Hi there,
Well, I've done two scans with each tool, and at least the visible symptoms of the infection are gone. I also want to add that when I first noticed this infection, and noticed that I could not get to certain sites, like BleepingComputer.com, I disconnect the machine from the internet. I did not reconnected it until running the first MBam and SAAS scans, then I only reconnected it to update the MBam and SAAS for the second scans. I just did it this way because I didn't feel comfortable having it connected to the internet when I could definitely see that it was infected. Anyways, here are the logs:
SAAS First ScanSUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 12/15/2008 at 11:29 PM
Application Version : 4.23.1006
Core Rules Database Version : 3661
Trace Rules Database Version: 1641
Scan type : Complete Scan
Total Scan Time : 03:24:53
Memory items scanned : 458
Memory threats detected : 0
Registry items scanned : 6280
Registry threats detected : 138
File items scanned : 26334
File threats detected : 53
Unclassified.Unknown Origin
HKU\S-1-5-21-917946865-427553245-1542357927-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
InstaFinderK BHO
HKU\S-1-5-21-917946865-427553245-1542357927-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
Adware.Tracking Cookie
C:\Documents and Settings\Keith\Cookies\keith@collective-media[2].txt
C:\Documents and Settings\Keith\Cookies\keith@revsci[2].txt
C:\Documents and Settings\Keith\Cookies\keith@ads.cnn[2].txt
C:\Documents and Settings\Keith\Cookies\keith@insightexpressai[1].txt
C:\Documents and Settings\Keith\Cookies\keith@ads.lucidmedia[2].txt
C:\Documents and Settings\Keith\Cookies\keith@realmedia[1].txt
C:\Documents and Settings\Keith\Cookies\keith@at.atwola[1].txt
C:\Documents and Settings\Keith\Cookies\keith@statcounter[1].txt
C:\Documents and Settings\Keith\Cookies\keith@ads.pointroll[1].txt
C:\Documents and Settings\Keith\Cookies\keith@atwola[1].txt
C:\Documents and Settings\Keith\Cookies\keith@cache.trafficmp[1].txt
C:\Documents and Settings\Keith\Cookies\keith@questionmarket[2].txt
C:\Documents and Settings\Keith\Cookies\keith@advertising[2].txt
C:\Documents and Settings\Keith\Cookies\keith@sexyads[1].txt
C:\Documents and Settings\Keith\Cookies\keith@mediaplex[2].txt
C:\Documents and Settings\Keith\Cookies\keith@www.burstnet[1].txt
C:\Documents and Settings\Keith\Cookies\keith@richmedia.yahoo[2].txt
C:\Documents and Settings\Keith\Cookies\keith@timeinc.122.2o7[1].txt
C:\Documents and Settings\Keith\Cookies\keith@antivirus-rapid-scanner[1].txt
C:\Documents and Settings\Keith\Cookies\keith@interclick[2].txt
C:\Documents and Settings\Keith\Cookies\keith@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\Keith\Cookies\keith@ad.yieldmanager[1].txt
C:\Documents and Settings\Keith\Cookies\keith@trafficmp[2].txt
C:\Documents and Settings\Keith\Cookies\keith@2o7[1].txt
C:\Documents and Settings\Keith\Cookies\keith@iacas.adbureau[1].txt
C:\Documents and Settings\Keith\Cookies\keith@247realmedia[2].txt
C:\Documents and Settings\Keith\Cookies\keith@media6degrees[2].txt
C:\Documents and Settings\Keith\Cookies\keith@ar.atwola[1].txt
C:\Documents and Settings\Keith\Cookies\keith@tacoda[1].txt
C:\Documents and Settings\Keith\Cookies\keith@cdn.at.atwola[1].txt
C:\Documents and Settings\Keith\Cookies\keith@clicksoverview[1].txt
Rogue.SpywareGuard2008
HKU\S-1-5-21-917946865-427553245-1542357927-1006\Software\Spyware Guard
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008#InstallDate
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008#DisplayName
C:\Program Files\Spyware Guard 2008\conf.cfg
C:\Program Files\Spyware Guard 2008\mbase.vdb
C:\Program Files\Spyware Guard 2008\quarantine
C:\Program Files\Spyware Guard 2008\quarantine.vdb
C:\Program Files\Spyware Guard 2008\queue.vdb
C:\Program Files\Spyware Guard 2008\spywareguard.exe
C:\Program Files\Spyware Guard 2008\uninstall.exe
C:\Program Files\Spyware Guard 2008\vbase.vdb
C:\Program Files\Spyware Guard 2008
C:\Documents and Settings\Keith\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk
C:\Documents and Settings\Keith\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk
C:\Documents and Settings\Keith\Start Menu\Programs\Spyware Guard 2008
C:\WINDOWS\reged.exe
C:\WINDOWS\spoolsystem.exe
C:\WINDOWS\sys.com
C:\WINDOWS\syscert.exe
C:\WINDOWS\sysexplorer.exe
C:\WINDOWS\vmreg.dll
C:\Documents and Settings\Keith\Desktop\Spyware Guard 2008.lnk
C:\WINDOWS\Prefetch\SPYWAREGUARD.EXE-1D259822.pf
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\MS Juan
HKLM\SOFTWARE\Microsoft\MS Juan#RID
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\outerinfo+uninstall
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\outerinfo+uninstall#LU
