Infected machine - Privacy Center auto scanned

I have a computer that seemed to be seriously infected. As soon as booting up, a program called Privacy Center would automatically start scanning, or so it said anyways (In Normal and Safe Modes). I had to open task manager to kill the program and then run explorer from there as well. So after getting to the desktop, I downloaded, installed, and ran (in this order):
1) CCleaner - Cleaned files (including those older than 48 hours)
2) ATF-Cleaner
3) Malwarebytes (Quick Scan - 74 Infections) - Have Log
4) Superantispyware (Full Scan - 18 Infections) - Have Log
5) Bitdefender Online Scanner (44 Infections)- Have Log
6) Malwarebytes (Full Scan - 18 Infections) - Have Log
7) Hijackthis - Have Log

This computer is running Windows XP.

Now I noticed that I'm not supposed to post logs until asked for them, so guess I'll wait...

Thanks

Hello hiker75 and to Bleeping Computer.

It sounds like you have a Rogue on your system. We may need to send you to the Malware Removal forum to get rid of this bugger, but I'd like to see some of those logs before we make that decision, if we can kill it here it will save you a lot of time and trouble .
Please post the logs from 3, 4, 5, and 6 (using your numbering in the above post). Please do not post a HijackThis log, as they are not allowed in this forum. Also, please do not run any other cleaning/fixing tools unless instructed, in order to facilitate the cleaning of your machine.

Alright.. sorry for the delay. It seems as though this guy needed his computer earlier than expected, and so he picked it up before I received your response. However, he just brought it back to me yesterday with a new infection. I believe this was called Security Center 2009. He also had something called CyberDefender installed as well. Anyways, if you still need the old logs, I should still have those. Let me know if you want me to include those. However, here are the most recent logs that I just performed earlier today (Superantispyware log not included as it didn't find anything this time. If you need, I can still include it).

Malwarebytes:

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2

6/20/2009 3:23:58 PM
mbam-log-2009-06-20 (15-23-58).txt

Scan type: Quick Scan
Objects scanned: 100578
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10006094 (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Owner.YOUR-102D8B3109\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\owner.your-102d8b3109\start menu\Programs\system security\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

bitdefender:

BitDefender Online Scanner



Scan report generated at: Sat, Jun 20, 2009 - 19:47:00





Scan path: C:\;D:\;







Statistics

Time
01:18:04

Files
433869

Folders
13179

Boot Sectors
0

Archives
23506

Packed Files
27994




Results

Identified Viruses
3

Infected Files
11

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
11




Engines Info

Virus Definitions
3439646

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn10=>wscui.cpl
Infected with: Trojan.FakeAlert.AOI

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn10=>wscui.cpl
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn10
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn12=>AntivirusPro2009.exe
Infected with: Trojan.Generic.1126096

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn12=>AntivirusPro2009.exe
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn12
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn13=>AVEngn.dll
Infected with: Trojan.FakeAlert.ANE

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn13=>AVEngn.dll
Disinfection failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn13=>AVEngn.dll
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn13
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn16=>wscui.cpl
Infected with: Trojan.FakeAlert.AOI

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn16=>wscui.cpl
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn16
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn18=>AntivirusPro2009.exe
Infected with: Trojan.Generic.1126096

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn18=>AntivirusPro2009.exe
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn18
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn19=>AVEngn.dll
Infected with: Trojan.FakeAlert.ANE

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn19=>AVEngn.dll
Disinfection failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn19=>AVEngn.dll
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn19
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn22=>wscui.cpl
Infected with: Trojan.FakeAlert.AOI

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn22=>wscui.cpl
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn22
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn3=>AntivirusPro2009.exe
Infected with: Trojan.Generic.1126096

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn3=>AntivirusPro2009.exe
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn3
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn4=>AVEngn.dll
Infected with: Trojan.FakeAlert.ANE

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn4=>AVEngn.dll
Disinfection failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn4=>AVEngn.dll
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn4
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn6=>AntivirusPro2009.exe
Infected with: Trojan.Generic.1126096

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn6=>AntivirusPro2009.exe
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn6
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn7=>AVEngn.dll
Infected with: Trojan.FakeAlert.ANE

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn7=>AVEngn.dll
Disinfection failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn7=>AVEngn.dll
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn7
Update failed

Hello hiker75 and welcome back.

another infection in less than two weeks? Might be due to an incomplete previous removal, but that's unlikely (Rogue vendors don't usually share victims ). I can definitely help you in cleaning this machine, but you may want to advise the owner that there are some malware infections which cannot be removed short of wiping the entire computer and reinstalling the OS. If you like, when we are done I can provide you with some information/links on various techniques to surf safely as well as some free tools to increase system protection, so that you may pass it along to the owner of the computer.

