28 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/04/03 13:43:28 | 000,005,738 | ---- | M] () -- C:\WINDOWS\GnuHashes.ini
[2012/04/03 13:39:55 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/03 13:39:55 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/03 13:35:17 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/04/03 13:35:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/03 13:35:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/03 13:35:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/03 13:35:07 | 200,855,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/31 05:23:34 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Google Chrome.lnk
[2012/03/31 05:23:34 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/30 20:13:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-826537413-2725875211-2414429343-1009Core.job
[2012/03/29 09:57:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/06 22:11:24 | 000,029,372 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[191 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Owner\Desktop\*.tmp files -> C:\Documents and Settings\Compaq_Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Owner\*.tmp files -> C:\Documents and Settings\Compaq_Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/03 15:10:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\54d96a
[2011/03/09 06:01:18 | 000,521,216 | -HS- | C] () -- C:\WINDOWS\iasradwow.exe
[2011/03/05 21:52:20 | 000,521,216 | -HS- | C] () -- C:\WINDOWS\bfc42wow.exe
[2011/03/05 21:13:44 | 000,521,216 | -HS- | C] () -- C:\WINDOWS\actxprxywow.exe
[2011/03/05 20:42:22 | 000,014,636 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\1429839057
[2011/03/05 20:42:22 | 000,014,636 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1429839057
[2011/02/24 18:05:20 | 000,517,120 | -HS- | C] () -- C:\WINDOWS\kbdlt1wow.exe
[2011/01/12 16:56:45 | 000,484,352 | -HS- | C] () -- C:\WINDOWS\ntmartawow.exe
[2011/01/10 13:28:53 | 000,484,352 | -HS- | C] () -- C:\WINDOWS\camocxwow.exe
[2011/01/09 10:00:56 | 000,484,352 | -HS- | C] () -- C:\WINDOWS\h323mspwow.exe
[2010/06/27 08:04:39 | 000,373,248 | ---- | C] () -- C:\WINDOWS\System32\dispex32.dll
[2010/06/26 15:44:59 | 000,373,248 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps32.dll
[2010/06/26 13:17:36 | 000,373,248 | ---- | C] () -- C:\WINDOWS\System32\dpnhupnp32.dll
[2010/06/24 23:36:51 | 000,325,632 | ---- | C] () -- C:\WINDOWS\System32\hotplug32.dll
[2010/06/24 01:45:48 | 000,325,632 | ---- | C] () -- C:\WINDOWS\System32\iasacct32.dll
[2010/06/23 02:21:53 | 000,325,632 | ---- | C] () -- C:\WINDOWS\System32\fxscfgwz32.dll
[2010/06/22 21:48:23 | 000,325,632 | ---- | C] () -- C:\WINDOWS\System32\fldrclnr32.dll
[2010/06/22 10:12:21 | 000,325,632 | ---- | C] () -- C:\WINDOWS\System32\dbnetlib32.dll
[2010/06/22 08:12:35 | 000,325,632 | ---- | C] () -- C:\WINDOWS\System32\dmsynth32.dll
[2010/06/21 21:00:39 | 000,325,632 | ---- | C] () -- C:\WINDOWS\System32\dgrpsetu32.dll
[2010/06/21 07:43:33 | 000,325,632 | ---- | C] () -- C:\WINDOWS\System32\fxsroute32.dll
[2010/06/20 17:42:05 | 000,325,632 | ---- | C] () -- C:\WINDOWS\System32\dmusic32.dll
[2010/06/17 17:31:57 | 000,325,632 | ---- | C] () -- C:\WINDOWS\System32\ialmdnt532.dll
[2010/06/16 18:02:39 | 000,321,024 | ---- | C] () -- C:\WINDOWS\System32\dimap32.dll
[2010/06/16 08:05:30 | 000,321,024 | ---- | C] () -- C:\WINDOWS\System32\delphimm32.dll
[2010/06/16 00:01:10 | 000,321,024 | ---- | C] () -- C:\WINDOWS\System32\cdosys32.dll
[2010/06/15 18:57:06 | 000,321,024 | ---- | C] () -- C:\WINDOWS\System32\encdec32.dll
[2010/06/15 07:41:48 | 000,321,024 | ---- | C] () -- C:\WINDOWS\System32\iashlpr32.dll
[2010/06/14 21:46:44 | 000,321,024 | ---- | C] () -- C:\WINDOWS\System32\ialmrnt532.dll
[2010/06/14 20:46:44 | 000,321,024 | ---- | C] () -- C:\WINDOWS\System32\iasrecst32.dll
[2010/06/14 19:16:42 | 000,321,024 | ---- | C] () -- C:\WINDOWS\System32\dsprpres32.dll
[2010/06/14 16:37:10 | 000,321,024 | ---- | C] () -- C:\WINDOWS\System32\dnsrslvr32.dll
[2010/06/11 22:59:56 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/06/11 22:59:55 | 000,321,024 | ---- | C] () -- C:\WINDOWS\System32\isrdbg3232.dll
[2010/06/11 22:59:38 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\igfxdo32.dll
[2010/06/11 22:59:20 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\hal32.dll
[2010/06/11 22:59:15 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\fxsst32.dll