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\outerinfo+uninstall#CT
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\outerinfo+uninstall#LT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LBL
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#MN
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CPS
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\MS Track System
HKLM\SOFTWARE\Microsoft\MS Track System#Uid
HKLM\SOFTWARE\Microsoft\MS Track System#Shows
HKLM\SOFTWARE\Microsoft\MS Track System#Uqs
HKLM\SOFTWARE\Microsoft\MS Track System#Click1
HKLM\SOFTWARE\Microsoft\MS Track System#Click2
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N
Rogue.Component/Trace
HKLM\Software\Microsoft\F0CB0BB9
HKLM\Software\Microsoft\F0CB0BB9#f0cb0bb9
HKLM\Software\Microsoft\F0CB0BB9#Version
HKLM\Software\Microsoft\F0CB0BB9#f0cba639
HKLM\Software\Microsoft\F0CB0BB9#f0cbcfdc
Trojan.Fake-Alert/Trace
HKU\S-1-5-21-917946865-427553245-1542357927-1006\SOFTWARE\Microsoft\fias4013
Rootkit.TDSServ
HKLM\SOFTWARE\TDSS
HKLM\SOFTWARE\TDSS#build
HKLM\SOFTWARE\TDSS#type
HKLM\SOFTWARE\TDSS#affid
HKLM\SOFTWARE\TDSS#subid
HKLM\SOFTWARE\TDSS#cmddelay
HKLM\SOFTWARE\TDSS#serversdown
HKLM\SOFTWARE\TDSS\connections
HKLM\SOFTWARE\TDSS\connections#f6065612
HKLM\SOFTWARE\TDSS\connections#8f214514
HKLM\SOFTWARE\TDSS\disallowed
HKLM\SOFTWARE\TDSS\disallowed#trsetup.exe
HKLM\SOFTWARE\TDSS\disallowed#ViewpointService.exe
HKLM\SOFTWARE\TDSS\disallowed#ViewMgr.exe
HKLM\SOFTWARE\TDSS\disallowed#SpySweeper.exe
HKLM\SOFTWARE\TDSS\disallowed#SUPERAntiSpyware.exe
HKLM\SOFTWARE\TDSS\disallowed#SpySub.exe
HKLM\SOFTWARE\TDSS\disallowed#SpywareTerminatorShield.exe
HKLM\SOFTWARE\TDSS\disallowed#SpyHunter3.exe
HKLM\SOFTWARE\TDSS\disallowed#XoftSpy.exe
HKLM\SOFTWARE\TDSS\disallowed#SpyEraser.exe
HKLM\SOFTWARE\TDSS\disallowed#combofix.exe
HKLM\SOFTWARE\TDSS\disallowed#otscanit.exe
HKLM\SOFTWARE\TDSS\disallowed#mbam.exe
HKLM\SOFTWARE\TDSS\disallowed#mbam-setup.exe
HKLM\SOFTWARE\TDSS\disallowed#flash_disinfector.exe
HKLM\SOFTWARE\TDSS\disallowed#otmoveit2.exe
HKLM\SOFTWARE\TDSS\disallowed#smitfraudfix.exe
HKLM\SOFTWARE\TDSS\disallowed#prevxcsifree.exe
HKLM\SOFTWARE\TDSS\disallowed#download_mbam-setup.exe
HKLM\SOFTWARE\TDSS\disallowed#cbo_setup.exe
HKLM\SOFTWARE\TDSS\disallowed#spywareblastersetup.exe
HKLM\SOFTWARE\TDSS\disallowed#rminstall.exe
HKLM\SOFTWARE\TDSS\disallowed#sdsetup.exe
HKLM\SOFTWARE\TDSS\disallowed#vundofixsvc.exe
HKLM\SOFTWARE\TDSS\disallowed#daft.exe
HKLM\SOFTWARE\TDSS\disallowed#gmer.exe
HKLM\SOFTWARE\TDSS\disallowed#catchme.exe
HKLM\SOFTWARE\TDSS\disallowed#mcpr.exe
HKLM\SOFTWARE\TDSS\disallowed#sdfix.exe
HKLM\SOFTWARE\TDSS\disallowed#hjtinstall.exe
HKLM\SOFTWARE\TDSS\disallowed#fixpolicies.exe
HKLM\SOFTWARE\TDSS\disallowed#emergencyutil.exe
HKLM\SOFTWARE\TDSS\disallowed#techweb.exe
HKLM\SOFTWARE\TDSS\disallowed#GoogleUpdate.exe
HKLM\SOFTWARE\TDSS\disallowed#windowsdefender.exe
HKLM\SOFTWARE\TDSS\disallowed#spybotsd.exe
HKLM\SOFTWARE\TDSS\injector
HKLM\SOFTWARE\TDSS\injector#*
HKLM\SOFTWARE\TDSS\versions
HKLM\SOFTWARE\TDSS\versions#/tdss/crcmds/init
HKLM\SOFTWARE\TDSS\versions#/tdss2/crcmds/init
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata#affid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata#subid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata#control
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata#prov
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata#googleadserver
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata#flagged
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#start
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#type
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#imagepath
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#group
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#TDSSserv
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#TDSSl
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssservers
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssmain
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdsslog
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssadw
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssinit
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssurls
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdsspanels
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdsserrors
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#TDSSproc
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#NextInstance
Trojan.Net-SvHoster
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\PROTECT\SVHOST.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SVHOST.EXE