Now, in regards to the malware:

1. Please go ahead and post the logs I originally requested, I would like to see what was originally found on the machine so that I can know if anything else needs to be taken into account.

2. Question: when you ran SUPERAntiSpyware (this time, after he brought the computer back to you), did you run it in normal mode or safe mode?

3. Please go ahead and run a Full Scan with Malwarebytes in Normal Mode(Make sure to update it first!). Please post that log back here for my review. To avoid confusion, please include that log in a separate post from the other logs requested.

In your next reply, please include the following:
Original logs requested
An answer to the question in Item No. 2
Malwarebytes Full Scan log (in a separate post)

Thanks for the reply:

Answer to #2: Everything was ran in Normal mode this time. (Also, not sure if this was part of the infection, but none of the NIC's were detected. I had to readd them before I could connect to the internet. There was nothing preventing me readding the network adaptor though, but wasn't sure if an infection caused the problem. The NIC was missing this time only and not from the first infection issue.)

I will start a malwarebytes full scan as soon as I'm done with this post and post that log as soon as it completes.

Here are the logs previously requested:

Malwarebytes (Quick):

Malwarebytes' Anti-Malware 1.37
Database version: 2249
Windows 5.1.2600 Service Pack 2

6/8/2009 8:58:31 PM
mbam-log-2009-06-08 (20-58-31).txt

Scan type: Quick Scan
Objects scanned: 99489
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 12
Files Infected: 46

Memory Processes Infected:
C:\Program Files\PCenter\agent.exe (Rogue.PCenter) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbd4551a-9b23-41cd-9bcd-818aa2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bbd4551a-9b23-41cd-9bcd-818aa2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bbd4551a-9b23-41cd-9bcd-818aa2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\privacy center (Rogue.PCenter) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd31724a-11be-42fd-ae56-4302c1c0f5ec} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agent.exe (Rogue.PCenter) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Program Files\PCenter\pc.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\PCenter (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\faq (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\faq\images (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\sounds (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\tools (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\tools\sc (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\tools\sp (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Owner.YOUR-102D8B3109\Application Data\PCenter (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\dbases (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\keys (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\temp (Rogue.PCenter) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\PCenter\agent.exe (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\twext.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\program files\PCenter\pc.exe (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\uninstall.exe (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\faq\guide.html (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\faq\images\gimg1.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\faq\images\gimg10.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\faq\images\gimg2.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\faq\images\gimg3.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\faq\images\gimg4.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\faq\images\gimg5.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\faq\images\gimg6.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\faq\images\gimg7.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\faq\images\gimg8.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\faq\images\gimg9.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\sounds\1.mp3 (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\program files\PCenter\sounds\3.mp3 (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\dbases\cg.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\dbases\mw.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\dbases\rd.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\dbases\sc.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\dbases\sm.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\dbases\sp.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\keys\cg.key (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\keys\rd.key (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\keys\sc.key (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\keys\sp.key (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\temp\settings.ini (Rogue.PCenter) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\application data\PCenter\temp\spfilter (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mst122.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner.YOUR-102D8B3109\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\Owner.YOUR-102D8B3109\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\Owner.YOUR-102D8B3109\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\Owner.YOUR-102D8B3109\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-102d8b3109\favorites\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\accessories\system tools\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\all users\Desktop\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\all users\Desktop\Online Spyware Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner.YOUR-102D8B3109\Desktop\PCenter.lnk (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.

superantispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/08/2009 at 09:46 PM

Application Version : 4.26.1004

Core Rules Database Version : 3930
Trace Rules Database Version: 1873

Scan type : Complete Scan
Total Scan Time : 00:40:13

Memory items scanned : 577
Memory threats detected : 0
Registry items scanned : 6097
Registry threats detected : 0
File items scanned : 36759
File threats detected : 18

Adware.Tracking Cookie
C:\Documents and Settings\Owner.YOUR-102D8B3109\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner.YOUR-102D8B3109\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner.YOUR-102D8B3109\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner.YOUR-102D8B3109\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner.YOUR-102D8B3109\Cookies\owner@mediaplex[1].txt

