Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiMalware Doctor is persistent!


  • This topic is locked This topic is locked
13 replies to this topic

#1 Sue in Michigan

Sue in Michigan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 24 July 2010 - 12:16 PM

Hello,

I am running Windows XP Home and have had the AntiMalware Doctor virus since last Sunday.

I have followed the instructions for removing AntiMalware Doctor on your site including using rkill and running Malwarebytes but my PC is not back to normal. I no longer see the AntiMalware popups, but I cannot run executable files "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them."

I am currently loading any utility programs to a flash drive on another computer and then accessing them on the mal-functioning computer.

I have run scans that are clean using the following software:
MBAM
SyBot
SpySweeper
SuperAntiSpyware
AVG Free
Bit Defender Online

yet I know that my computer is still infected in some way.

I maintain 4 computers in our household and usually if there are issues I can find a site like this, follow the instructions and fix the problem. This problem has been so frustrating!!! I have followed your suggested 10 steps and information is provided below or attached. I really appreciate that your forum is available to help and I look forward to your advice. THANK YOU!

Sue

DDS.TXT (Attached are attach.txt and ark.txt)

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 11:27:32.59 on Sat 07/24/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1406.749 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
G:\Defogger.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3124
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3124
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe"
mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] "c:\progra~1\avg\avg9\avgtray.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
dRun: [Power2GoExpress] NA
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: unolingopuzzle.com\www
DPF: Web-Based Email Tools - hxxp://email00.secureserver.net/Download.CAB
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab51831.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab41227.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\vrzs5jmn.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-21 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-21 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-21 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-21 308136]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2010-7-22 1201640]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

=============== Created Last 30 ================

2010-07-24 15:22:30 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-07-23 01:57:36 0 d-----w- c:\program files\Ask.com
2010-07-23 01:57:02 0 d-----w- c:\program files\MSSOAP
2010-07-23 01:55:14 164 ----a-w- c:\windows\install.dat
2010-07-22 10:32:18 0 d--h--w- C:\$AVG
2010-07-22 02:03:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-22 02:03:48 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-22 02:03:41 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-22 02:03:28 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-22 01:58:46 0 d-----w- c:\program files\AVG
2010-07-22 01:58:27 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-22 01:05:11 525824 ----a-w- C:\dds.scr
2010-07-21 23:28:19 555328 ----a-w- c:\windows\umcat_01.db
2010-07-21 01:23:56 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-21 01:18:23 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-07-20 11:17:05 293376 ----a-w- C:\bd6df90cgmer.exe
2010-07-20 01:46:14 0 d-----w- c:\program files\Exterminate It!
2010-07-19 23:45:19 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-19 23:38:46 2343 ----a-w- c:\windows\lsrslt.ini
2010-07-19 23:30:24 11041840 ----a-w- C:\SAS_072B82.COM
2010-07-19 23:22:54 9070816 ----a-w- C:\SUPERAntiSpyware.exe
2010-07-19 21:24:01 363520 ----a-w- C:\rkill.com
2010-07-19 20:44:46 0 d--h--w- c:\windows\PIF
2010-07-05 14:54:28 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM
2010-07-05 14:54:07 0 d-----w- c:\program files\AIM
2010-07-05 14:54:05 0 d-----w- c:\program files\common files\Software Update Utility
2010-06-30 09:55:28 0 d-----w- c:\program files\common files\Symantec Shared
2010-06-30 00:49:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-06-30 00:49:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-06-30 00:49:11 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-06-29 21:48:59 0 d-----w- c:\windows\system32\Adobe

==================== Find3M ====================

2010-06-04 20:34:26 3299855 ----a-w- c:\docume~1\owner\applic~1\activesue.zip
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 11:28:03.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:03:25 AM

Posted 01 August 2010 - 07:22 PM

Hi Sue
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log to help you get cleaned up.

Please do this.

Download the exe fix from here. Extract the file from the zip and double click (it's a reg file) to merge with the registry. If windows does not know what program to open it with, browse to and select C:\Windows\regedit.exe (need known file extensions showing from Folder Options) and it should merge.

Now this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.
  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • Vista users right click Combofix.exe and select Run As Administrator.
  • When finished, it shall produce a log for you. Post the Combofix log
Note: Do not mouse click combofix's window while its running. That may cause it to stall

If you are prompted to install the Recovery Console, Please do so.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#3 Sue in Michigan

Sue in Michigan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 02 August 2010 - 06:33 AM

I have run the Combofix program and attached the log. It appears to have fixed some of the issues I had prior to running it -- like not be able to run some EXE programs. I will wait for your further advice. Thanks for your help!

Attached Files



#4 Sue in Michigan

Sue in Michigan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 02 August 2010 - 05:59 PM

Maranatha,

So sorry, but I just reread your post and realized that I did not do the registry name fixes before running Combofix. I have done that now. Should I rerun Combofix and post logs again?

Thank you. My system does seem better smile.gif
Sue

#5 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:03:25 AM

Posted 02 August 2010 - 07:20 PM

Hi
QUOTE
Should I rerun Combofix and post logs again?

No, That is OK
I'll get back to you ASAP with more instructions, give me a chance to look through your log.

BTW, Please copy and paste any logs into the thread, don't attach them. It makes them harder to rear whem attached.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#6 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:03:25 AM

Posted 02 August 2010 - 09:15 PM

Hi
I'm going to ask you to remove some programs.
Please do the following in the order given.(This is important)

Please go to Start > Control Panel > Add/Remove Programs (Windows Vista it’s Programs and Features) and remove the following (if present):

Ad-Aware SE Personal
Exterminate It!
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update
Spybot - Search & Destroy 1.4
SUPERAntiSpyware


Now do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.

Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

CODE
File::
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
C:\SAS_072B82.COM
C:\SUPERAntiSpyware.exe
c:\documents and settings\Owner\Application Data\activesue.zip
c:\documents and settings\Owner\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\windows\pss\Antimalware Doctor.lnkStartup
c:\windows\system32\dfttuyo.exe
c:\windows\system32\dfttuyox.exe
c:\windows\system32\msmxjchn.dll
Folder::
c:\windows\BDOSCAN8
c:\program files\Exterminate It!
c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
c:\program files\SUPERAntiSpyware
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
c:\documents and settings\All Users\Application Data\McAfee
c:\program files\mcafee.com
c:\documents and settings\All Users\Application Data\Norton
c:\program files\Common Files\Symantec Shared
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\Owner\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\windows\pss\Antimalware Doctor.lnkStartup
Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Antimalware Doctor.lnk]
Driver::
SASDIFSV
SASKUTIL
dfttuyo
dfttuyox
sxuluj


Please post the Combofix log.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#7 Sue in Michigan

Sue in Michigan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 03 August 2010 - 06:23 PM

Maranatha,

Thanks for your continuing assistance.

I uninstalled the 6 items you requested.

I ran Comboxfix with the CFScript.txt as you prescribed.

I got a message from ComboFix saying that it wanted to submit information online.

I got a message saying
"Webserver appears to be temporarily inaccessible. For your convenience, Combofix created a submissions format, C:\CF-Submit.htm. Please use that to manually upload it later."

I tried opening the htm file and it asked me to point to a zip file on the C: drive called [4]-Submit_2010_08_03_17.57.15.zip and hit send. I did, but got another error.

"There was a problem with the submission. Please submit the name of the file, size of the file and error code below" It said Unknown error and Error number was blank.

When I looked at the zip file, it was almost 20MB, which may be why it didn't tranfer. Inside the Zip was the SuperAntiSpyware app and SAS_072B82.com app. I made a copy of the zip, deleted the 2 apps and then tried resubmitting. The Zip file after was only 126K and submitted fine then.

Comboxfix log posted below.

Please advise next steps. Thanks!