SAAS Second ScanSUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 12/16/2008 at 07:51 PM
Application Version : 4.23.1006
Core Rules Database Version : 3676
Trace Rules Database Version: 1655
Scan type : Complete Scan
Total Scan Time : 02:22:25
Memory items scanned : 442
Memory threats detected : 3
Registry items scanned : 6282
Registry threats detected : 15
File items scanned : 26610
File threats detected : 25
Rogue.SpywareGuard2008
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\DLLS\MODULEIE.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\DLLS\MODULEIE.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\DLLS\IEMODULE.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\DLLS\IEMODULE.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\DLLS\SMJDCIXQBR.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\DLLS\SMJDCIXQBR.DLL
HKLM\Software\Classes\CLSID\{E18E6404-5E0A-4156-82F2-7F337E69C0C9}
HKCR\CLSID\{E18E6404-5E0A-4156-82F2-7F337E69C0C9}
HKCR\CLSID\{E18E6404-5E0A-4156-82F2-7F337E69C0C9}\InprocServer32
HKCR\CLSID\{E18E6404-5E0A-4156-82F2-7F337E69C0C9}\InprocServer32#ThreadingModel
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#ieModule
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008#InstallDate
C:\Program Files\Spyware Guard 2008\conf.cfg
C:\Program Files\Spyware Guard 2008\mbase.vdb
C:\Program Files\Spyware Guard 2008\quarantine
C:\Program Files\Spyware Guard 2008\quarantine.vdb
C:\Program Files\Spyware Guard 2008\queue.vdb
C:\Program Files\Spyware Guard 2008\spywareguard.exe
C:\Program Files\Spyware Guard 2008\uninstall.exe
C:\Program Files\Spyware Guard 2008\vbase.vdb
C:\Program Files\Spyware Guard 2008
C:\Documents and Settings\Keith\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk
C:\Documents and Settings\Keith\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk
C:\Documents and Settings\Keith\Start Menu\Programs\Spyware Guard 2008
C:\WINDOWS\reged.exe
C:\WINDOWS\spoolsystem.exe
C:\WINDOWS\sys.com
C:\WINDOWS\syscert.exe
C:\WINDOWS\sysexplorer.exe
C:\WINDOWS\vmreg.dll
C:\Documents and Settings\Keith\Desktop\Spyware Guard 2008.lnk
C:\WINDOWS\Prefetch\SPYWAREGUARD.EXE-1D259822.pf
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{94F93E23-6853-4A61-B5B2-FCA6485FEA4C}
HKCR\CLSID\{94F93E23-6853-4A61-B5B2-FCA6485FEA4C}
HKCR\CLSID\{94F93E23-6853-4A61-B5B2-FCA6485FEA4C}
HKCR\CLSID\{94F93E23-6853-4A61-B5B2-FCA6485FEA4C}\InprocServer32
HKCR\CLSID\{94F93E23-6853-4A61-B5B2-FCA6485FEA4C}\InprocServer32#ThreadingModel
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#InternetConnection
Rootkit.TDSServ/Fake
C:\DOCUMENTS AND SETTINGS\KEITH\LOCAL SETTINGS\TEMP\TDSS5288.TMP
Rootkit.TDSServ-Trace
C:\WINDOWS\SYSTEM32\TDSSLRVD.DAT
MBam First ScanMalwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3
12/16/2008 5:25:17 AM
mbam-log-2008-12-16 (05-25-16).txt
Scan type: Full Scan (C:\|)
Objects scanned: 151933
Time elapsed: 4 hour(s), 17 minute(s), 48 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 7
Files Infected: 30
Memory Processes Infected:
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.SpywareGuard) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{453f51e8-fef5-4c54-b136-944bf434360c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxtoolbar.tbinfo (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxtoolbar.tbinfo.1 (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\spyware guard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Keith\Start Menu\Programs\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\SYSTEM32\TDSShrxr.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSSoiqt.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSSrtqp.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSSxfum.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\DRIVERS\TDSSpqlt.sys (Trojan.TDSS) -> Delete on reboot.
C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Keith\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Keith\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf3f82aab.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Keith\Desktop\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\TDSSkkbi.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSSlxwp.dll (Rootkit.Agent) -> Delete on reboot.
MBam Second ScanMalwarebytes' Anti-Malware 1.31
Database version: 1508
Windows 5.1.2600 Service Pack 3
12/17/2008 5:18:31 AM
mbam-log-2008-12-17 (05-18-31).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 148049
Time elapsed: 1 hour(s), 45 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Keith\Local Settings\Temp\TDSS5334.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\winscenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.