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2004/08/11 20:07:53 | 000,012,399 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml1.srt
[2004/08/11 20:07:53 | 000,012,399 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml2.srt
[2004/08/11 20:07:53 | 000,000,071 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\tempdiff.txt

< %USERPROFILE%\Desktop\*.exe >
[2010/04/04 00:39:47 | 000,237,568 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\Compaq_Owner\Desktop\BNUpdate.exe
[2009/11/10 18:24:54 | 000,714,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\JavaSetup6u17-rv.exe
[1 C:\Documents and Settings\Compaq_Owner\Desktop\*.tmp files -> C:\Documents and Settings\Compaq_Owner\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2006/01/22 13:27:34 | 007,708,672 | ---- | M] (home) -- C:\Documents and Settings\Compaq_Owner\My Documents\Hero Editor.exe
[2004/02/23 00:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Compaq_Owner\My Documents\SETUP1.EXE

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[191 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2004/08/11 21:27:26 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/02/12 09:02:22 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2009/07/08 10:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0
[2011/12/24 11:59:56 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/04/03 21:17:43 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2004/08/11 21:51:34 | 000,000,000 | ---D | M] -- C:\Program Files\BackWeb
[2011/12/24 11:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/12/29 15:30:49 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/11 21:51:29 | 000,000,000 | ---D | M] -- C:\Program Files\Compaq Connections
[2004/08/11 19:15:16 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2004/11/26 15:51:34 | 000,000,000 | ---D | M] -- C:\Program Files\Design Science
[2009/08/10 16:02:57 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo II
[2010/03/22 13:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup
[2005/03/29 17:09:56 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2009/12/18 21:00:43 | 000,000,000 | ---D | M] -- C:\Program Files\FunWebProducts
[2010/05/17 13:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2004/08/11 21:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\Help and Support Additions
[2009/11/07 19:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\Hero Editor
[2010/03/22 13:33:07 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2005/04/08 15:31:49 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2005/03/29 17:10:11 | 000,000,000 | ---D | M] -- C:\Program Files\hp deskjet 5550 series
[2010/03/22 13:32:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2004/08/11 21:28:12 | 000,000,000 | ---D | M] -- C:\Program Files\IntelliMover Data Transfer Demo
[2008/02/02 01:03:43 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2009/11/10 17:55:32 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/12/24 12:06:39 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/12/24 12:07:58 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2004/08/11 20:34:00 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/05/29 15:12:46 | 000,000,000 | ---D | M] -- C:\Program Files\Keyboarding Pro
[2011/12/24 17:12:43 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2009/11/10 17:55:36 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2004/08/11 21:35:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2004/08/11 19:17:46 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2012/02/17 20:37:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2005/05/23 14:12:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2005
[2005/05/23 14:13:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2006
[2004/08/11 21:35:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/06/25 23:10:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2004/08/11 21:30:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Dancer LE
[2004/08/11 21:30:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2004/08/11 21:30:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2004/08/11 21:35:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2004/08/11 21:35:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2004/08/11 21:34:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/11/10 17:55:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2004/08/11 22:04:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/02/21 12:28:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Apps
[2004/08/11 21:22:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard
[2004/08/11 19:14:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/20 09:45:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/12/15 21:33:15 | 000,000,000 | ---D | M] -- C:\Program Files\MyWebSearch
[2009/11/10 17:55:37 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/08/12 05:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\Norton AntiVirus
[2004/08/12 06:01:14 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Personal Firewall
[2005/02/16 16:43:45 | 000,000,000 | ---D | M] -- C:\Program Files\OLYMPUS
[2004/08/11 22:29:00 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/11/10 17:55:38 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2004/08/11 21:55:47 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for Windows
[2010/01/13 18:44:42 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/06/25 23:05:15 | 000,000,000 | ---D | M] -- C:\Program Files\Qwest QuickConnect
[2004/08/11 21:23:43 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/12/13 17:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2009/01/31 05:40:05 | 000,000,000 | ---D | M] -- C:\Program Files\Snappyads Games Collection
[2004/08/11 21:21:45 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2004/08/11 21:21:47 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic RecordNow!
[2011/01/13 21:06:31 | 000,000,000 | ---D | M] -- C:\Program Files\StarCraft
[2010/12/29 14:30:02 | 000,000,000 | ---D | M] -- C:\Program Files\StarCraft.temp
[2006/06/23 09:24:22 | 000,000,000 | R--D | M] -- C:\Program Files\Support.com
[2006/06/21 13:40:38 | 000,000,000 | ---D | M] -- C:\Program Files\SupportSoft
[2004/08/12 06:00:39 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/02/12 20:24:10 | 000,000,000 | ---D | M] -- C:\Program Files\System Guard 2009
[2004/08/11 19:22:10 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/02/02 21:21:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/11/10 17:55:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/11/10 17:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/11 19:16:05 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/08/11 19:17:46 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/12/13 19:14:23 | 000,000,000 | ---D | M] -- C:\Program Files\Zuma Deluxe

< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2004/08/04 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/26 20:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/26 20:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/26 20:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/26 20:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/26 20:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/04 06:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/04 06:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/04 06:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\sda.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/26 20:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/26 20:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/26 20:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/26 20:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/26 20:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/04 06:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/04 06:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/04 06:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\sda.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

< End of report >

FugginBot1

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2012-04-04
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Computer badly infected with rogue antivirus help plz!