ComboFix 10-08-03.01 - Owner 08/03/2010 17:57:33.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1406.867 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll"
"c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll"
"c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL"
"c:\documents and settings\Owner\Application Data\activesue.zip"
"c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll"
"c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll"
"c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL"
"c:\documents and settings\Owner\Start Menu\Programs\Startup\Antimalware Doctor.lnk"
"C:\SAS_072B82.COM"
"C:\SUPERAntiSpyware.exe"
"c:\windows\pss\Antimalware Doctor.lnkStartup"
"c:\windows\system32\dfttuyo.exe"
"c:\windows\system32\dfttuyox.exe"
"c:\windows\system32\msmxjchn.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-7-20-2010( 21-24-1 ).SDB
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 07-20-2010 - 21-25-16.log
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 07-20-2010 - 21-45-20.log
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.BIN
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.DB
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.DB
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\All Users\Application Data\McAfee
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\aol.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\Cleanup000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\Common000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\mccore.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\mccore.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\msvcrt.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\msxml4.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\oasbin.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\oasbin.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\oasres.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\oasres.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\unicows.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\unicows.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vsmain.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vsmain.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vso.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vso.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vsoeng.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vsores.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vsores.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vspost.inf000.log
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Norton\symdata.xml
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-29-2010-20h49m10s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-29-2010-20h49m10s\NortonInstall-06-29-2010-20h49m10s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-30-2010-16h26m55s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-30-2010-16h26m55s\NortonInstall-06-30-2010-16h26m55s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-30-2010-16h27m56s\NortonInstall-06-30-2010-16h27m56s.log
c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\symdata.xml
c:\documents and settings\Owner\Application Data\activesue.zip
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\umcat_01.db
c:\program files\mcafee.com
C:\SAS_072B82.COM
C:\SUPERAntiSpyware.exe
c:\windows\BDOSCAN8
c:\windows\BDOSCAN8\avxdisk.dll
c:\windows\BDOSCAN8\avxs.dll
c:\windows\BDOSCAN8\avxt.dll
c:\windows\BDOSCAN8\bdcore.dll
c:\windows\BDOSCAN8\bdoscan.ini
c:\windows\BDOSCAN8\bdoscan.log
c:\windows\BDOSCAN8\boot.xmd
c:\windows\BDOSCAN8\ipsupd.dll
c:\windows\BDOSCAN8\lang.ini
c:\windows\BDOSCAN8\libfn.dll
c:\windows\BDOSCAN8\librtvr.dll
c:\windows\BDOSCAN8\live.ini
c:\windows\BDOSCAN8\oscan82.ocx
c:\windows\BDOSCAN8\plugins.htm
c:\windows\BDOSCAN8\Plugins\7zip.xmd
c:\windows\BDOSCAN8\Plugins\access.xmd
c:\windows\BDOSCAN8\Plugins\ace.xmd
c:\windows\BDOSCAN8\Plugins\adsntfs.xmd
c:\windows\BDOSCAN8\Plugins\alz.xmd
c:\windows\BDOSCAN8\Plugins\arc.xmd
c:\windows\BDOSCAN8\Plugins\arj.xmd
c:\windows\BDOSCAN8\Plugins\aspy_emu.cvd
c:\windows\BDOSCAN8\Plugins\bach.xmd
c:\windows\BDOSCAN8\Plugins\boot.xmd
c:\windows\BDOSCAN8\Plugins\bzip2.xmd
c:\windows\BDOSCAN8\Plugins\cab.xmd
c:\windows\BDOSCAN8\Plugins\ceva_dll.cvd
c:\windows\BDOSCAN8\Plugins\ceva_emu.cvd
c:\windows\BDOSCAN8\Plugins\ceva_vfs.cvd
c:\windows\BDOSCAN8\Plugins\ceva_vfs.ivd
c:\windows\BDOSCAN8\Plugins\cevakrnl.cvd
c:\windows\BDOSCAN8\Plugins\cevakrnl.ivd
c:\windows\BDOSCAN8\Plugins\cevakrnl.rv0
c:\windows\BDOSCAN8\Plugins\cevakrnl.rv1
c:\windows\BDOSCAN8\Plugins\cevakrnl.rv2
c:\windows\BDOSCAN8\Plugins\cevakrnl.rv3
c:\windows\BDOSCAN8\Plugins\cevakrnl.rv4
c:\windows\BDOSCAN8\Plugins\cevakrnl.rv5
c:\windows\BDOSCAN8\Plugins\cevakrnl.rv6
c:\windows\BDOSCAN8\Plugins\cevakrnl.rv7
c:\windows\BDOSCAN8\Plugins\cevakrnl.rv8
c:\windows\BDOSCAN8\Plugins\cevakrnl.rv9
c:\windows\BDOSCAN8\Plugins\cevakrnl.rvd
c:\windows\BDOSCAN8\Plugins\cevakrnl.xmd
c:\windows\BDOSCAN8\Plugins\chm.xmd
c:\windows\BDOSCAN8\Plugins\cookie.cvd
c:\windows\BDOSCAN8\Plugins\cookie.xmd
c:\windows\BDOSCAN8\Plugins\cpio.xmd
c:\windows\BDOSCAN8\Plugins\cran.cvd
c:\windows\BDOSCAN8\Plugins\cran.ivd
c:\windows\BDOSCAN8\Plugins\cran.xmd
c:\windows\BDOSCAN8\Plugins\dbx.xmd
c:\windows\BDOSCAN8\Plugins\disp.xmd
c:\windows\BDOSCAN8\Plugins\docfile.xmd
c:\windows\BDOSCAN8\Plugins\dummyarch.xmd
c:\windows\BDOSCAN8\Plugins\dummyscan.xmd
c:\windows\BDOSCAN8\Plugins\e_spyw.cvd
c:\windows\BDOSCAN8\Plugins\e_spyw.i01
c:\windows\BDOSCAN8\Plugins\e_spyw.i02
c:\windows\BDOSCAN8\Plugins\e_spyw.i03
c:\windows\BDOSCAN8\Plugins\e_spyw.i04
c:\windows\BDOSCAN8\Plugins\e_spyw.i05
c:\windows\BDOSCAN8\Plugins\e_spyw.i06
c:\windows\BDOSCAN8\Plugins\e_spyw.i07
c:\windows\BDOSCAN8\Plugins\e_spyw.i08
c:\windows\BDOSCAN8\Plugins\e_spyw.i09
c:\windows\BDOSCAN8\Plugins\e_spyw.i10
c:\windows\BDOSCAN8\Plugins\e_spyw.i11
c:\windows\BDOSCAN8\Plugins\e_spyw.i12
c:\windows\BDOSCAN8\Plugins\e_spyw.i13
c:\windows\BDOSCAN8\Plugins\e_spyw.i14
c:\windows\BDOSCAN8\Plugins\e_spyw.i15
c:\windows\BDOSCAN8\Plugins\e_spyw.i16
c:\windows\BDOSCAN8\Plugins\e_spyw.i17
c:\windows\BDOSCAN8\Plugins\e_spyw.i18
c:\windows\BDOSCAN8\Plugins\e_spyw.i19
c:\windows\BDOSCAN8\Plugins\e_spyw.i20
c:\windows\BDOSCAN8\Plugins\e_spyw.i21
c:\windows\BDOSCAN8\Plugins\e_spyw.i22
c:\windows\BDOSCAN8\Plugins\e_spyw.i23
c:\windows\BDOSCAN8\Plugins\e_spyw.i24
c:\windows\BDOSCAN8\Plugins\e_spyw.i25
c:\windows\BDOSCAN8\Plugins\e_spyw.i26
c:\windows\BDOSCAN8\Plugins\e_spyw.i27
c:\windows\BDOSCAN8\Plugins\e_spyw.i28
c:\windows\BDOSCAN8\Plugins\e_spyw.i29
c:\windows\BDOSCAN8\Plugins\e_spyw.i30
c:\windows\BDOSCAN8\Plugins\e_spyw.i31
c:\windows\BDOSCAN8\Plugins\e_spyw.i32
c:\windows\BDOSCAN8\Plugins\e_spyw.i33
c:\windows\BDOSCAN8\Plugins\e_spyw.i34
c:\windows\BDOSCAN8\Plugins\e_spyw.i35
c:\windows\BDOSCAN8\Plugins\e_spyw.i36
c:\windows\BDOSCAN8\Plugins\e_spyw.i37
c:\windows\BDOSCAN8\Plugins\e_spyw.i38
c:\windows\BDOSCAN8\Plugins\e_spyw.i39
c:\windows\BDOSCAN8\Plugins\e_spyw.i40
c:\windows\BDOSCAN8\Plugins\e_spyw.i41
c:\windows\BDOSCAN8\Plugins\e_spyw.i42
c:\windows\BDOSCAN8\Plugins\e_spyw.i43
c:\windows\BDOSCAN8\Plugins\e_spyw.i44
c:\windows\BDOSCAN8\Plugins\e_spyw.i45
c:\windows\BDOSCAN8\Plugins\e_spyw.i46
c:\windows\BDOSCAN8\Plugins\e_spyw.i47
c:\windows\BDOSCAN8\Plugins\e_spyw.i48
c:\windows\BDOSCAN8\Plugins\e_spyw.i49
c:\windows\BDOSCAN8\Plugins\e_spyw.ivd
c:\windows\BDOSCAN8\Plugins\emalware.001
c:\windows\BDOSCAN8\Plugins\emalware.002
c:\windows\BDOSCAN8\Plugins\emalware.003
c:\windows\BDOSCAN8\Plugins\emalware.004
c:\windows\BDOSCAN8\Plugins\emalware.005
c:\windows\BDOSCAN8\Plugins\emalware.006
c:\windows\BDOSCAN8\Plugins\emalware.007
c:\windows\BDOSCAN8\Plugins\emalware.008
c:\windows\BDOSCAN8\Plugins\emalware.009
c:\windows\BDOSCAN8\Plugins\emalware.010
c:\windows\BDOSCAN8\Plugins\emalware.011
c:\windows\BDOSCAN8\Plugins\emalware.012
c:\windows\BDOSCAN8\Plugins\emalware.013
c:\windows\BDOSCAN8\Plugins\emalware.014
c:\windows\BDOSCAN8\Plugins\emalware.015
c:\windows\BDOSCAN8\Plugins\emalware.016
c:\windows\BDOSCAN8\Plugins\emalware.017
c:\windows\BDOSCAN8\Plugins\emalware.018
c:\windows\BDOSCAN8\Plugins\emalware.019
c:\windows\BDOSCAN8\Plugins\emalware.020
c:\windows\BDOSCAN8\Plugins\emalware.021
c:\windows\BDOSCAN8\Plugins\emalware.022
c:\windows\BDOSCAN8\Plugins\emalware.023
c:\windows\BDOSCAN8\Plugins\emalware.024
c:\windows\BDOSCAN8\Plugins\emalware.025
c:\windows\BDOSCAN8\Plugins\emalware.026
c:\windows\BDOSCAN8\Plugins\emalware.027
c:\windows\BDOSCAN8\Plugins\emalware.028
c:\windows\BDOSCAN8\Plugins\emalware.029
c:\windows\BDOSCAN8\Plugins\emalware.030
c:\windows\BDOSCAN8\Plugins\emalware.031
c:\windows\BDOSCAN8\Plugins\emalware.032
c:\windows\BDOSCAN8\Plugins\emalware.033
c:\windows\BDOSCAN8\Plugins\emalware.034
c:\windows\BDOSCAN8\Plugins\emalware.035
c:\windows\BDOSCAN8\Plugins\emalware.036
c:\windows\BDOSCAN8\Plugins\emalware.037