Browser Hijacker.Favorites
C:\MY BACKUP -- 08-11-16 0744AM\DOCUMENTS AND SETTINGS\OWNER.YOUR-EF331CC5E9\DESKTOP\GEEKSQUAD DATA BACKUP\FAVORITES\ONLINE SECURITY TEST.URL

Rootkit.TDSServ/Fake
C:\MY BACKUP -- 08-11-16 0744AM\DOCUMENTS AND SETTINGS\OWNER.YOUR-EF331CC5E9\LOCAL SETTINGS\TEMP\TDSSDA42.TMP

Rogue.AntiVirusPro2009
C:\MY BACKUP -- 08-11-16 0744AM\PROGRAM FILES\ANTIVIRUSPRO2009\ANTIVIRUSPRO2009.EXE

Trojan.Dropper/Gen-NV
C:\MY BACKUP -- 08-11-16 0744AM\WINDOWS\BRASTK.EXE
C:\MY BACKUP -- 08-11-16 0744AM\WINDOWS\SYSTEM32\BRASTK.EXE

Trojan.Unknown Origin
C:\MY BACKUP -- 08-11-16 0744AM\WINDOWS\KARNA.DAT
C:\MY BACKUP -- 08-11-16 0744AM\WINDOWS\SYSTEM32\KARNA.DAT
C:\MY BACKUP -- 08-11-16 0744AM\WINDOWS\SYSTEM32\TDSSMTVD.DAT

Rootkit.Karna/Beep-Fake
C:\MY BACKUP -- 08-11-16 0744AM\WINDOWS\SYSTEM32\DLLCACHE\BEEP.SYS
C:\MY BACKUP -- 08-11-16 0744AM\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS

Rootkit.TDSServ-Trace
C:\MY BACKUP -- 08-11-16 0744AM\WINDOWS\SYSTEM32\TDSSLXWP.DLL

Rootkit.KInject
C:\PROGRAM FILES\COMMON FILES\AOL\1229970170\EE\F2BE36DB7FF70000\F2BE36DB7FF70000

Adware.SysGuard/FakeAlert-C
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP13\A0001163.EXE

Bitdefender Online Scanner:

BitDefender Online Scanner



Scan report generated at: Tue, Jun 09, 2009 - 01:11:50





Scan path: C:\;D:\;







Statistics

Time
01:54:49

Files
452402

Folders
14314

Boot Sectors
0

Archives
23553

Packed Files
28599




Results

Identified Viruses
16

Infected Files
41

Suspect Files
0

Warnings
0

Disinfected
1

Deleted Files
43




Engines Info

Virus Definitions
3347043

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn10=>wscui.cpl
Infected with: Trojan.FakeAlert.AOI

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn10=>wscui.cpl
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn10
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn12=>AntivirusPro2009.exe
Infected with: Trojan.Generic.1126096

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn12=>AntivirusPro2009.exe
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn12
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn13=>AVEngn.dll
Infected with: Trojan.FakeAlert.ANE

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn13=>AVEngn.dll
Disinfection failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn13=>AVEngn.dll
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn13
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn16=>wscui.cpl
Infected with: Trojan.FakeAlert.AOI

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn16=>wscui.cpl
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn16
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn18=>AntivirusPro2009.exe
Infected with: Trojan.Generic.1126096

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn18=>AntivirusPro2009.exe
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn18
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn19=>AVEngn.dll
Infected with: Trojan.FakeAlert.ANE

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn19=>AVEngn.dll
Disinfection failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn19=>AVEngn.dll
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn19
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn22=>wscui.cpl
Infected with: Trojan.FakeAlert.AOI

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn22=>wscui.cpl
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn22
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn3=>AntivirusPro2009.exe
Infected with: Trojan.Generic.1126096

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn3=>AntivirusPro2009.exe
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn3
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn4=>AVEngn.dll
Infected with: Trojan.FakeAlert.ANE

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn4=>AVEngn.dll
Disinfection failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn4=>AVEngn.dll
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn4
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn6=>AntivirusPro2009.exe
Infected with: Trojan.Generic.1126096

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn6=>AntivirusPro2009.exe
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn6
Update failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn7=>AVEngn.dll
Infected with: Trojan.FakeAlert.ANE

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn7=>AVEngn.dll
Disinfection failed

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn7=>AVEngn.dll
Deleted

C:\My Backup -- 08-11-16 0744AM\Documents and Settings\Owner.YOUR-EF331CC5E9\Local Settings\Temp\wrdwn7
Update failed