Post by FugginBot1 on Wed 04 Apr 2012, 9:32 am

OTL Extras logfile created on: 4/3/2012 4:07:27 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

191.48 Mb Total Physical Memory | 55.92 Mb Available Physical Memory | 29.20% Memory free
519.62 Mb Paging File | 168.09 Mb Available in Paging File | 32.35% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.85 Gb Total Space | 46.21 Gb Free Space | 66.15% Space Free | Partition Type: NTFS
Drive D: | 4.66 Gb Total Space | 0.81 Gb Free Space | 17.45% Space Free | Partition Type: FAT32
Drive E: | 542.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: YOUR-45C550F850 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
"C:\WINDOWS\kbdkyrwow.exe" = C:\WINDOWS\kbdkyrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\iaspolcywow.exe" = C:\WINDOWS\iaspolcywow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ddrawwow.exe" = C:\WINDOWS\ddrawwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdurwow.exe" = C:\WINDOWS\kbdurwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\pidgenwow.exe" = C:\WINDOWS\pidgenwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\hpregwow.exe" = C:\WINDOWS\hpregwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\wuwebwow.exe" = C:\WINDOWS\wuwebwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\vfpodbcwow.exe" = C:\WINDOWS\vfpodbcwow.exe:*:Enabled:Windows Update Service -- (Borland Software Corporation)
"C:\WINDOWS\icaapiwow.exe" = C:\WINDOWS\icaapiwow.exe:*:Enabled:Windows Update Service -- (Borland Software Corporation)
"C:\WINDOWS\atlwow.exe" = C:\WINDOWS\atlwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\usrcntrawow.exe" = C:\WINDOWS\usrcntrawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\omanowow.exe" = C:\WINDOWS\omanowow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nlhtmlwow.exe" = C:\WINDOWS\nlhtmlwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ntdllwow.exe" = C:\WINDOWS\ntdllwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\laprxywow.exe" = C:\WINDOWS\laprxywow.exe:*:Enabled:Windows Update Service -- (Borland Software Corporation)
"C:\WINDOWS\ipxripwow.exe" = C:\WINDOWS\ipxripwow.exe:*:Enabled:Windows Update Service -- (Borland Software Corporation)
"C:\WINDOWS\dmloaderwow.exe" = C:\WINDOWS\dmloaderwow.exe:*:Enabled:Windows Update Service -- (Borland Software Corporation)
"C:\WINDOWS\wuauservwow.exe" = C:\WINDOWS\wuauservwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\shimengwow.exe" = C:\WINDOWS\shimengwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\iasacct32wow.exe" = C:\WINDOWS\iasacct32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\h323mspwow.exe" = C:\WINDOWS\h323mspwow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\msisipwow.exe" = C:\WINDOWS\msisipwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dpnwsockwow.exe" = C:\WINDOWS\dpnwsockwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\camocxwow.exe" = C:\WINDOWS\camocxwow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\usbaaplrcwow.exe" = C:\WINDOWS\usbaaplrcwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\inetmib1wow.exe" = C:\WINDOWS\inetmib1wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\MFC42ENUwow.exe" = C:\WINDOWS\MFC42ENUwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\esentwow.exe" = C:\WINDOWS\esentwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ntmartawow.exe" = C:\WINDOWS\ntmartawow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\itsswow.exe" = C:\WINDOWS\itsswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\rasmxswow.exe" = C:\WINDOWS\rasmxswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\compatUIwow.exe" = C:\WINDOWS\compatUIwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\FM20ENUwow.exe" = C:\WINDOWS\FM20ENUwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\creduiwow.exe" = C:\WINDOWS\creduiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\snmpsnapwow.exe" = C:\WINDOWS\snmpsnapwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\msvcp70wow.exe" = C:\WINDOWS\msvcp70wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\lprmonuiwow.exe" = C:\WINDOWS\lprmonuiwow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\fxsext32wow.exe" = C:\WINDOWS\fxsext32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\jgaw400wow.exe" = C:\WINDOWS\jgaw400wow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\browselcwow.exe" = C:\WINDOWS\browselcwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\npptoolswow.exe" = C:\WINDOWS\npptoolswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mmsystemwow.exe" = C:\WINDOWS\mmsystemwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\zipfldrwow.exe" = C:\WINDOWS\zipfldrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\userenvwow.exe" = C:\WINDOWS\userenvwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\clbcatexwow.exe" = C:\WINDOWS\clbcatexwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\sdhcinstwow.exe" = C:\WINDOWS\sdhcinstwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dsprpres32wow.exe" = C:\WINDOWS\dsprpres32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\hccutilswow.exe" = C:\WINDOWS\hccutilswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\usrdteawow.exe" = C:\WINDOWS\usrdteawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mcd32wow.exe" = C:\WINDOWS\mcd32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdsfwow.exe" = C:\WINDOWS\kbdsfwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ipv6monwow.exe" = C:\WINDOWS\ipv6monwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\winsockwow.exe" = C:\WINDOWS\winsockwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\iasrecstwow.exe" = C:\WINDOWS\iasrecstwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\certmgrwow.exe" = C:\WINDOWS\certmgrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ws2_32wow.exe" = C:\WINDOWS\ws2_32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\rpcns4wow.exe" = C:\WINDOWS\rpcns4wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