c:\windows\BDOSCAN8\Plugins\emalware.038
c:\windows\BDOSCAN8\Plugins\emalware.039
c:\windows\BDOSCAN8\Plugins\emalware.040
c:\windows\BDOSCAN8\Plugins\emalware.041
c:\windows\BDOSCAN8\Plugins\emalware.042
c:\windows\BDOSCAN8\Plugins\emalware.043
c:\windows\BDOSCAN8\Plugins\emalware.044
c:\windows\BDOSCAN8\Plugins\emalware.045
c:\windows\BDOSCAN8\Plugins\emalware.046
c:\windows\BDOSCAN8\Plugins\emalware.047
c:\windows\BDOSCAN8\Plugins\emalware.048
c:\windows\BDOSCAN8\Plugins\emalware.049
c:\windows\BDOSCAN8\Plugins\emalware.050
c:\windows\BDOSCAN8\Plugins\emalware.051
c:\windows\BDOSCAN8\Plugins\emalware.052
c:\windows\BDOSCAN8\Plugins\emalware.053
c:\windows\BDOSCAN8\Plugins\emalware.054
c:\windows\BDOSCAN8\Plugins\emalware.055
c:\windows\BDOSCAN8\Plugins\emalware.056
c:\windows\BDOSCAN8\Plugins\emalware.057
c:\windows\BDOSCAN8\Plugins\emalware.058
c:\windows\BDOSCAN8\Plugins\emalware.059
c:\windows\BDOSCAN8\Plugins\emalware.060
c:\windows\BDOSCAN8\Plugins\emalware.061
c:\windows\BDOSCAN8\Plugins\emalware.062
c:\windows\BDOSCAN8\Plugins\emalware.063
c:\windows\BDOSCAN8\Plugins\emalware.064
c:\windows\BDOSCAN8\Plugins\emalware.065
c:\windows\BDOSCAN8\Plugins\emalware.066
c:\windows\BDOSCAN8\Plugins\emalware.067
c:\windows\BDOSCAN8\Plugins\emalware.068
c:\windows\BDOSCAN8\Plugins\emalware.069
c:\windows\BDOSCAN8\Plugins\emalware.070
c:\windows\BDOSCAN8\Plugins\emalware.071
c:\windows\BDOSCAN8\Plugins\emalware.072
c:\windows\BDOSCAN8\Plugins\emalware.073
c:\windows\BDOSCAN8\Plugins\emalware.074
c:\windows\BDOSCAN8\Plugins\emalware.075
c:\windows\BDOSCAN8\Plugins\emalware.076
c:\windows\BDOSCAN8\Plugins\emalware.077
c:\windows\BDOSCAN8\Plugins\emalware.078
c:\windows\BDOSCAN8\Plugins\emalware.079
c:\windows\BDOSCAN8\Plugins\emalware.080
c:\windows\BDOSCAN8\Plugins\emalware.081
c:\windows\BDOSCAN8\Plugins\emalware.082
c:\windows\BDOSCAN8\Plugins\emalware.083
c:\windows\BDOSCAN8\Plugins\emalware.084
c:\windows\BDOSCAN8\Plugins\emalware.085
c:\windows\BDOSCAN8\Plugins\emalware.086
c:\windows\BDOSCAN8\Plugins\emalware.087
c:\windows\BDOSCAN8\Plugins\emalware.088
c:\windows\BDOSCAN8\Plugins\emalware.089
c:\windows\BDOSCAN8\Plugins\emalware.090
c:\windows\BDOSCAN8\Plugins\emalware.091
c:\windows\BDOSCAN8\Plugins\emalware.092
c:\windows\BDOSCAN8\Plugins\emalware.093
c:\windows\BDOSCAN8\Plugins\emalware.094
c:\windows\BDOSCAN8\Plugins\emalware.095
c:\windows\BDOSCAN8\Plugins\emalware.096
c:\windows\BDOSCAN8\Plugins\emalware.097
c:\windows\BDOSCAN8\Plugins\emalware.098
c:\windows\BDOSCAN8\Plugins\emalware.099
c:\windows\BDOSCAN8\Plugins\emalware.100
c:\windows\BDOSCAN8\Plugins\emalware.101
c:\windows\BDOSCAN8\Plugins\emalware.102
c:\windows\BDOSCAN8\Plugins\emalware.103
c:\windows\BDOSCAN8\Plugins\emalware.104
c:\windows\BDOSCAN8\Plugins\emalware.105
c:\windows\BDOSCAN8\Plugins\emalware.106
c:\windows\BDOSCAN8\Plugins\emalware.107
c:\windows\BDOSCAN8\Plugins\emalware.108
c:\windows\BDOSCAN8\Plugins\emalware.109
c:\windows\BDOSCAN8\Plugins\emalware.110
c:\windows\BDOSCAN8\Plugins\emalware.111
c:\windows\BDOSCAN8\Plugins\emalware.112
c:\windows\BDOSCAN8\Plugins\emalware.113
c:\windows\BDOSCAN8\Plugins\emalware.114
c:\windows\BDOSCAN8\Plugins\emalware.115
c:\windows\BDOSCAN8\Plugins\emalware.116
c:\windows\BDOSCAN8\Plugins\emalware.117
c:\windows\BDOSCAN8\Plugins\emalware.118
c:\windows\BDOSCAN8\Plugins\emalware.119
c:\windows\BDOSCAN8\Plugins\emalware.120
c:\windows\BDOSCAN8\Plugins\emalware.121
c:\windows\BDOSCAN8\Plugins\emalware.122
c:\windows\BDOSCAN8\Plugins\emalware.123
c:\windows\BDOSCAN8\Plugins\emalware.124
c:\windows\BDOSCAN8\Plugins\emalware.125
c:\windows\BDOSCAN8\Plugins\emalware.126
c:\windows\BDOSCAN8\Plugins\emalware.127
c:\windows\BDOSCAN8\Plugins\emalware.128
c:\windows\BDOSCAN8\Plugins\emalware.129
c:\windows\BDOSCAN8\Plugins\emalware.130
c:\windows\BDOSCAN8\Plugins\emalware.131
c:\windows\BDOSCAN8\Plugins\emalware.132
c:\windows\BDOSCAN8\Plugins\emalware.133
c:\windows\BDOSCAN8\Plugins\emalware.134
c:\windows\BDOSCAN8\Plugins\emalware.135
c:\windows\BDOSCAN8\Plugins\emalware.136
c:\windows\BDOSCAN8\Plugins\emalware.137
c:\windows\BDOSCAN8\Plugins\emalware.138
c:\windows\BDOSCAN8\Plugins\emalware.139
c:\windows\BDOSCAN8\Plugins\emalware.140
c:\windows\BDOSCAN8\Plugins\emalware.141
c:\windows\BDOSCAN8\Plugins\emalware.142
c:\windows\BDOSCAN8\Plugins\emalware.143
c:\windows\BDOSCAN8\Plugins\emalware.144
c:\windows\BDOSCAN8\Plugins\emalware.145
c:\windows\BDOSCAN8\Plugins\emalware.146
c:\windows\BDOSCAN8\Plugins\emalware.147
c:\windows\BDOSCAN8\Plugins\emalware.148
c:\windows\BDOSCAN8\Plugins\emalware.149
c:\windows\BDOSCAN8\Plugins\emalware.150
c:\windows\BDOSCAN8\Plugins\emalware.151
c:\windows\BDOSCAN8\Plugins\emalware.152
c:\windows\BDOSCAN8\Plugins\emalware.153
c:\windows\BDOSCAN8\Plugins\emalware.154
c:\windows\BDOSCAN8\Plugins\emalware.155
c:\windows\BDOSCAN8\Plugins\emalware.156
c:\windows\BDOSCAN8\Plugins\emalware.157
c:\windows\BDOSCAN8\Plugins\emalware.158
c:\windows\BDOSCAN8\Plugins\emalware.159
c:\windows\BDOSCAN8\Plugins\emalware.160
c:\windows\BDOSCAN8\Plugins\emalware.161
c:\windows\BDOSCAN8\Plugins\emalware.162
c:\windows\BDOSCAN8\Plugins\emalware.163
c:\windows\BDOSCAN8\Plugins\emalware.164
c:\windows\BDOSCAN8\Plugins\emalware.165
c:\windows\BDOSCAN8\Plugins\emalware.166
c:\windows\BDOSCAN8\Plugins\emalware.167
c:\windows\BDOSCAN8\Plugins\emalware.168
c:\windows\BDOSCAN8\Plugins\emalware.169
c:\windows\BDOSCAN8\Plugins\emalware.170
c:\windows\BDOSCAN8\Plugins\emalware.171
c:\windows\BDOSCAN8\Plugins\emalware.172
c:\windows\BDOSCAN8\Plugins\emalware.173
c:\windows\BDOSCAN8\Plugins\emalware.174
c:\windows\BDOSCAN8\Plugins\emalware.175
c:\windows\BDOSCAN8\Plugins\emalware.176
c:\windows\BDOSCAN8\Plugins\emalware.177
c:\windows\BDOSCAN8\Plugins\emalware.178
c:\windows\BDOSCAN8\Plugins\emalware.179
c:\windows\BDOSCAN8\Plugins\emalware.180
c:\windows\BDOSCAN8\Plugins\emalware.181
c:\windows\BDOSCAN8\Plugins\emalware.182
c:\windows\BDOSCAN8\Plugins\emalware.183
c:\windows\BDOSCAN8\Plugins\emalware.184
c:\windows\BDOSCAN8\Plugins\emalware.185
c:\windows\BDOSCAN8\Plugins\emalware.186
c:\windows\BDOSCAN8\Plugins\emalware.187
c:\windows\BDOSCAN8\Plugins\emalware.188
c:\windows\BDOSCAN8\Plugins\emalware.189
c:\windows\BDOSCAN8\Plugins\emalware.190
c:\windows\BDOSCAN8\Plugins\emalware.191
c:\windows\BDOSCAN8\Plugins\emalware.192
c:\windows\BDOSCAN8\Plugins\emalware.193
c:\windows\BDOSCAN8\Plugins\emalware.194
c:\windows\BDOSCAN8\Plugins\emalware.195
c:\windows\BDOSCAN8\Plugins\emalware.196
c:\windows\BDOSCAN8\Plugins\emalware.197
c:\windows\BDOSCAN8\Plugins\emalware.198
c:\windows\BDOSCAN8\Plugins\emalware.199
c:\windows\BDOSCAN8\Plugins\emalware.200
c:\windows\BDOSCAN8\Plugins\emalware.201
c:\windows\BDOSCAN8\Plugins\emalware.202
c:\windows\BDOSCAN8\Plugins\emalware.203
c:\windows\BDOSCAN8\Plugins\emalware.204
c:\windows\BDOSCAN8\Plugins\emalware.205
c:\windows\BDOSCAN8\Plugins\emalware.206
c:\windows\BDOSCAN8\Plugins\emalware.207
c:\windows\BDOSCAN8\Plugins\emalware.208
c:\windows\BDOSCAN8\Plugins\emalware.209
c:\windows\BDOSCAN8\Plugins\emalware.210
c:\windows\BDOSCAN8\Plugins\emalware.211
c:\windows\BDOSCAN8\Plugins\emalware.212
c:\windows\BDOSCAN8\Plugins\emalware.213
c:\windows\BDOSCAN8\Plugins\emalware.214
c:\windows\BDOSCAN8\Plugins\emalware.215
c:\windows\BDOSCAN8\Plugins\emalware.216
c:\windows\BDOSCAN8\Plugins\emalware.217
c:\windows\BDOSCAN8\Plugins\emalware.218
c:\windows\BDOSCAN8\Plugins\emalware.219
c:\windows\BDOSCAN8\Plugins\emalware.220
c:\windows\BDOSCAN8\Plugins\emalware.221
c:\windows\BDOSCAN8\Plugins\emalware.222
c:\windows\BDOSCAN8\Plugins\emalware.223
c:\windows\BDOSCAN8\Plugins\emalware.224
c:\windows\BDOSCAN8\Plugins\emalware.225
c:\windows\BDOSCAN8\Plugins\emalware.226
c:\windows\BDOSCAN8\Plugins\emalware.227
c:\windows\BDOSCAN8\Plugins\emalware.228
c:\windows\BDOSCAN8\Plugins\emalware.229
c:\windows\BDOSCAN8\Plugins\emalware.230
c:\windows\BDOSCAN8\Plugins\emalware.231
c:\windows\BDOSCAN8\Plugins\emalware.232
c:\windows\BDOSCAN8\Plugins\emalware.233
c:\windows\BDOSCAN8\Plugins\emalware.234
c:\windows\BDOSCAN8\Plugins\emalware.235
c:\windows\BDOSCAN8\Plugins\emalware.236
c:\windows\BDOSCAN8\Plugins\emalware.237
c:\windows\BDOSCAN8\Plugins\emalware.238
c:\windows\BDOSCAN8\Plugins\emalware.239
c:\windows\BDOSCAN8\Plugins\emalware.240
c:\windows\BDOSCAN8\Plugins\emalware.241
c:\windows\BDOSCAN8\Plugins\emalware.242
c:\windows\BDOSCAN8\Plugins\emalware.243
c:\windows\BDOSCAN8\Plugins\emalware.244
c:\windows\BDOSCAN8\Plugins\emalware.245
c:\windows\BDOSCAN8\Plugins\emalware.246
c:\windows\BDOSCAN8\Plugins\emalware.247
c:\windows\BDOSCAN8\Plugins\emalware.248
c:\windows\BDOSCAN8\Plugins\emalware.249
c:\windows\BDOSCAN8\Plugins\emalware.250
c:\windows\BDOSCAN8\Plugins\emalware.251
c:\windows\BDOSCAN8\Plugins\emalware.252
c:\windows\BDOSCAN8\Plugins\emalware.253
c:\windows\BDOSCAN8\Plugins\emalware.254
c:\windows\BDOSCAN8\Plugins\emalware.255
c:\windows\BDOSCAN8\Plugins\emalware.256
c:\windows\BDOSCAN8\Plugins\emalware.257
