Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yep. I'm Infected. But with WHAT?


  • Please log in to reply
15 replies to this topic

#1 ThouShaltAlwaysKill

ThouShaltAlwaysKill

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 02 December 2008 - 08:31 PM

Hi there,

I'll start off by saying that I am new to BC. I registered not that long ago and have spent a few days looking through here, trying to get a feel for things and what I should do when I decide to finally post my problem.

The problem is, since I've become a member it seems like the number of my computer problems have gone up exponentially.

I was considering posting an HJT log (in the appropriate forum of course) when I realized that I really have no idea what exactly is going on with my computer.

I guess we can start off with what originally brought me here:
I as getting pop-ups whenever I opened up my internet explorer, most of their titles beginning with "CiD" or "CiD help". I did some searching and figured out this was spyware of some sort. So I came here.

Then I started to get another much more irritating pop-up. I can no longer remember the name of it since its been a while since I've actually seen it. But it was an antispywareguard 2009, or something similar, and the only way I could get rid of it without it bringing me to its site was by bringing up the task manager (and ending it that way).

Those most recent ones came up at almost the exact same time my antivirus started to catch certain files. They have pretty much all been .dll files that were found in the windows system32 folder. The weird thing is, that even though the autoprotect was finding them, it could not delete or even quarantine the files until the next time I restarted my computer.

Fortunately, today, all these problems went away. Unfortunately, I'm stuck with a larger one. I opened up explorer with the intentions of checking my email. But after typing in the address, the site refused to load. It just sat there. trying again with Firefox, the same thing happened. The bottom of the page is continuously saying "Waiting for www.bleepingcomputer.com..." or whatever site I try to go to. I know I'm connected to the internet, because I can browse the iTunes store, and Safari (the internet browser I'm using now) works just fine.

I've done a virus scan and nothing's come up. I tried using (Lavasoft) Adaware to do a spyware scan and it gets about five minutes in then crashes.

My biggest current problem is definitely the no internet bit. I have no idea if anyone can help me or not, but I figured here was as good of a place to start as any.

And I'm sorry for the length. I hope I made it clear, since its clearly not concise.

Thanks a lot :thumbsup:

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 02 December 2008 - 08:36 PM

Try running this scan. You can copy it over from another computer if you need to:

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on drweb-cureit.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 ThouShaltAlwaysKill

ThouShaltAlwaysKill
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 02 December 2008 - 09:51 PM

I downloaded the Drweb-cureit.exe to my desktop, and tried using it in safe mode. But right after I hit start then click okay, the program shuts down and it gives me this program has encountered a problem and needs to shut down.

And then it closes.

I tried re downloading it and trying it again. still, no dice.
Would it work if I did not use it under safe mode? Would that maybe help it run?

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 02 December 2008 - 10:02 PM

Generally DrWebCureIt is more effective in Safe Mode, but you can (and should) try it in Normal Mode if you can't get it to run in Safe Mode.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 ThouShaltAlwaysKill

ThouShaltAlwaysKill
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 02 December 2008 - 10:07 PM

Okay. so I'm getting the exact same problem not in safe mode "setup.exe has encountered a problem and needs to close. We are sorry for the inconvenience."
That one.


And although I still can't access the internet through internet explorer or Firefox, I got a CiD pop-up that seemed to work. So entered a different website into the address bar and it worked fine. I'm not sure what that means, if anything

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 02 December 2008 - 10:16 PM

Try renaming the Drweb-cureit.exe file to something else, such as abcde.bat, and then run it (try Safe Mode first, and if that doesn't work try Normal Mode).
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 ThouShaltAlwaysKill

ThouShaltAlwaysKill
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 04 December 2008 - 05:07 PM

Sorry for taking forever to answer.

I tried it. And it still crashes. Both in safe mode and regular mode.

And the one antivirusd thing thats been popping up is called simply: Antivirus2009

http://antivirus-live-scanner.com/2009/1/e...n.php?nu=880807 is the site it brings me to.

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 04 December 2008 - 05:09 PM

Try this scan:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

Again you can copy it over from another computer, and try the renaming trick again if it doesn't work first time.

Edited by Budapest, 04 December 2008 - 05:10 PM.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 ThouShaltAlwaysKill

ThouShaltAlwaysKill
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 04 December 2008 - 05:33 PM

I tried this scan just the other day actually, and this is the report it left me with. Should I try again?