\msswchwow.exe" = C:\WINDOWS\msswchwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\winmmwow.exe" = C:\WINDOWS\winmmwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\rasautowow.exe" = C:\WINDOWS\rasautowow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdinbenwow.exe" = C:\WINDOWS\kbdinbenwow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\duserwow.exe" = C:\WINDOWS\duserwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Pxwow.exe" = C:\WINDOWS\Pxwow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\rastlswow.exe" = C:\WINDOWS\rastlswow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\RDOCURSwow.exe" = C:\WINDOWS\RDOCURSwow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\pschdprfwow.exe" = C:\WINDOWS\pschdprfwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dfrgreswow.exe" = C:\WINDOWS\dfrgreswow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\Ltwvc11nwow.exe" = C:\WINDOWS\Ltwvc11nwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdmlt47wow.exe" = C:\WINDOWS\kbdmlt47wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\lfbmp11nwow.exe" = C:\WINDOWS\lfbmp11nwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ialmdnt5wow.exe" = C:\WINDOWS\ialmdnt5wow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\kbdltwow.exe" = C:\WINDOWS\kbdltwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\midimapwow.exe" = C:\WINDOWS\midimapwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbditwow.exe" = C:\WINDOWS\kbditwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\fltlibwow.exe" = C:\WINDOWS\fltlibwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dmcomposwow.exe" = C:\WINDOWS\dmcomposwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdlt1wow.exe" = C:\WINDOWS\kbdlt1wow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\kbduzbwow.exe" = C:\WINDOWS\kbduzbwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\strmdllwow.exe" = C:\WINDOWS\strmdllwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\softpubwow.exe" = C:\WINDOWS\softpubwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\catsrvwow.exe" = C:\WINDOWS\catsrvwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\actxprxywow.exe" = C:\WINDOWS\actxprxywow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\bfc42wow.exe" = C:\WINDOWS\bfc42wow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\iasradwow.exe" = C:\WINDOWS\iasradwow.exe:*:Enabled:Windows Update Service -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- ()
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
"C:\WINDOWS\kbdkyrwow.exe" = C:\WINDOWS\kbdkyrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\iaspolcywow.exe" = C:\WINDOWS\iaspolcywow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ddrawwow.exe" = C:\WINDOWS\ddrawwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdurwow.exe" = C:\WINDOWS\kbdurwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\pidgenwow.exe" = C:\WINDOWS\pidgenwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\hpregwow.exe" = C:\WINDOWS\hpregwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\vfpodbcwow.exe" = C:\WINDOWS\vfpodbcwow.exe:*:Enabled:Windows Update Service -- (Borland Software Corporation)
"C:\WINDOWS\icaapiwow.exe" = C:\WINDOWS\icaapiwow.exe:*:Enabled:Windows Update Service -- (Borland Software Corporation)
"C:\WINDOWS\atlwow.exe" = C:\WINDOWS\atlwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\usrcntrawow.exe" = C:\WINDOWS\usrcntrawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\omanowow.exe" = C:\WINDOWS\omanowow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nlhtmlwow.exe" = C:\WINDOWS\nlhtmlwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\laprxywow.exe" = C:\WINDOWS\laprxywow.exe:*:Enabled:Windows Update Service -- (Borland Software Corporation)
"C:\WINDOWS\ipxripwow.exe" = C:\WINDOWS\ipxripwow.exe:*:Enabled:Windows Update Service -- (Borland Software Corporation)
"C:\WINDOWS\dmloaderwow.exe" = C:\WINDOWS\dmloaderwow.exe:*:Enabled:Windows Update Service -- (Borland Software Corporation)
"C:\WINDOWS\wuauservwow.exe" = C:\WINDOWS\wuauservwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\shimengwow.exe" = C:\WINDOWS\shimengwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\fxsroutewow.exe" = C:\WINDOWS\fxsroutewow.exe:*:Disabled:fxsroutewow
"C:\WINDOWS\iasacct32wow.exe" = C:\WINDOWS\iasacct32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\h323mspwow.exe" = C:\WINDOWS\h323mspwow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\msisipwow.exe" = C:\WINDOWS\msisipwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dpnwsockwow.exe" = C:\WINDOWS\dpnwsockwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\camocxwow.exe" = C:\WINDOWS\camocxwow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\usbaaplrcwow.exe" = C:\WINDOWS\usbaaplrcwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\inetmib1wow.exe" = C:\WINDOWS\inetmib1wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\MFC42ENUwow.exe" = C:\WINDOWS\MFC42ENUwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\esentwow.exe" = C:\WINDOWS\esentwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ntmartawow.exe" = C:\WINDOWS\ntmartawow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\itsswow.exe" = C:\WINDOWS\itsswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\rasmxswow.exe" = C:\WINDOWS\rasmxswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\compatUIwow.exe" = C:\WINDOWS\compatUIwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\FM20ENUwow.exe" = C:\WINDOWS\FM20ENUwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\creduiwow.exe" = C:\WINDOWS\creduiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\snmpsnapwow.exe" = C:\WINDOWS\snmpsnapwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\msvcp70wow.exe" = C:\WINDOWS\msvcp70wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\lprmonuiwow.exe" = C:\WINDOWS\lprmonuiwow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\fxsext32wow.exe