c:\windows\BDOSCAN8\Plugins\emalware.258
c:\windows\BDOSCAN8\Plugins\emalware.259
c:\windows\BDOSCAN8\Plugins\emalware.260
c:\windows\BDOSCAN8\Plugins\emalware.261
c:\windows\BDOSCAN8\Plugins\emalware.262
c:\windows\BDOSCAN8\Plugins\emalware.263
c:\windows\BDOSCAN8\Plugins\emalware.264
c:\windows\BDOSCAN8\Plugins\emalware.265
c:\windows\BDOSCAN8\Plugins\emalware.266
c:\windows\BDOSCAN8\Plugins\emalware.267
c:\windows\BDOSCAN8\Plugins\emalware.268
c:\windows\BDOSCAN8\Plugins\emalware.269
c:\windows\BDOSCAN8\Plugins\emalware.270
c:\windows\BDOSCAN8\Plugins\emalware.271
c:\windows\BDOSCAN8\Plugins\emalware.272
c:\windows\BDOSCAN8\Plugins\emalware.273
c:\windows\BDOSCAN8\Plugins\emalware.274
c:\windows\BDOSCAN8\Plugins\emalware.275
c:\windows\BDOSCAN8\Plugins\emalware.276
c:\windows\BDOSCAN8\Plugins\emalware.277
c:\windows\BDOSCAN8\Plugins\emalware.278
c:\windows\BDOSCAN8\Plugins\emalware.279
c:\windows\BDOSCAN8\Plugins\emalware.280
c:\windows\BDOSCAN8\Plugins\emalware.281
c:\windows\BDOSCAN8\Plugins\emalware.282
c:\windows\BDOSCAN8\Plugins\emalware.283
c:\windows\BDOSCAN8\Plugins\emalware.284
c:\windows\BDOSCAN8\Plugins\emalware.285
c:\windows\BDOSCAN8\Plugins\emalware.286
c:\windows\BDOSCAN8\Plugins\emalware.287
c:\windows\BDOSCAN8\Plugins\emalware.288
c:\windows\BDOSCAN8\Plugins\emalware.289
c:\windows\BDOSCAN8\Plugins\emalware.290
c:\windows\BDOSCAN8\Plugins\emalware.291
c:\windows\BDOSCAN8\Plugins\emalware.292
c:\windows\BDOSCAN8\Plugins\emalware.293
c:\windows\BDOSCAN8\Plugins\emalware.294
c:\windows\BDOSCAN8\Plugins\emalware.295
c:\windows\BDOSCAN8\Plugins\emalware.296
c:\windows\BDOSCAN8\Plugins\emalware.297
c:\windows\BDOSCAN8\Plugins\emalware.298
c:\windows\BDOSCAN8\Plugins\emalware.299
c:\windows\BDOSCAN8\Plugins\emalware.300
c:\windows\BDOSCAN8\Plugins\emalware.301
c:\windows\BDOSCAN8\Plugins\emalware.302
c:\windows\BDOSCAN8\Plugins\emalware.303
c:\windows\BDOSCAN8\Plugins\emalware.304
c:\windows\BDOSCAN8\Plugins\emalware.305
c:\windows\BDOSCAN8\Plugins\emalware.306
c:\windows\BDOSCAN8\Plugins\emalware.307
c:\windows\BDOSCAN8\Plugins\emalware.308
c:\windows\BDOSCAN8\Plugins\emalware.309
c:\windows\BDOSCAN8\Plugins\emalware.310
c:\windows\BDOSCAN8\Plugins\emalware.311
c:\windows\BDOSCAN8\Plugins\emalware.312
c:\windows\BDOSCAN8\Plugins\emalware.313
c:\windows\BDOSCAN8\Plugins\emalware.314
c:\windows\BDOSCAN8\Plugins\emalware.315
c:\windows\BDOSCAN8\Plugins\emalware.316
c:\windows\BDOSCAN8\Plugins\emalware.317
c:\windows\BDOSCAN8\Plugins\emalware.318
c:\windows\BDOSCAN8\Plugins\emalware.319
c:\windows\BDOSCAN8\Plugins\emalware.320
c:\windows\BDOSCAN8\Plugins\emalware.321
c:\windows\BDOSCAN8\Plugins\emalware.322
c:\windows\BDOSCAN8\Plugins\emalware.323
c:\windows\BDOSCAN8\Plugins\emalware.324
c:\windows\BDOSCAN8\Plugins\emalware.325
c:\windows\BDOSCAN8\Plugins\emalware.326
c:\windows\BDOSCAN8\Plugins\emalware.327
c:\windows\BDOSCAN8\Plugins\emalware.328
c:\windows\BDOSCAN8\Plugins\emalware.329
c:\windows\BDOSCAN8\Plugins\emalware.330
c:\windows\BDOSCAN8\Plugins\emalware.331
c:\windows\BDOSCAN8\Plugins\emalware.332
c:\windows\BDOSCAN8\Plugins\emalware.333
c:\windows\BDOSCAN8\Plugins\emalware.334
c:\windows\BDOSCAN8\Plugins\emalware.335
c:\windows\BDOSCAN8\Plugins\emalware.336
c:\windows\BDOSCAN8\Plugins\emalware.337
c:\windows\BDOSCAN8\Plugins\emalware.338
c:\windows\BDOSCAN8\Plugins\emalware.339
c:\windows\BDOSCAN8\Plugins\emalware.340
c:\windows\BDOSCAN8\Plugins\emalware.341
c:\windows\BDOSCAN8\Plugins\emalware.342
c:\windows\BDOSCAN8\Plugins\emalware.343
c:\windows\BDOSCAN8\Plugins\emalware.344
c:\windows\BDOSCAN8\Plugins\emalware.345
c:\windows\BDOSCAN8\Plugins\emalware.346
c:\windows\BDOSCAN8\Plugins\emalware.347
c:\windows\BDOSCAN8\Plugins\emalware.348
c:\windows\BDOSCAN8\Plugins\emalware.349
c:\windows\BDOSCAN8\Plugins\emalware.350
c:\windows\BDOSCAN8\Plugins\emalware.351
c:\windows\BDOSCAN8\Plugins\emalware.352
c:\windows\BDOSCAN8\Plugins\emalware.353
c:\windows\BDOSCAN8\Plugins\emalware.354
c:\windows\BDOSCAN8\Plugins\emalware.355
c:\windows\BDOSCAN8\Plugins\emalware.356
c:\windows\BDOSCAN8\Plugins\emalware.357
c:\windows\BDOSCAN8\Plugins\emalware.358
c:\windows\BDOSCAN8\Plugins\emalware.359
c:\windows\BDOSCAN8\Plugins\emalware.360
c:\windows\BDOSCAN8\Plugins\emalware.361
c:\windows\BDOSCAN8\Plugins\emalware.362
c:\windows\BDOSCAN8\Plugins\emalware.363
c:\windows\BDOSCAN8\Plugins\emalware.364
c:\windows\BDOSCAN8\Plugins\emalware.365
c:\windows\BDOSCAN8\Plugins\emalware.366
c:\windows\BDOSCAN8\Plugins\emalware.367
c:\windows\BDOSCAN8\Plugins\emalware.368
c:\windows\BDOSCAN8\Plugins\emalware.369
c:\windows\BDOSCAN8\Plugins\emalware.370
c:\windows\BDOSCAN8\Plugins\emalware.371
c:\windows\BDOSCAN8\Plugins\emalware.372
c:\windows\BDOSCAN8\Plugins\emalware.373
c:\windows\BDOSCAN8\Plugins\emalware.374
c:\windows\BDOSCAN8\Plugins\emalware.375
c:\windows\BDOSCAN8\Plugins\emalware.376
c:\windows\BDOSCAN8\Plugins\emalware.377
c:\windows\BDOSCAN8\Plugins\emalware.378
c:\windows\BDOSCAN8\Plugins\emalware.379
c:\windows\BDOSCAN8\Plugins\emalware.380
c:\windows\BDOSCAN8\Plugins\emalware.381
c:\windows\BDOSCAN8\Plugins\emalware.382
c:\windows\BDOSCAN8\Plugins\emalware.383
c:\windows\BDOSCAN8\Plugins\emalware.384
c:\windows\BDOSCAN8\Plugins\emalware.385
c:\windows\BDOSCAN8\Plugins\emalware.386
c:\windows\BDOSCAN8\Plugins\emalware.387
c:\windows\BDOSCAN8\Plugins\emalware.388
c:\windows\BDOSCAN8\Plugins\emalware.389
c:\windows\BDOSCAN8\Plugins\emalware.390
c:\windows\BDOSCAN8\Plugins\emalware.391
c:\windows\BDOSCAN8\Plugins\emalware.392
c:\windows\BDOSCAN8\Plugins\emalware.393
c:\windows\BDOSCAN8\Plugins\emalware.394
c:\windows\BDOSCAN8\Plugins\emalware.395
c:\windows\BDOSCAN8\Plugins\emalware.396
c:\windows\BDOSCAN8\Plugins\emalware.397
c:\windows\BDOSCAN8\Plugins\emalware.398
c:\windows\BDOSCAN8\Plugins\emalware.399
c:\windows\BDOSCAN8\Plugins\emalware.400
c:\windows\BDOSCAN8\Plugins\emalware.401
c:\windows\BDOSCAN8\Plugins\emalware.402
c:\windows\BDOSCAN8\Plugins\emalware.403
c:\windows\BDOSCAN8\Plugins\emalware.404
c:\windows\BDOSCAN8\Plugins\emalware.405
c:\windows\BDOSCAN8\Plugins\emalware.406
c:\windows\BDOSCAN8\Plugins\emalware.407
c:\windows\BDOSCAN8\Plugins\emalware.408
c:\windows\BDOSCAN8\Plugins\emalware.409
c:\windows\BDOSCAN8\Plugins\emalware.410
c:\windows\BDOSCAN8\Plugins\emalware.411
c:\windows\BDOSCAN8\Plugins\emalware.412
c:\windows\BDOSCAN8\Plugins\emalware.413
c:\windows\BDOSCAN8\Plugins\emalware.414
c:\windows\BDOSCAN8\Plugins\emalware.415
c:\windows\BDOSCAN8\Plugins\emalware.416
c:\windows\BDOSCAN8\Plugins\emalware.417
c:\windows\BDOSCAN8\Plugins\emalware.418
c:\windows\BDOSCAN8\Plugins\emalware.419
c:\windows\BDOSCAN8\Plugins\emalware.420
c:\windows\BDOSCAN8\Plugins\emalware.421
c:\windows\BDOSCAN8\Plugins\emalware.422
c:\windows\BDOSCAN8\Plugins\emalware.423
c:\windows\BDOSCAN8\Plugins\emalware.424
c:\windows\BDOSCAN8\Plugins\emalware.425
c:\windows\BDOSCAN8\Plugins\emalware.426
c:\windows\BDOSCAN8\Plugins\emalware.427
c:\windows\BDOSCAN8\Plugins\emalware.428
c:\windows\BDOSCAN8\Plugins\emalware.429
c:\windows\BDOSCAN8\Plugins\emalware.430
c:\windows\BDOSCAN8\Plugins\emalware.431
c:\windows\BDOSCAN8\Plugins\emalware.432
c:\windows\BDOSCAN8\Plugins\emalware.433
c:\windows\BDOSCAN8\Plugins\emalware.434
c:\windows\BDOSCAN8\Plugins\emalware.435
c:\windows\BDOSCAN8\Plugins\emalware.436
c:\windows\BDOSCAN8\Plugins\emalware.437
c:\windows\BDOSCAN8\Plugins\emalware.438
c:\windows\BDOSCAN8\Plugins\emalware.439
c:\windows\BDOSCAN8\Plugins\emalware.440
c:\windows\BDOSCAN8\Plugins\emalware.441
c:\windows\BDOSCAN8\Plugins\emalware.442
c:\windows\BDOSCAN8\Plugins\emalware.443
c:\windows\BDOSCAN8\Plugins\emalware.444
c:\windows\BDOSCAN8\Plugins\emalware.445
c:\windows\BDOSCAN8\Plugins\emalware.446
c:\windows\BDOSCAN8\Plugins\emalware.447
c:\windows\BDOSCAN8\Plugins\emalware.448
c:\windows\BDOSCAN8\Plugins\emalware.449
c:\windows\BDOSCAN8\Plugins\emalware.450
c:\windows\BDOSCAN8\Plugins\emalware.451
c:\windows\BDOSCAN8\Plugins\emalware.452
c:\windows\BDOSCAN8\Plugins\emalware.453
c:\windows\BDOSCAN8\Plugins\emalware.454
c:\windows\BDOSCAN8\Plugins\emalware.455
c:\windows\BDOSCAN8\Plugins\emalware.456
c:\windows\BDOSCAN8\Plugins\emalware.457
c:\windows\BDOSCAN8\Plugins\emalware.458
c:\windows\BDOSCAN8\Plugins\emalware.459
c:\windows\BDOSCAN8\Plugins\emalware.460
c:\windows\BDOSCAN8\Plugins\emalware.461
c:\windows\BDOSCAN8\Plugins\emalware.462
c:\windows\BDOSCAN8\Plugins\emalware.463
c:\windows\BDOSCAN8\Plugins\emalware.464
c:\windows\BDOSCAN8\Plugins\emalware.465
c:\windows\BDOSCAN8\Plugins\emalware.466
c:\windows\BDOSCAN8\Plugins\emalware.467
c:\windows\BDOSCAN8\Plugins\emalware.468
c:\windows\BDOSCAN8\Plugins\emalware.469
c:\windows\BDOSCAN8\Plugins\emalware.470
c:\windows\BDOSCAN8\Plugins\emalware.471
c:\windows\BDOSCAN8\Plugins\emalware.472
c:\windows\BDOSCAN8\Plugins\emalware.473
c:\windows\BDOSCAN8\Plugins\emalware.474
c:\windows\BDOSCAN8\Plugins\emalware.475
c:\windows\BDOSCAN8\Plugins\emalware.476