C:\My Backup -- 08-11-16 0744AM\Program Files\AntivirusPro2009\AVEngn.dll
Infected with: Trojan.FakeAlert.ANE

C:\My Backup -- 08-11-16 0744AM\Program Files\AntivirusPro2009\AVEngn.dll
Disinfection failed

C:\My Backup -- 08-11-16 0744AM\Program Files\AntivirusPro2009\AVEngn.dll
Deleted

C:\My Backup -- 08-11-16 0744AM\Program Files\AntivirusPro2009\Uninstall.exe
Infected with: Trojan.Generic.1190512

C:\My Backup -- 08-11-16 0744AM\Program Files\AntivirusPro2009\Uninstall.exe
Deleted

C:\My Backup -- 08-11-16 0744AM\Program Files\AntivirusPro2009\wscui.cpl
Infected with: Trojan.FakeAlert.AOI

C:\My Backup -- 08-11-16 0744AM\Program Files\AntivirusPro2009\wscui.cpl
Deleted

C:\My Backup -- 08-11-16 0744AM\Program Files\RegFixPro\RegCleaner.dll
Detected with: Application.Generic.40914

C:\My Backup -- 08-11-16 0744AM\Program Files\RegFixPro\RegCleaner.dll
Disinfection failed

C:\My Backup -- 08-11-16 0744AM\Program Files\RegFixPro\RegCleaner.dll
Deleted

C:\My Backup -- 08-11-16 0744AM\Program Files\RegFixPro\TCL.dll
Infected with: Backdoor.Generic.152815

C:\My Backup -- 08-11-16 0744AM\Program Files\RegFixPro\TCL.dll
Deleted

C:\My Backup -- 08-11-16 0744AM\Program Files\Trend Micro\Internet Security\Quarantine\24.tmp=>(Quarantine-4)
Infected with: Backdoor.Agent.ZWW

C:\My Backup -- 08-11-16 0744AM\Program Files\Trend Micro\Internet Security\Quarantine\24.tmp=>(Quarantine-4)
Deleted

C:\My Backup -- 08-11-16 0744AM\Program Files\Trend Micro\Internet Security\Quarantine\24.tmp
Deleted

C:\My Backup -- 08-11-16 0744AM\Program Files\Trend Micro\Internet Security\Quarantine\setup[1].exe=>(Quarantine-4)
Infected with: Trojan.Downloader.Zlob.ACOO

C:\My Backup -- 08-11-16 0744AM\Program Files\Trend Micro\Internet Security\Quarantine\setup[1].exe=>(Quarantine-4)
Deleted

C:\My Backup -- 08-11-16 0744AM\Program Files\Trend Micro\Internet Security\Quarantine\setup[1].exe
Deleted

C:\My Backup -- 08-11-16 0744AM\WINDOWS\system32\av.dat
Infected with: Trojan.Dropper.Small.NCO

C:\My Backup -- 08-11-16 0744AM\WINDOWS\system32\av.dat
Disinfection failed

C:\My Backup -- 08-11-16 0744AM\WINDOWS\system32\av.dat
Deleted

C:\My Backup -- 08-11-16 0744AM\WINDOWS\system32\TDSSkkbi.log
Infected with: Trojan.Agent.ALJZ

C:\My Backup -- 08-11-16 0744AM\WINDOWS\system32\TDSSkkbi.log
Disinfection failed

C:\My Backup -- 08-11-16 0744AM\WINDOWS\system32\TDSSkkbi.log
Deleted

C:\My Backup -- 08-11-16 0744AM\WINDOWS\system32\wini108016.exe
Infected with: Trojan.Generic.1190512

C:\My Backup -- 08-11-16 0744AM\WINDOWS\system32\wini108016.exe
Deleted

C:\My Backup -- 08-11-16 0744AM\WINDOWS\system32\_scui.cpl
Infected with: Trojan.FakeAlert.AOI

C:\My Backup -- 08-11-16 0744AM\WINDOWS\system32\_scui.cpl
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP25\A0003327.dll
Detected with: Application.Generic.119372

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP25\A0003327.dll
Disinfection failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP25\A0003327.dll
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP26\A0003340.dll
Infected with: Gen:Trojan.Heur.217C839898

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP26\A0003340.dll
Disinfection failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP26\A0003340.dll
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP28\A0005320.dll
Infected with: Gen:Trojan.Heur.217C839898

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP28\A0005320.dll
Disinfection failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP28\A0005320.dll
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP30\A0005328.dll
Infected with: Gen:Trojan.Heur.217C839898