" = C:\WINDOWS\fxsext32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\jgaw400wow.exe" = C:\WINDOWS\jgaw400wow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\browselcwow.exe" = C:\WINDOWS\browselcwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\npptoolswow.exe" = C:\WINDOWS\npptoolswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mmsystemwow.exe" = C:\WINDOWS\mmsystemwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\zipfldrwow.exe" = C:\WINDOWS\zipfldrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\userenvwow.exe" = C:\WINDOWS\userenvwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\clbcatexwow.exe" = C:\WINDOWS\clbcatexwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\sdhcinstwow.exe" = C:\WINDOWS\sdhcinstwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dsprpres32wow.exe" = C:\WINDOWS\dsprpres32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\hccutilswow.exe" = C:\WINDOWS\hccutilswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\usrdteawow.exe" = C:\WINDOWS\usrdteawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mcd32wow.exe" = C:\WINDOWS\mcd32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdsfwow.exe" = C:\WINDOWS\kbdsfwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ipv6monwow.exe" = C:\WINDOWS\ipv6monwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\winsockwow.exe" = C:\WINDOWS\winsockwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\certmgrwow.exe" = C:\WINDOWS\certmgrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\iasrecstwow.exe" = C:\WINDOWS\iasrecstwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ws2_32wow.exe" = C:\WINDOWS\ws2_32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\rpcns4wow.exe" = C:\WINDOWS\rpcns4wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\msswchwow.exe" = C:\WINDOWS\msswchwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\winmmwow.exe" = C:\WINDOWS\winmmwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\rasautowow.exe" = C:\WINDOWS\rasautowow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdinbenwow.exe" = C:\WINDOWS\kbdinbenwow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\duserwow.exe" = C:\WINDOWS\duserwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Pxwow.exe" = C:\WINDOWS\Pxwow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\rastlswow.exe" = C:\WINDOWS\rastlswow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\RDOCURSwow.exe" = C:\WINDOWS\RDOCURSwow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\dfrgreswow.exe" = C:\WINDOWS\dfrgreswow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\pschdprfwow.exe" = C:\WINDOWS\pschdprfwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Ltwvc11nwow.exe" = C:\WINDOWS\Ltwvc11nwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdmlt47wow.exe" = C:\WINDOWS\kbdmlt47wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\lfbmp11nwow.exe" = C:\WINDOWS\lfbmp11nwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ialmdnt5wow.exe" = C:\WINDOWS\ialmdnt5wow.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\kbdltwow.exe" = C:\WINDOWS\kbdltwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\midimapwow.exe" = C:\WINDOWS\midimapwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbditwow.exe" = C:\WINDOWS\kbditwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\fltlibwow.exe" = C:\WINDOWS\fltlibwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dmcomposwow.exe" = C:\WINDOWS\dmcomposwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdlt1wow.exe" = C:\WINDOWS\kbdlt1wow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\kbduzbwow.exe" = C:\WINDOWS\kbduzbwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\strmdllwow.exe" = C:\WINDOWS\strmdllwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\softpubwow.exe" = C:\WINDOWS\softpubwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\catsrvwow.exe" = C:\WINDOWS\catsrvwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\actxprxywow.exe" = C:\WINDOWS\actxprxywow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\bfc42wow.exe" = C:\WINDOWS\bfc42wow.exe:*:Enabled:Windows Update Service -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\iasradwow.exe" = C:\WINDOWS\iasradwow.exe:*:Enabled:Windows Update Service -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}" = Norton Personal Firewall
"{4214CB9C-AB35-480E-9868-0FE4B5982472}" = ccCommon
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8B9FBE8A-F22B-400B-81B8-7E7E8834F648}" = Rummy Royal
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}" = Norton Internet Security
"{948444FE-265B-4623-910E-AE424DC03350}" = Norton Internet Security
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A398F2DC-D706-4bb2-AC38-5532CD229D08}" = CC_ccProxyMSI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D8C6CB8F-F5B9-4274-82F1-C31083BDFD1F}" = CC_ccStart
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"BackWeb-6750491 Uninstaller" = Compaq Connections
"Google Updater" = Google Updater
"Help and Support Additions" = Help and Support Additions
"LimeWire" = LimeWire 5.5.8
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)
"MyWebSearch bar Uninstall" = My Web Search (IWON)
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"S3" = UniChrome Series Driver and Utilities
"StarCraft" = StarCraft
"SymSetup.{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}" = Norton Personal Firewall (Symantec Corporation)
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004 (Symantec Corporation)
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Zuma Deluxe_is1" = Zuma Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/3/2012 3:38:25 PM | Computer Name = YOUR-45C550F850 | Source = ESENT | ID = 486
Description = wuauclt (2520) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00001.log" failed with system
error 183 (0x000000b7): "Cannot create a file when that file already exists. ".
The move file operation will fail with error -1022 (0xfffffc02).