c:\windows\BDOSCAN8\Plugins\emalware.477
c:\windows\BDOSCAN8\Plugins\emalware.478
c:\windows\BDOSCAN8\Plugins\emalware.479
c:\windows\BDOSCAN8\Plugins\emalware.480
c:\windows\BDOSCAN8\Plugins\emalware.481
c:\windows\BDOSCAN8\Plugins\emalware.482
c:\windows\BDOSCAN8\Plugins\emalware.483
c:\windows\BDOSCAN8\Plugins\emalware.484
c:\windows\BDOSCAN8\Plugins\emalware.485
c:\windows\BDOSCAN8\Plugins\emalware.486
c:\windows\BDOSCAN8\Plugins\emalware.487
c:\windows\BDOSCAN8\Plugins\emalware.488
c:\windows\BDOSCAN8\Plugins\emalware.489
c:\windows\BDOSCAN8\Plugins\emalware.490
c:\windows\BDOSCAN8\Plugins\emalware.491
c:\windows\BDOSCAN8\Plugins\emalware.492
c:\windows\BDOSCAN8\Plugins\emalware.493
c:\windows\BDOSCAN8\Plugins\emalware.494
c:\windows\BDOSCAN8\Plugins\emalware.495
c:\windows\BDOSCAN8\Plugins\emalware.496
c:\windows\BDOSCAN8\Plugins\emalware.497
c:\windows\BDOSCAN8\Plugins\emalware.498
c:\windows\BDOSCAN8\Plugins\emalware.499
c:\windows\BDOSCAN8\Plugins\emalware.c00
c:\windows\BDOSCAN8\Plugins\emalware.c01
c:\windows\BDOSCAN8\Plugins\emalware.c02
c:\windows\BDOSCAN8\Plugins\emalware.c03
c:\windows\BDOSCAN8\Plugins\emalware.c04
c:\windows\BDOSCAN8\Plugins\emalware.c05
c:\windows\BDOSCAN8\Plugins\emalware.c06
c:\windows\BDOSCAN8\Plugins\emalware.c07
c:\windows\BDOSCAN8\Plugins\emalware.c08
c:\windows\BDOSCAN8\Plugins\emalware.c09
c:\windows\BDOSCAN8\Plugins\emalware.c10
c:\windows\BDOSCAN8\Plugins\emalware.c11
c:\windows\BDOSCAN8\Plugins\emalware.cvd
c:\windows\BDOSCAN8\Plugins\emalware.i01
c:\windows\BDOSCAN8\Plugins\emalware.i02
c:\windows\BDOSCAN8\Plugins\emalware.i03
c:\windows\BDOSCAN8\Plugins\emalware.i04
c:\windows\BDOSCAN8\Plugins\emalware.i05
c:\windows\BDOSCAN8\Plugins\emalware.i06
c:\windows\BDOSCAN8\Plugins\emalware.i07
c:\windows\BDOSCAN8\Plugins\emalware.i08
c:\windows\BDOSCAN8\Plugins\emalware.i09
c:\windows\BDOSCAN8\Plugins\emalware.i10
c:\windows\BDOSCAN8\Plugins\emalware.i11
c:\windows\BDOSCAN8\Plugins\emalware.i12
c:\windows\BDOSCAN8\Plugins\emalware.i13
c:\windows\BDOSCAN8\Plugins\emalware.i14
c:\windows\BDOSCAN8\Plugins\emalware.i15
c:\windows\BDOSCAN8\Plugins\emalware.i16
c:\windows\BDOSCAN8\Plugins\emalware.i17
c:\windows\BDOSCAN8\Plugins\emalware.i18
c:\windows\BDOSCAN8\Plugins\emalware.i19
c:\windows\BDOSCAN8\Plugins\emalware.i20
c:\windows\BDOSCAN8\Plugins\emalware.i21
c:\windows\BDOSCAN8\Plugins\emalware.i22
c:\windows\BDOSCAN8\Plugins\emalware.i23
c:\windows\BDOSCAN8\Plugins\emalware.i24
c:\windows\BDOSCAN8\Plugins\emalware.i25
c:\windows\BDOSCAN8\Plugins\emalware.i26
c:\windows\BDOSCAN8\Plugins\emalware.i27
c:\windows\BDOSCAN8\Plugins\emalware.i28
c:\windows\BDOSCAN8\Plugins\emalware.i29
c:\windows\BDOSCAN8\Plugins\emalware.i30
c:\windows\BDOSCAN8\Plugins\emalware.i31
c:\windows\BDOSCAN8\Plugins\emalware.i32
c:\windows\BDOSCAN8\Plugins\emalware.i33
c:\windows\BDOSCAN8\Plugins\emalware.i34
c:\windows\BDOSCAN8\Plugins\emalware.i35
c:\windows\BDOSCAN8\Plugins\emalware.i36
c:\windows\BDOSCAN8\Plugins\emalware.i37
c:\windows\BDOSCAN8\Plugins\emalware.i38
c:\windows\BDOSCAN8\Plugins\emalware.i39
c:\windows\BDOSCAN8\Plugins\emalware.i40
c:\windows\BDOSCAN8\Plugins\emalware.i41
c:\windows\BDOSCAN8\Plugins\emalware.i42
c:\windows\BDOSCAN8\Plugins\emalware.i43
c:\windows\BDOSCAN8\Plugins\emalware.i44
c:\windows\BDOSCAN8\Plugins\emalware.i45
c:\windows\BDOSCAN8\Plugins\emalware.i46
c:\windows\BDOSCAN8\Plugins\emalware.i47
c:\windows\BDOSCAN8\Plugins\emalware.i48
c:\windows\BDOSCAN8\Plugins\emalware.i49
c:\windows\BDOSCAN8\Plugins\emalware.i50
c:\windows\BDOSCAN8\Plugins\emalware.i51
c:\windows\BDOSCAN8\Plugins\emalware.i52
c:\windows\BDOSCAN8\Plugins\emalware.i53
c:\windows\BDOSCAN8\Plugins\emalware.i54
c:\windows\BDOSCAN8\Plugins\emalware.i55
c:\windows\BDOSCAN8\Plugins\emalware.i56
c:\windows\BDOSCAN8\Plugins\emalware.i57
c:\windows\BDOSCAN8\Plugins\emalware.i58
c:\windows\BDOSCAN8\Plugins\emalware.i59
c:\windows\BDOSCAN8\Plugins\emalware.i60
c:\windows\BDOSCAN8\Plugins\emalware.i61
c:\windows\BDOSCAN8\Plugins\emalware.i62
c:\windows\BDOSCAN8\Plugins\emalware.i63
c:\windows\BDOSCAN8\Plugins\emalware.i64
c:\windows\BDOSCAN8\Plugins\emalware.i65
c:\windows\BDOSCAN8\Plugins\emalware.i66
c:\windows\BDOSCAN8\Plugins\emalware.i67
c:\windows\BDOSCAN8\Plugins\emalware.i68
c:\windows\BDOSCAN8\Plugins\emalware.i69
c:\windows\BDOSCAN8\Plugins\emalware.i70
c:\windows\BDOSCAN8\Plugins\emalware.i71
c:\windows\BDOSCAN8\Plugins\emalware.i72
c:\windows\BDOSCAN8\Plugins\emalware.i73
c:\windows\BDOSCAN8\Plugins\emalware.i74
c:\windows\BDOSCAN8\Plugins\emalware.i75
c:\windows\BDOSCAN8\Plugins\emalware.i76
c:\windows\BDOSCAN8\Plugins\emalware.i77
c:\windows\BDOSCAN8\Plugins\emalware.i78
c:\windows\BDOSCAN8\Plugins\emalware.i79
c:\windows\BDOSCAN8\Plugins\emalware.i80
c:\windows\BDOSCAN8\Plugins\emalware.i81
c:\windows\BDOSCAN8\Plugins\emalware.i82
c:\windows\BDOSCAN8\Plugins\emalware.i83
c:\windows\BDOSCAN8\Plugins\emalware.i84
c:\windows\BDOSCAN8\Plugins\emalware.i85
c:\windows\BDOSCAN8\Plugins\emalware.i86
c:\windows\BDOSCAN8\Plugins\emalware.i87
c:\windows\BDOSCAN8\Plugins\emalware.i88
c:\windows\BDOSCAN8\Plugins\emalware.i89
c:\windows\BDOSCAN8\Plugins\emalware.i90
c:\windows\BDOSCAN8\Plugins\emalware.i91
c:\windows\BDOSCAN8\Plugins\emalware.i92
c:\windows\BDOSCAN8\Plugins\emalware.i93
c:\windows\BDOSCAN8\Plugins\emalware.i94
c:\windows\BDOSCAN8\Plugins\emalware.i95
c:\windows\BDOSCAN8\Plugins\emalware.i96
c:\windows\BDOSCAN8\Plugins\emalware.i97
c:\windows\BDOSCAN8\Plugins\emalware.i98
c:\windows\BDOSCAN8\Plugins\emalware.i99
c:\windows\BDOSCAN8\Plugins\emalware.ivd
c:\windows\BDOSCAN8\Plugins\emalware.xmd
c:\windows\BDOSCAN8\Plugins\epoc.xmd
c:\windows\BDOSCAN8\Plugins\gvmscripts.cvd
c:\windows\BDOSCAN8\Plugins\gzip.xmd
c:\windows\BDOSCAN8\Plugins\ha.xmd
c:\windows\BDOSCAN8\Plugins\hlp.xmd
c:\windows\BDOSCAN8\Plugins\hpe.cvd
c:\windows\BDOSCAN8\Plugins\hpe.xmd
c:\windows\BDOSCAN8\Plugins\hqx.xmd
c:\windows\BDOSCAN8\Plugins\html.xmd
c:\windows\BDOSCAN8\Plugins\imp.xmd
c:\windows\BDOSCAN8\Plugins\inno.xmd
c:\windows\BDOSCAN8\Plugins\instyler.xmd
c:\windows\BDOSCAN8\Plugins\iso.xmd
c:\windows\BDOSCAN8\Plugins\java.cvd
c:\windows\BDOSCAN8\Plugins\java.xmd
c:\windows\BDOSCAN8\Plugins\jpeg.xmd
c:\windows\BDOSCAN8\Plugins\lha.xmd
c:\windows\BDOSCAN8\Plugins\lnk.xmd
c:\windows\BDOSCAN8\Plugins\mbox.xmd
c:\windows\BDOSCAN8\Plugins\mbx.xmd
c:\windows\BDOSCAN8\Plugins\mdx.xmd
c:\windows\BDOSCAN8\Plugins\mdx_97.cvd
c:\windows\BDOSCAN8\Plugins\mdx_97.ivd
c:\windows\BDOSCAN8\Plugins\mdx_w95.cvd
c:\windows\BDOSCAN8\Plugins\mdx_x95.cvd
c:\windows\BDOSCAN8\Plugins\mdx_xf.cvd
c:\windows\BDOSCAN8\Plugins\mime.xmd
c:\windows\BDOSCAN8\Plugins\mobmalware.cvd
c:\windows\BDOSCAN8\Plugins\mobmalware.xmd
c:\windows\BDOSCAN8\Plugins\mso.xmd
c:\windows\BDOSCAN8\Plugins\na.cvd
c:\windows\BDOSCAN8\Plugins\na.xmd
c:\windows\BDOSCAN8\Plugins\nelf.cvd
c:\windows\BDOSCAN8\Plugins\nelf.xmd
c:\windows\BDOSCAN8\Plugins\nsis.xmd
c:\windows\BDOSCAN8\Plugins\objd.xmd
c:\windows\BDOSCAN8\Plugins\orice.rvd
c:\windows\BDOSCAN8\Plugins\pdf.xmd
c:\windows\BDOSCAN8\Plugins\proc.xmd
c:\windows\BDOSCAN8\Plugins\pst.xmd
c:\windows\BDOSCAN8\Plugins\quickbfc.xmd
c:\windows\BDOSCAN8\Plugins\rar.xmd
c:\windows\BDOSCAN8\Plugins\regarch.cvd
c:\windows\BDOSCAN8\Plugins\regarch.xmd
c:\windows\BDOSCAN8\Plugins\regscan.cvd
c:\windows\BDOSCAN8\Plugins\regscan.xmd
c:\windows\BDOSCAN8\Plugins\rpm.xmd
c:\windows\BDOSCAN8\Plugins\rtf.xmd
c:\windows\BDOSCAN8\Plugins\rup.cvd
c:\windows\BDOSCAN8\Plugins\rup.xmd
c:\windows\BDOSCAN8\Plugins\sdx.cvd
c:\windows\BDOSCAN8\Plugins\sdx.ivd
c:\windows\BDOSCAN8\Plugins\sdx.xmd
c:\windows\BDOSCAN8\Plugins\sfx.xmd
c:\windows\BDOSCAN8\Plugins\swf.xmd
c:\windows\BDOSCAN8\Plugins\tar.xmd
c:\windows\BDOSCAN8\Plugins\td0.xmd
c:\windows\BDOSCAN8\Plugins\thebat.xmd
c:\windows\BDOSCAN8\Plugins\tnef.xmd
c:\windows\BDOSCAN8\Plugins\uif.xmd
c:\windows\BDOSCAN8\Plugins\unpack.cvd
c:\windows\BDOSCAN8\Plugins\unpack.ivd
c:\windows\BDOSCAN8\Plugins\unpack.xmd
c:\windows\BDOSCAN8\Plugins\update.txt
c:\windows\BDOSCAN8\Plugins\uudecode.xmd
c:\windows\BDOSCAN8\Plugins\ve.cvd
c:\windows\BDOSCAN8\Plugins\ve.ivd
c:\windows\BDOSCAN8\Plugins\ve.xmd
c:\windows\BDOSCAN8\Plugins\vedata.cvd
c:\windows\BDOSCAN8\Plugins\viza.xmd
c:\windows\BDOSCAN8\Plugins\wise.xmd
c:\windows\BDOSCAN8\Plugins\xar.xmd
c:\windows\BDOSCAN8\Plugins\xcookies.xmd
c:\windows\BDOSCAN8\Plugins\xishield.xmd
c:\windows\BDOSCAN8\Plugins\xlmrd.cvd
c:\windows\BDOSCAN8\Plugins\xlmrd.ivd
c:\windows\BDOSCAN8\Plugins\z.xmd
c:\windows\BDOSCAN8\Plugins\zip.xmd
c:\windows\BDOSCAN8\Plugins\zoo.xmd
c:\windows\BDOSCAN8\rtvr.html
c:\windows\BDOSCAN8\rtvr_rep.html
c:\windows\BDOSCAN8\rtvr2.html
c:\windows\BDOSCAN8\scanoptions.tsi
c:\windows\BDOSCAN8\scanoptions.tsk
c:\windows\BDOSCAN8\scanrep.html
c:\windows\BDOSCAN8\scanres.html
c:\windows\BDOSCAN8\scanres2.html
c:\windows\BDOSCAN8\versions.dat.E1C5D885B85ECDBC2003620A013AC736
c:\windows\BDOSCAN8\versions.dat.E658AEFE91DB8F659AA487CA0F96AD22
c:\windows\pss\Antimalware Doctor.lnkStartup