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP30\A0005328.dll
Disinfection failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP30\A0005328.dll
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015934.exe
Infected with: Trojan.Generic.1126096

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015934.exe
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015935.exe
Infected with: Trojan.Downloader.FakeAV.J

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015935.exe
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015936.exe
Infected with: Trojan.Downloader.FakeAV.J

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015936.exe
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015937.sys
Infected with: Generic.Malware.P!.30753E88

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015937.sys
Disinfection failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015937.sys
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015938.sys
Infected with: Generic.Malware.P!.30753E88

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015938.sys
Disinfection failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015938.sys
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015939.dll
Infected with: Trojan.Vundo.GNA

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015939.dll
Disinfected

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015955.dll
Infected with: Trojan.FakeAlert.ANE

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015955.dll
Disinfection failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015955.dll
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015956.exe
Infected with: Trojan.Generic.1190512

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015956.exe
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015957.cpl
Infected with: Trojan.FakeAlert.AOI

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015957.cpl
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015958.dll
Detected with: Application.Generic.40914

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015958.dll
Disinfection failed

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015958.dll
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015959.dll
Infected with: Backdoor.Generic.152815

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015959.dll
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015960.exe=>(Quarantine-4)
Infected with: Trojan.Downloader.Zlob.ACOO

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015960.exe=>(Quarantine-4)
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015960.exe
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015961.exe
Infected with: Trojan.Generic.1190512

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015961.exe
Deleted

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015962.cpl
Infected with: Trojan.FakeAlert.AOI

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP43\A0015962.cpl
Deleted

C:\WINDOWS\system32\wbem\proquota.exe
Infected with: Trojan.Generic.1847117

C:\WINDOWS\system32\wbem\proquota.exe
Deleted

Malwarebytes (Full):

Malwarebytes' Anti-Malware 1.37
Database version: 2251
Windows 5.1.2600 Service Pack 2

6/9/2009 3:04:36 AM
mbam-log-2009-06-09 (03-04-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 257985
Time elapsed: 48 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\my backup -- 08-11-16 0744am\program files\antiviruspro2009\htmlayout.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
c:\my backup -- 08-11-16 0744am\program files\regfixpro\RegFixPro.exe (Rogue.RegFixPro) -> Quarantined and deleted successfully.
c:\program files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
d:\i386\Apps\App20460\imgvemver1.6.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
d:\i386\Apps\App31126\add-gateway.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\kb913800.exe (Trojan.Banker) -> Quarantined and deleted successfully.

Hello hiker75,

SUPERAntiSpyware is much more powerful in Safe Mode. Could you please run a scan with it in Safe Mode? If it comes back with anything, please post that log along with the Malwarebytes Full Scan log.

Alright.. here are the other logs you requested:

Malwarebytes (Full):

Malwarebytes' Anti-Malware 1.38
Database version: 2319
Windows 5.1.2600 Service Pack 2

6/21/2009 8:22:06 PM
mbam-log-2009-06-21 (20-22-06).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 245071
Time elapsed: 41 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{593f298f-b7d6-4a3d-a260-6d7e68e3f587}\RP60\A0024655.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

superantispyware (Safe):

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/21/2009 at 09:01 PM

Application Version : 4.26.1004

Core Rules Database Version : 3949
Trace Rules Database Version: 1891

Scan type : Complete Scan
Total Scan Time : 00:31:50

Memory items scanned : 202
Memory threats detected : 0
Registry items scanned : 6063
Registry threats detected : 0
File items scanned : 36635
File threats detected : 6

Adware.Tracking Cookie
C:\Documents and Settings\Owner.YOUR-102D8B3109\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner.YOUR-102D8B3109\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner.YOUR-102D8B3109\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner.YOUR-102D8B3109\Cookies\owner@at.atwola[1].txt
C:\Documents and Settings\Owner.YOUR-102D8B3109\Cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner.YOUR-102D8B3109\Cookies\owner@doubleclick[1].txt

Thanks.

Hello hiker75

These new logs are looking good. . . all SAS found were some tracking cookies, and the only file MBAM detected is in the system restore directory, which we shall now purge.

Disable and Enable System Restore. - You should disable and enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to disable and enable system restore here: Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above.


EDIT: Is the computer running normally now?

Edited by Blade Zephon, 21 June 2009 - 08:30 PM.

Yeah.. everything seems to be running normally...

I'll flush system restore as well.

Thanks.

It's my pleasure. Looks like this one curled up and died quite nicely