Error - 4/3/2012 3:38:25 PM | Computer Name = YOUR-45C550F850 | Source = ESENT | ID = 413
Description = wuauclt (2520) Unable to create a new logfile because the database
cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured,
or corrupted. Error -1022.

Error - 4/3/2012 3:38:27 PM | Computer Name = YOUR-45C550F850 | Source = ESENT | ID = 486
Description = wuauclt (2720) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00001.log" failed with system
error 183 (0x000000b7): "Cannot create a file when that file already exists. ".
The move file operation will fail with error -1022 (0xfffffc02).

Error - 4/3/2012 3:38:28 PM | Computer Name = YOUR-45C550F850 | Source = ESENT | ID = 413
Description = wuauclt (2720) Unable to create a new logfile because the database
cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured,
or corrupted. Error -1022.

Error - 4/3/2012 3:38:30 PM | Computer Name = YOUR-45C550F850 | Source = ESENT | ID = 486
Description = wuauclt (3004) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00001.log" failed with system
error 183 (0x000000b7): "Cannot create a file when that file already exists. ".
The move file operation will fail with error -1022 (0xfffffc02).

Error - 4/3/2012 3:38:30 PM | Computer Name = YOUR-45C550F850 | Source = ESENT | ID = 413
Description = wuauclt (3004) Unable to create a new logfile because the database
cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured,
or corrupted. Error -1022.

Error - 4/3/2012 3:38:32 PM | Computer Name = YOUR-45C550F850 | Source = ESENT | ID = 486
Description = wuauclt (3256) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00001.log" failed with system
error 183 (0x000000b7): "Cannot create a file when that file already exists. ".
The move file operation will fail with error -1022 (0xfffffc02).

Error - 4/3/2012 3:38:32 PM | Computer Name = YOUR-45C550F850 | Source = ESENT | ID = 413
Description = wuauclt (3256) Unable to create a new logfile because the database
cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured,
or corrupted. Error -1022.

Error - 4/3/2012 3:38:34 PM | Computer Name = YOUR-45C550F850 | Source = ESENT | ID = 486
Description = wuauclt (3340) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00001.log" failed with system
error 183 (0x000000b7): "Cannot create a file when that file already exists. ".
The move file operation will fail with error -1022 (0xfffffc02).

Error - 4/3/2012 3:38:35 PM | Computer Name = YOUR-45C550F850 | Source = ESENT | ID = 413
Description = wuauclt (3340) Unable to create a new logfile because the database
cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured,
or corrupted. Error -1022.

[ System Events ]
Error - 3/6/2012 11:50:51 PM | Computer Name = YOUR-45C550F850 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 3/7/2012 12:08:19 AM | Computer Name = YOUR-45C550F850 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.7 for the Network Card with network
address 00112F6F97AC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/13/2012 9:59:43 PM | Computer Name = YOUR-45C550F850 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.9 for the Network Card with network
address 00112F6F97AC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/17/2012 12:19:59 AM | Computer Name = YOUR-45C550F850 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 3/17/2012 12:20:00 AM | Computer Name = YOUR-45C550F850 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 3/20/2012 9:29:10 PM | Computer Name = YOUR-45C550F850 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.9 for the Network Card with network
address 00112F6F97AC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/23/2012 9:10:33 PM | Computer Name = YOUR-45C550F850 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 3/23/2012 9:10:33 PM | Computer Name = YOUR-45C550F850 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 3/27/2012 2:14:04 PM | Computer Name = YOUR-45C550F850 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.9 for the Network Card with network
address 00112F6F97AC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/3/2012 3:35:10 PM | Computer Name = YOUR-45C550F850 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.11 for the Network Card with network
address 00112F6F97AC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >

FugginBot1

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2012-04-04
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Computer badly infected with rogue antivirus help plz!