SDFix: Version 1.240
Run by User on 02/12/2008 at 07:12 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 19:23:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPMa3ef0953"="Rundll32.exe "c:\windows\system32\fakugupu.dll",a"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\MSN Messenger\\msrr.exe"="C:\\Program Files\\MSN Messenger\\msrr.exe:*:Enabled:Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\burst\\core-new1.1.3\\btdownloadheadless.exe"="C:\\Program Files\\burst\\core-new1.1.3\\btdownloadheadless.exe:*:Enabled:burst! download engine"
"C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:IEXPLORE"
"C:\\Program Files\\Symantec AntiVirus\\VPTray.exe"="C:\\Program Files\\Symantec AntiVirus\\VPTray.exe:*:Enabled:VPTray"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe:*:Enabled:ccApp"
"C:\\WINDOWS\\system32\\ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe:*:Enabled:ctfmon"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_FATIAFA.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_FATIAFA.EXE:*:Enabled:E_FATIAFA"
"C:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"="C:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe:*:Enabled:usnsvc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Sat 3 Nov 2007 80 ..SHR --- "C:\WINDOWS\system32\A8FBB97613.dll"
Tue 2 Dec 2008 86,581 A.SH. --- "C:\WINDOWS\system32\bezayedo.dll"
Sun 24 Aug 2008 60,416 A.SH. --- "C:\WINDOWS\system32\dinizuha.dll"
Mon 1 Sep 2008 65,588 A.SH. --- "C:\WINDOWS\system32\dutuhabe.dll"
Tue 2 Dec 2008 93,237 A.SH. --- "C:\WINDOWS\system32\fakugupu.dll"
Mon 1 Sep 2008 65,588 A.SH. --- "C:\WINDOWS\system32\kofipulo.dll"
Sun 24 Aug 2008 60,416 A.SH. --- "C:\WINDOWS\system32\mafopiwo.dll.tmp"
Sun 24 Aug 2008 60,416 A.SH. --- "C:\WINDOWS\system32\mivohilu.dll"
Mon 1 Dec 2008 86,580 A.SH. --- "C:\WINDOWS\system32\nusoyeta.dll"
Mon 1 Sep 2008 65,588 A.SH. --- "C:\WINDOWS\system32\regoyivu.dll"
Mon 1 Dec 2008 93,236 A.SH. --- "C:\WINDOWS\system32\wonupago.dll"
Mon 1 Dec 2008 65,588 A.SH. --- "C:\WINDOWS\system32\zevihami.dll"
Fri 12 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 20 Feb 2008 50,688 ...H. --- "C:\Documents and Settings\Michelle\My Documents\~WRL0003.tmp"
Mon 14 Jan 2008 135,168 ...H. --- "C:\Documents and Settings\Michelle\My Documents\~WRL0004.tmp"
Sun 5 Oct 2008 598,528 ...H. --- "C:\Documents and Settings\Michelle\My Documents\~WRL3893.tmp"
Fri 29 Sep 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 04 December 2008 - 05:45 PM

Yes, please run the scan again. But download a fresh copy of SDFix before running the scan.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 ThouShaltAlwaysKill

ThouShaltAlwaysKill
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 04 December 2008 - 06:22 PM

Alrighty.
I downloaded a new sd fix and ran it in safe mode.
It scanned, and then restarted as per usual.
Instead of letting it go into normal mode so that sd fix could do its last bit I re-ran my computer in safe mode because my antivirus always labels the SDFix scan as a virus. I left it, and when I came back to my computer, it had restarted and was sitting at the loading page. I logged in and a message popped up saying something to the effect of : "This system has just recovered from a serious error"

I tried to do the send to microsoft but it didn't seem to work. BUT, on an extremely positive note, both Firefox and IE are working!!
I'm getting the dumb CiD pop-up still, as well as the Antivirus 2009 pop-up as well (the antivirus one is in french though... how odd)

Also, there was a catchme.log file saved to my desktop. Not a lot in it, but still.

Should I go back and try one of the previous scans you recommended me (drweb-cureit or something), since something does seem to have changed on my computer?

#12 ThouShaltAlwaysKill

ThouShaltAlwaysKill
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 04 December 2008 - 06:24 PM

Oh, and thank you very, very much for your help so far :thumbsup:

#13 ThouShaltAlwaysKill

ThouShaltAlwaysKill
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 09 December 2008 - 10:04 PM

Drweb-cure it still doesn't work

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 09 December 2008 - 10:23 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#15 ThouShaltAlwaysKill

ThouShaltAlwaysKill
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 16 December 2008 - 11:38 PM

Malwarebytes' Anti-Malware 1.31
Database version: 1510
Windows 5.1.2600 Service Pack 3

16/12/2008 9:33:04 PM
mbam-log-2008-12-16 (21-33-04).txt

Scan type: Quick Scan
Objects scanned: 66900
Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 27
Registry Values Infected: 6
Registry Data Items Infected: 5
Folders Infected: 41
Files Infected: 121

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\pekugedi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bupudofa.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\mifolole.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\buyaneju.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\miliyepa.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d0d60c5-c03c-43bc-9b3e-949bc51382fd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7d0d60c5-c03c-43bc-9b3e-949bc51382fd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d0d60c5-c03c-43bc-9b3e-949bc51382fd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e055c02e-6258-40ff-80a7-3bda52facad7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Spyware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{e055c02e-6258-40ff-80a7-3bda52facad7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\starware388 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a0dc3acf (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fagutaluma (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpma3ef0953 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iuab (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pekugedi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pekugedi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\pekugedi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\mifolole.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\mifolole.dll -> Delete on reboot.

Folders Infected:
C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Button_5 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Button_6 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Button_7 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Button_5 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Button_6 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Button_7 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Weather (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\bupudofa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\afodupub.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dayevese.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eseveyad.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dezubebo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obebuzed.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dirupahu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhapurid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\povafihe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ehifavop.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\romarete.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eteramor.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buyaneju.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\mifolole.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\miliyepa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pekugedi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wiwuzepe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bivegedu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\godisida.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yapimowe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\FMZ4R3WY\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6BURRVUV\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\J5W7KFO5\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\1498_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\1498_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\Button_50.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\Button_60.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\Button_70.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\WeatherHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware388\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Button_5\Button_5Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Button_5\Button_5Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Button_6\Button_6Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Button_6\Button_6Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Button_7\Button_7Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Button_7\Button_7Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Screensavers\ScreensaversOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Screensavers\ScreensaversOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Starware388\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Button_5\Button_5Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Button_5\Button_5Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Button_6\Button_6Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Button_6\Button_6Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Button_7\Button_7Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Button_7\Button_7Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Screensavers\ScreensaversOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Screensavers\ScreensaversOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Starware388\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users