.
((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-08-02 21:44 . 2010-08-02 21:44 -------- d-----w- C:\regfixes
2010-08-01 20:42 . 2010-08-01 20:42 452104 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\setup.exe
2010-07-23 10:36 . 2010-07-26 06:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AskToolbar
2010-07-23 01:57 . 2010-07-23 23:02 -------- d-----w- c:\program files\Ask.com
2010-07-23 01:57 . 2010-07-23 01:57 -------- d-----w- c:\program files\MSSOAP
2010-07-23 01:55 . 2010-07-23 01:55 164 ----a-w- c:\windows\install.dat
2010-07-22 13:57 . 2010-07-22 13:57 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-22 13:57 . 2010-07-22 13:57 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-22 13:57 . 2010-07-22 13:57 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-22 13:57 . 2010-07-22 13:57 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-22 10:32 . 2010-07-22 10:32 -------- d-----w- C:\$AVG
2010-07-22 02:03 . 2010-07-22 02:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-22 02:03 . 2010-07-22 02:03 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-22 02:03 . 2010-07-22 02:03 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-22 02:03 . 2010-07-22 02:03 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-22 02:03 . 2010-08-03 21:50 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-22 01:58 . 2010-07-22 01:58 -------- d-----w- c:\program files\AVG
2010-07-22 01:58 . 2010-07-22 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-22 01:05 . 2010-07-21 11:00 525824 ----a-w- C:\dds.scr
2010-07-21 10:42 . 2010-07-21 10:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2010-07-20 11:17 . 2010-07-20 10:29 293376 ----a-w- C:\bd6df90cgmer.exe
2010-07-20 02:13 . 2010-07-20 02:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-20 01:39 . 2010-07-20 01:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-19 21:24 . 2010-07-19 21:23 363520 ----a-w- C:\rkill.com
2010-07-19 20:44 . 2010-07-19 20:44 -------- d--h--w- c:\windows\PIF
2010-07-19 20:40 . 2009-12-15 09:35 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Raga_Refresh.dll
2010-07-19 20:40 . 2009-12-14 21:00 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Almaak.dll
2010-07-19 20:40 . 2009-12-14 19:06 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Thailand.dll
2010-07-19 20:40 . 2009-12-14 19:03 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Strauss.dll
2010-07-19 20:40 . 2009-12-17 05:09 49241 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_BunkerHill.dll
2010-07-19 20:40 . 2009-12-16 12:07 136528 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\Vercopy.exe
2010-07-19 20:40 . 2009-12-15 11:14 95568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\RunOnce.exe
2010-07-19 20:40 . 2009-12-15 11:33 120144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\SBFix.exe
2010-07-19 11:27 . 2010-07-19 11:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2010-07-05 14:55 . 2010-07-05 14:55 -------- d-----w- c:\documents and settings\Owner\Application Data\acccore
2010-07-05 14:55 . 2010-07-08 23:53 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AIM
2010-07-05 14:54 . 2010-07-05 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-07-05 14:54 . 2010-07-05 14:54 -------- d-----w- c:\program files\AIM
2010-07-05 14:54 . 2010-07-05 14:54 -------- d-----w- c:\program files\Common Files\Software Update Utility

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 21:44 . 2007-04-02 14:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-03 21:42 . 2007-04-02 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-03 21:41 . 2006-06-27 16:41 -------- d-----w- c:\program files\Java
2010-07-30 03:00 . 2008-05-05 00:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Webroot
2010-07-23 10:34 . 2008-05-05 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-07-22 01:47 . 2006-06-27 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-07-22 01:47 . 2006-06-27 16:46 -------- d-----w- c:\program files\Common Files\AOL
2010-07-21 10:43 . 2010-07-19 23:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2010-07-19 20:40 . 2006-08-16 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-07-03 04:29 . 2010-04-05 01:33 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
2010-06-30 20:30 . 2008-08-12 12:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-24 01:47 . 2007-11-12 15:32 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-09 02:52 . 2010-02-07 16:38 1128072 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-21 18:14 . 2009-10-03 06:02 221568 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-01_21.12.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-26 18:07 . 2010-08-03 21:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-26 18:07 . 2010-08-01 20:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-26 18:07 . 2010-08-03 21:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-08-26 18:07 . 2010-08-01 20:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-26 18:07 . 2010-08-03 21:44 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-26 18:07 . 2010-08-01 20:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-08-03 21:41 . 2008-06-10 06:32 139264 c:\windows\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2010-01-19 42392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-29 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-22 2065760]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-22 02:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2005-07-12 05:17 50776 ----a-w- c:\progra~1\AMERIC~1.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2008-06-10 20:18 785520 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-06-27 16:34 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1155751015\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-09-18 15:32 7204864 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-09-18 15:32 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-09-18 15:32 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
2004-04-05 21:33 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 00:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 10:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-26 22:07 90112 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 08:10 49263 ----a-w- c:\program files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-19 13:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-29 21:17 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\AOL\\1155751015\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\1155751015\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/21/2010 10:03 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/21/2010 10:03 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/21/2010 10:00 PM 308136]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [7/22/2010 9:57 PM 1201640]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
Contents of the 'Scheduled Tasks' folder