Post by Superdave on Thu 05 Apr 2012, 5:32 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please go to the MicroSoft site and get your updates including Service Pack 3

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
****************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Computer badly infected with rogue antivirus help plz!

Post by FugginBot1 on Thu 05 Apr 2012, 5:06 pm

In that order?

FugginBot1

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2012-04-04
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Computer badly infected with rogue antivirus help plz!

Post by FugginBot1 on Fri 06 Apr 2012, 4:01 am



Malwarebytes Anti-Malware 1.60.1.1000
[You must be registered and logged in to see this link.]

Database version: v2012.04.05.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Compaq_Owner :: YOUR-45C550F850 [administrator]

4/5/2012 12:24:55 AM
mbam-log-2012-04-05 (00-24-55).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278634
Time elapsed: 1 hour(s), 20 minute(s), 27 second(s)

Memory Processes Detected: 2
C:\Documents and Settings\Compaq_Owner\Application Data\SystemProc\lsass.exe (Trojan.Tracur.S) -> 880 -> Delete on reboot.
C:\WINDOWS\iasradwow.exe (Trojan.Tracur.S) -> 1344 -> Delete on reboot.

Memory Modules Detected: 2
C:\WINDOWS\system32\fxsst32.dll (Trojan.Tracur.S) -> Delete on reboot.
C:\WINDOWS\system32\1D.tmp (Trojan.Tracur.S) -> Delete on reboot.

Registry Keys Detected: 137
HKCR\CLSID\{3CDEA1A4-37D0-3409-C022-5E31138F28E7} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CDEA1A4-37D0-3409-C022-5E31138F28E7} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CDEA1A4-37D0-3409-C022-5E31138F28E7} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\50d4de6d954 (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0079E075-4BAA-47FD-A240-92D545216B60} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0079E075-4BAA-47FD-A240-92D545216B60} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0079E075-4BAA-47FD-A240-92D545216B60} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterSettingsControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Worm.P2P) -> Quarantined and deleted successfully.
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|RTHDBPL (Trojan.Tracur.S) -> Data: C:\Documents and Settings\Compaq_Owner\Application Data\SystemProc\lsass.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iasradwow.exe (Trojan.Tracur.S) -> Data: C:\WINDOWS\iasradwow.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Plugin (PUP.MyWebSearch) -> Data: rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar (PUP.MyWebSearch) -> Data: rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: [You must be registered and logged in to see this link.] -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar (Trojan.BHO) -> Data: rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (Trojan.Tracur.S) -> Bad: (C:\WINDOWS\system32\fxsst32.dll) Good: () -> Delete on reboot.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\sda.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.

Folders Detected: 22
C:\WINDOWS\system32\SysWoW32 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SystemProc (Trojan.Agent) -> Delete on reboot.
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\System Guard 2009 (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\Program Files\System Guard 2009\quarantine (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Start Menu\Programs\System Guard 2009 (Rogue.SystemGuard) -> Quarantined and deleted successfully.