2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-08-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3124
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: unolingopuzzle.com\www
DPF: Web-Based Email Tools - hxxp://email00.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vrzs5jmn.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&apn_uid=523A8416-9A69-488B-9D5E-4ED0392223ED&apn_ptnrs=W5&apn_sauid=8653A087-36F6-4EEE-B953-0402B2007D75&apn_dtid=YYYYYYYYUS&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-03 18:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-03 18:06:05
ComboFix-quarantined-files.txt 2010-08-03 22:05

Pre-Run: 80,919,785,472 bytes free
Post-Run: 80,866,926,592 bytes free

- - End Of File - - BEF76B7ABB83667D48CE4ABF680B1E8C


#8 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:03:25 AM

Posted 03 August 2010 - 10:28 PM

Hi
OK that looks good.
How is everything working? Let me know.

Please do this next.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

c:\program files\Spybot - Search & Destroy
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy



Please download JavaRa and save the file to your desktop.
  • Right click and Extract All
  • Once extracted, open and run JavaRa.exe
  • Click Search For Updates
  • Select Update Using jucheck.exe
  • Click Search
  • If a newer version is found, allow it to be installed
  • Uncheck the Google Toolbar option. (if you don't want the Google tool bar)
  • When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
  • When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
  • Exit the tool when complete.
Read and then You can delete the gpl-2.0.txt file.

Now do this.

I see you have CCleaner, please run it.
Do NOT do anything with the Registry with CCleaner, you can mess things up good.

Now this.

Please do an online scan with Kaspersky WebScanner Using Internet Explorer Browser.

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on Accept, If your pop up blocker blocks any windows from opening.

Read then Click Accept on the Information page.
Windows Vista users you must open the web browser using the Run as Administrator command.
  • The program will launch and then begin downloading the latest definition files:
  • Under Scan on the left side, Click on My Computer
  • This will start the program and scan your system.
  • Click the “Scan Report” On the left side.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
  • Save the text file to your desktop.
  • Copy and paste that information in your next post.
Please post the Kaspersky results.

Thanks
maranatha

Edited by maranatha, 03 August 2010 - 10:34 PM.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#9 Sue in Michigan

Sue in Michigan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 04 August 2010 - 08:05 PM


Followed your steps.

1. Deleted both folders - they did exist.

2. Ran JavaRa. When I clicked Search for updates, it just sat there and did not provide any additional choices or screens, so I assume that no new updates were available. I then closed the JavaRa app.

3. Ran CCleaner.

4. Ran Kaspersky. No threats found. Log here:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, August 4, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, August 04, 2010 18:14:14
Records in database: 4147643
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Objects scanned: 71824
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:03:35

No threats found. Scanned area is clean.

Selected area has been scanned.

6. Computer seems to behave normally again. Do I have a clean bill of health now? Thanks for all your assistance. I could not have done it without you!

#10 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:03:25 AM

Posted 04 August 2010 - 09:50 PM

Hi
OK your Java is out of date, Lets update manually.

Updating Java and Clearing Cache
  1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  2. It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  3. If you are unable to update you can manually update by going here:
  4. After the reboot, go back into the Control Panel and double-click the Java Icon.
  5. On the general tab, at the bottom it has "temporary internet files"
  6. Click the settings button. Then the Delete files button.
  7. There are two options in the window to clear the cache - Leave both Checked
      Applications and Applets
      Trace and Log files
  8. Click OK
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  9. Click OK to leave the Java Control Panel.
  10. Always Delete older versions from Add/Remove list.

Now do this.

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

This will uninstall ComboFix and remove the files/folders it created.
This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually.

Please delete DDS and its log also GMER and its log.

Let me know that this all went OK and I'll give you some preventive recommendations.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#11 Sue in Michigan

Sue in Michigan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 05 August 2010 - 06:22 PM

All went OK.

Updated Java.

Uninstalled Combofix.

Looking good. thumbup2.gif

#12 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:03:25 AM

Posted 05 August 2010 - 09:33 PM

Hi Sue
OK that's good, Good Job thumbup.gif

You should be good to go.

Here are a few Preventive recommendations:

The following is a list of tools and utilities that we recommend to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  1. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.
    To do this just Click > Start > All Programs Click on > Windows Update, and follow the online instructions from there.
    (It is recommended that you have Windows Updates set to download and install automatically.)

  2. Malwarebytes' Anti-Malware (MBAM)
    http://www.malwarebytes.org/mbam.php (Home page)
    Malwarebytes' Anti-Malware is considered to be the next step in the detection and removal of malware.
    Some Key Features:
    Operating Systems: Microsoft ® Windows 2000, XP, Vista and 7 (32-bit and 64-bit).
    Database updates released daily.
    Works together with other anti-malware utilities.
    This is a free program with the option of Activating a full version, unlocking realtime protection, scheduled scanning, and scheduled updating. There is a one time fee for the full version.
    Remember to ALWAYS check for and install available updates prior to scanning!

  3. SpywareBlaster is a Freeware (for personal use) application that will help to prevent the installation of spyware and other potentially unwanted software. It accomplishes this by blocking the installation of many known bad ActiveX controls, spyware and tracking cookies, and restricting the actions of potentially unwanted sites. SpywareBlaster does not require any running or background processes to work once protections are enabled, which means it will not slow down your system in any way.
    Remember to check for and install available updates once a month!


  4. SpywareGuard - A Spyware "Shield" to protect your computer, acting much like your antivirus real-time protection. It's features include scanning files for spyware before you open them, blocking spyware downloads in Internet Explorer and monitoring/preventing attempted browser hijacking. Small and lightweight, yet powerful! Compatible with Windows 98, ME, 2000 & XP
    FREEWARE (for personal use)

  5. The MVPS Hosts File or similar HOSTS file will actually block a list of known bad sites from even loading in your browser. It can also be used to block ads, banners, 3rd party cookies and more. Operating system compatibility and installation instructions are provided.

  6. Install WinPatrol to monitor some key registry locations, file system changes, and other important areas, and have it alert you of the changes BEFORE allowing them to take place.

  7. Another thing we would suggest is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites. When using a search engine, The Ratings show up as small dots next to the web site. Green for Good, Yellow for Caution, Red for bad. Set your cursor on the dot for a small pop up window that provides more information on that web site.
    Web Browser: Internet Explorer 6 or 7. : Also works with Firefox.
    Operating System: Windows 2000 (Service Pack 4) Windows XP and Windows Vista

  8. If you would prefer something other then McAfee SiteAdvisor, you can go with this.
    WOT Web Of Trust.
    This is also free and is a well respected tool.

Now just because you have security applications installed, they are useless unless updated regularly.
Most of the above recommended applications are updated periodically, and it's up to you to check for updates. Set aside time in a day each month to update all of your protections.


To find out more information about how you got infected in the first place and more great guidelines to follow to prevent future infections you can read
this article by Grinler

Surf Safely!
maranatha

Let me know that you have read this and I'll close this thread.
Thanks

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#13 Sue in Michigan

Sue in Michigan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 07 August 2010 - 07:57 AM

Maranatha,

I really appreciate all your help. I will look into each of these suggestions for prevention.

Thanks!

Sue

#14 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:03:25 AM

Posted 07 August 2010 - 10:13 AM

You're welcome.
Glad I could help.

Surf Safely
maranatha

Since this issue appears to be resolved ... this Topic has been closed.

If you’re the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

Edited by maranatha, 07 August 2010 - 10:14 AM.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users