Files Detected: 297
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> Delete on reboot.
C:\WINDOWS\system32\fxsst32.dll (Trojan.Tracur.S) -> Delete on reboot.
C:\WINDOWS\system32\1D.tmp (Trojan.Tracur.S) -> Delete on reboot.
C:\Documents and Settings\Compaq_Owner\Application Data\SystemProc\lsass.exe (Trojan.Tracur.S) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> Delete on reboot.
C:\WINDOWS\iasradwow.exe (Trojan.Tracur.S) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\basesrv32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\System Guard 2009\systemguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winlogon.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\svchost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Desktop\setup.exe (Worm.P2P) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Desktop\keygen\keygen.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Local Settings\Temp\11.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Local Settings\Temp\15.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Local Settings\Temp\1E7.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Local Settings\Temp\qlgbaebn.dat (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Local Settings\Temp\_A00F22A10CB2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Local Settings\Temp\_A00F37030.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Local Settings\Temp\_A00F43276.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Local Settings\Temp\Temporary Internet Files\Content.IE5\10IWJ416\SystemGuard2009[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTI5O9K7\SystemGuard2009[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Local Settings\Temporary Internet Files\Content.IE5\J5JZ6GHS\kh10003[1].exe (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\My Documents\LimeWire\Saved\pokemon leafgreen (including crack by CORE)\setup.exe (Worm.P2P) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\My Documents\LimeWire\Saved\pokemon leafgreen (including crack by CORE)\crack\CORE10k.EXE (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\My Documents\LimeWire\Saved\pokemon leafgreen (including crack by CORE)\crack\crack.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\My Documents\LimeWire\Saved\pokemon leafgreen including by including keygen by REVENGE\setup.exe (Worm.P2P) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\My Documents\LimeWire\Saved\pokemon leafgreen including by including keygen by REVENGE\keygen\keygen.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\10.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\10B.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\11.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\12.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\13.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\14.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\15.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\16.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\17.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\18.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\19.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\1A.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\1B.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\1C.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\1D.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\1E.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\1F.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\20.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\E.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\C.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\21.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\35.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\F.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\8.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\83.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\85.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\9.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\90.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\A.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\22.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\23.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\24.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\25.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\26.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\27.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\28.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\29.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\2A.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\3.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\D.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\36.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\37.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\38.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\39.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\3A.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\3E.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\4.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\40.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\41.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\42.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\48.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\4F.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\5.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\6.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\B.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jar_cache7573711832387709192.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\unconfirmed 41289.crdownload (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\update_for_media_player_(KB972036).exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\h323mspwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\dfrgreswow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\ntmartawow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\bfc42wow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\camocxwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\Pxwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\rastlswow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\RDOCURSwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\actxprxywow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\kbdinbenwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\kbdlt1wow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\lprmonuiwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\ialmdnt5wow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\jgaw400wow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hal32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6C.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ialmrnt532.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iashlpr32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iasrecst32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\260.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2E.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2E5.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6E.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\71.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\75.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\84.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\85.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delphimm32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dimap32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AF.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B0.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CC.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdosys32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D5.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dnsrslvr32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsprpres32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E4.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E6.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\encdec32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igfxdo32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\isrdbg3232.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\13A.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\14F.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\16.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\183.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\225.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\88.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\89.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\99.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A1.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A8.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4C.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\60.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F9D4B0526D90C30AF30261EB31F3875D\b\bint1 (Trojan.Tracur.S) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Application Data\0200000082b8f7bc530C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Application Data\0200000082b8f7bc530O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Application Data\0200000082b8f7bc530P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Application Data\0200000082b8f7bc530S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\02000000111b7dde954C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\02000000111b7dde954O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\02000000111b7dde954P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\02000000111b7dde954S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\0200000082b8f7bc530C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\0200000082b8f7bc530O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\0200000082b8f7bc530P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\0200000082b8f7bc530S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\vwraqxntft.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\ieModule.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Desktop\System Guard 2009.lnk (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbnetlib32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dgrpsetu32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dispex32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmsynth32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmusic32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnhupnp32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fldrclnr32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hotplug32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sysexplorer.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu177112119v4.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu177112119v0.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u177112119v0 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u177112119v1 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u177112119v2 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u177112119v3 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u177112119v4 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u177112119v5 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u177112119v6 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u177112119v7 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu177112119v4 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu177112119v5 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu177112119v5.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu177112119v6 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu177112119v6.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu177112119v7 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu177112119v7.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu177112119v0 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu177112119v1 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu177112119v1.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu177112119v2 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu177112119v2.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu177112119v3 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu177112119v3.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u177112119v0 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u177112119v1 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u177112119v2 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u177112119v3 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u177112119v4 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u177112119v5 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u177112119v6 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u177112119v7 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\c.cgm (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SystemProc\upd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00066E4D (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00574BB7 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1F03FD25.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1F04014B.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1F04039D.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1F0405B0.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1F040802.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\System Guard 2009\conf.cfg (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\Program Files\System Guard 2009\mbase.vdb (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\Program Files\System Guard 2009\quarantine.vdb (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\Program Files\System Guard 2009\queue.vdb (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\Program Files\System Guard 2009\uninstall.exe (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\Program Files\System Guard 2009\vbase.vdb (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Start Menu\Programs\System Guard 2009\System Guard 2009.lnk (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\brittany\Start Menu\Programs\System Guard 2009\Uninstall.lnk (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

(end)

FugginBot1

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2012-04-04
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Computer badly infected with rogue antivirus help plz!

Post by Superdave on Fri 06 Apr 2012, 5:40 am

I still need to see the ComboFix log as well as this one.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Computer badly infected with rogue antivirus help plz!

Post by FugginBot1 on Wed 25 Apr 2012, 3:06 pm

ComboFix didn't run at all.. So ill run the other one real fast..

FugginBot1

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2012-04-04
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Computer badly infected with rogue antivirus help plz!

Post by FugginBot1 on Wed 25 Apr 2012, 3:21 pm

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
Norton Personal Firewall (Symantec Corporation)
Norton Personal Firewall
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java(TM) 6 Update 17
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of date!
Adobe Flash Player 10.0.42.34 Flash Player out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

FugginBot1

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2012-04-04
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Computer badly infected with rogue antivirus help plz!

Post by FugginBot1 on Wed 25 Apr 2012, 3:24 pm

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
Norton Personal Firewall (Symantec Corporation)
Norton Personal Firewall
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java(TM) 6 Update 17
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of date!
Adobe Flash Player 10.0.42.34 Flash Player out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

FugginBot1

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2012-04-04
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Computer badly infected with rogue antivirus help plz!

Post by Superdave on Thu 26 Apr 2012, 5:36 am

1. Download this diagnostics tool MGADiag.ext and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Computer badly infected with rogue antivirus help plz!

Post by Sponsored content Today at 2:58 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum