Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ascentive Active Performance Infection


  • Please log in to reply
45 replies to this topic

#1 Hunter_1980

Hunter_1980

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 23 August 2010 - 08:29 PM

Greetings. When it rains, it pours; somebody told somebody who told somebody else - that I access bleepingcomputer.com to clean computers, and now I have another computer on my workbench that needs cleaning. (Why me? I have no special skills, I just read blogs & follow instructions...)

This one is infected with Ascentive Performance, Braviax, BigFix, ActiveSpeed and some other malware. Both Norton Internet Security & McAfee AntiSpyware/Security Center are also installed. I am unable to get either one to uninstall. I cannot run or install any programs, including HJT, AVG or MBAM. The system does not recognize any USB ports, so I cannot run HJT from a thumb drive. Also since USB doesn't work I had to scrounge for a keyboard & mouse that use the old style plugs. I peeked at the services using msconfig, found all services had been stopped.

I still have access to the logical drives, so I can upload software from a CF chip. I tried to install Kaspersky AV, the installer wouldn't run. I did manage to copy GMER onto the desktop, and got the scan to run.

I know you guys have been swamped, I'll be happy to wait for my turn (again).

Here is the GMER log:





GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-23 18:11:31
Windows 5.1.2600 Service Pack 3
Running: m1vu5ix7.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwrdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\Beep.SYS ZwQuerySystemInformation [0xF777E1B4]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF78F4300]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001347C7
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134759
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013471B
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001346E8
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!PeekMessageW] 001339B0
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetMessageW] 00133955
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00133650
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00133929
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00133955
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00133981
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 001339B0
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00133650
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00133955
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 001339B0
IAT C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe[136] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001347C7
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 000447C7
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 000447C7
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00044759
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0004471B
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000446E8
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!PeekMessageW] 000439B0
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetMessageW] 00043955
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00043650
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00043929
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00043955
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00043981
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 000439B0
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00043650
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00043955
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 000439B0
IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 000447C7
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00CC47C7
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00CC4759
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00CC471B
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00CC46E8
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00CC4759
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00CC47C7
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00CC4759
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00CC471B
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00CC3650
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00CC3955
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00CC39B0
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 00CC39B0
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 00CC3955
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00CC3650
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00CC3929
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00CC3955
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00CC3981
IAT C:\WINDOWS\system32\lsass.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00CC39B0
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00BF47C7
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00BF4759
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00BF471B
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00BF46E8
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00BF3650
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00BF3955
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00BF39B0
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!PeekMessageW] 00BF39B0
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetMessageW] 00BF3955
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00BF3650
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00BF3929
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00BF3955
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00BF3981
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00BF39B0
IAT C:\WINDOWS\system32\Ati2evxx.exe[672] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00BF47C7
IAT C:\WINDOWS\system32\svchost.exe[708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00A546E8
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00B347C7
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00B34759
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00B3471B
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B346E8
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00B33650
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00B33955
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00B339B0
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 00B339B0
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 00B33955
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00B33650
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00B33929
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00B33955
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00B33981
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00B339B0
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00B347C7
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 018947C7
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01894759
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0189471B
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 018946E8
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 01893650
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 01893955
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 018939B0
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 018939B0
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 01893955
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01893650
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 01893929
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 01893955
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 01893981
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 018939B0
IAT C:\WINDOWS\system32\svchost.exe[880] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 018947C7
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00CD47C7
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00CD4759
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00CD471B
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00CD46E8
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 00CD39B0
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 00CD3955
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00CD3650
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00CD3929
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00CD3955
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00CD3981
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00CD39B0
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00CD47C7
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00CD3650
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00CD3955
IAT C:\WINDOWS\wanmpsvc.exe[956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00CD39B0
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00BF47C7
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00BF4759
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00BF471B
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00BF46E8
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00BF3650
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00BF3955
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00BF39B0
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!PeekMessageW] 00BF39B0
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetMessageW] 00BF3955
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00BF3650
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00BF3929
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00BF3955
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00BF3981
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00BF39B0
IAT C:\WINDOWS\system32\Ati2evxx.exe[1176] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00BF47C7
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\Explorer.EXE [USER32.dll!GetMessageW] 00D03955
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\Explorer.EXE [USER32.dll!PeekMessageW] 00D039B0
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00D047C7
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D04759
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D0471B
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D046E8
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00D03650
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00D03955
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00D039B0
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00D03929
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00D03955
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00D03981
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00D039B0
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 00D039B0
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 00D03955
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00D03650
IAT C:\WINDOWS\Explorer.EXE[1240] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00D047C7
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001347C7
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134759
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013471B
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001346E8
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 001339B0
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 00133955
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00133650
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00133929
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00133955
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00133981
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 001339B0
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00133650
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00133955
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 001339B0
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1496] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001347C7
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001347C7
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134759
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013471B
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001346E8
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 001339B0
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 00133955
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00133650
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00133929
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00133955
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00133981
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 001339B0
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00133650
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00133955
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 001339B0
IAT C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe[1524] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001347C7
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001347C7
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134759
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013471B
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001346E8
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00133929
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00133955
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00133981
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 001339B0
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001347C7
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 001339B0
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 00133955
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00133650
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00133650
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00133955
IAT C:\Program Files\Gamevance\gamevance32.exe[1532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 001339B0

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\ntos.exe 216064 bytes executable
File C:\WINDOWS\system32\wsnpoem 0 bytes
File C:\WINDOWS\system32\wsnpoem\audio(2).dll 18618781 bytes
File C:\WINDOWS\system32\wsnpoem\audio.dll 18619506 bytes
File C:\WINDOWS\system32\wsnpoem\video.dll 0 bytes

---- EOF - GMER 1.0.15 ----

I noticed that I failed to uncheck the "IAT/EAT" option before running the scan. I corrected the mistake & re-ran the scan. It seemed to run pretty slow so I let it run overnight. When I came in this morning there was a message about the scan being stopped. I tried to run the scan again, watched it crawl through the files so I cancelled it and performed a reboot. The GMER scan is flying along (with the proper settings), I will post the updated log if there are any changes.

I saved the log, here it is:





GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-25 09:19:10
Windows 5.1.2600 Service Pack 3
Running: m1vu5ix7.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwrdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\Beep.SYS ZwQuerySystemInformation [0xF777E1B4]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF78F4300]
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF78F4300]

---- Modules - GMER 1.0.15 ----

Module cd20xrnt.sys (IBM Portable CD-ROM Drive Miniport/Microsoft Corporation) F7A8A000-F7A8C000 (8192 bytes)
Module ultra.sys (Promise Ultra66 Miniport Driver/Promise Technology, Inc.) F75EC000-F75F5000 (36864 bytes)
Module adpu160m.sys (Adaptec Ultra160 SCSI miniport/Microsoft Corporation) F73D4000-F73ED000 (102400 bytes)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\ntos.exe 216064 bytes executable
File C:\WINDOWS\system32\ntos.exe 216064 bytes executable
File C:\WINDOWS\system32\wsnpoem 0 bytes
File C:\WINDOWS\system32\wsnpoem\audio(2).dll 18618781 bytes
File C:\WINDOWS\system32\wsnpoem\audio.dll 18619506 bytes
File C:\WINDOWS\system32\wsnpoem\video.dll 0 bytes
File C:\WINDOWS\system32\wsnpoem 0 bytes
File C:\WINDOWS\system32\wsnpoem\audio(2).dll 18618781 bytes
File C:\WINDOWS\system32\wsnpoem\audio.dll 18619506 bytes
File C:\WINDOWS\system32\wsnpoem\video.dll 0 bytes

---- EOF - GMER 1.0.15 ----

EDIT: Posts merged ~BP

Edited by Budapest, 25 August 2010 - 04:15 PM.


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:01:57 PM

Posted 29 August 2010 - 09:29 PM

Hi Hunter_1980,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - Preparation Guide

Please follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.

STEP 2 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 4 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 5 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 Hunter_1980

Hunter_1980
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 31 August 2010 - 04:44 PM

mpascal,

Greetings. MBAM installed without drama, but the update failed: "An error has occurred. Please report this error code to our support team. MABM_ERROR_UPDATING (12007, 0, WinHttpSendRequest)" The scan did run, just with outdated definitions.

I had an issue while running OTL, the program abended with this message, "Access violation at address 0040295B in module 'otl.exe'. Read of address 00251000." The program stopped at the 'create restore point', I restarted & re-ran it using the parms you'd specified. The posted OTL log is the result of this second run.

While running GMER, the scan did not appear to end normally; due to the length of time for the scan, the computer was left unattended but secure. I cleared the screen saver and there was a message window stating the program had been stopped. I posted the resulting log as well.

Here are the logs you requested:




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/31/2010 10:33:55 AM
mbam-log-2010-08-31 (10-33-55).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 207174
Time elapsed: 54 minute(s), 47 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 6
Registry Keys Infected: 223
Registry Values Infected: 9
Registry Data Items Infected: 9
Folders Infected: 46
Files Infected: 270

Memory Processes Infected:
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> No action taken.

Memory Modules Infected:
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvcfglib.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvhlp.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvpop.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvutil.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvwslib.dll (Adware.Gamevance) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\gamevance.linker (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{1d22e9e4-f771-4b8d-aa68-ba04e8980e07} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a851c98a-6136-4b02-9ec7-22aaf33e7b97} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{da4b6a86-82e7-4a9e-abb9-3b225bc214a4} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7370f91f-6994-4595-9949-601fa2261c8d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\gamevance.linker.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hotbarweather.weathercontroller (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\hotbarweather.weathercontroller.1 (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{70880ce6-308c-4204-a89e-b266c3f7b7fa} (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8c788aa2-7530-43be-97b7-4d491f13bea3} (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bb05bd70-4605-4829-93fc-ad80d8cc5b66} (Rogue.PerformanceCenter) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe (Adware.Casino) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> No action taken.
HKEY_CLASSES_ROOT\hotbarax.info (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hotbarax.info.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarSA (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\windefender 2008 (Rogue.WinDefender) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gamevance (Adware.Gamevance) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.70.0 (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\zango@zango.com (Adware.Zango) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\ntos.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (Userinit.exe) -> No action taken.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\Owner\Application Data\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\IESkins (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0 (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOI (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOI\dynamic (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOL (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOL\dynamic (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\ustat (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\1 (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2 (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad (Adware.Zango) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Gamevance (Adware.Gamevance) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WeatherDPA (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WeatherDPA\Weather (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WeatherDPA\Weather\WeatherDPA (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar (Adware.Hotbar) -> No action taken.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Gamevance\gvtl.dll (Trojan.BHO) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Crystal Palace\bj.dll (Adware.Casino) -> No action taken.
C:\Program Files\Crystal Palace\casino.exe (Adware.Casino) -> No action taken.
C:\Program Files\Crystal Palace\directsound.dll (Adware.Casino) -> No action taken.
C:\Program Files\Crystal Palace\Install.exe (Adware.Casino) -> No action taken.
C:\Program Files\Crystal Palace\lbyinst.exe (Adware.Casino) -> No action taken.
C:\Program Files\Crystal Palace\miniprocess.exe (Adware.Casino) -> No action taken.
C:\Program Files\Crystal Palace\plibc32.dll (Adware.Casino) -> No action taken.
C:\Program Files\Crystal Palace\winsound.dll (Adware.Casino) -> No action taken.
C:\Documents and Settings\Owner\Desktop\Jessica school\limewiresetup.exe (Adware.Hotbar) -> No action taken.
C:\WINDOWS\cru629.dat (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\cru629.dat (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\890068.sdf (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\domains.txt (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\ustat\36fe.dat (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\avatar.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\components.cdf (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\cursors.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\default.cdf (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\ie_video.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\keywords.idx (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\layout.cdf (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\top7.cdf (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.idx (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.dat (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.txt (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\components.cdf (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\default.cdf (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_511745-514279.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_bidzC_ZT_IE-ca.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_bidzC_ZT_IE-us.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_categorize.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_comparison.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_explorer-Mails.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_explorer-people.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_favorites.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_Games.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_Hide.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_hotbarcom.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_Hotmail.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_hsskin.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_jemster.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_jemsterie.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_jemsteruk.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_jobsearch.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_Mails.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_MobileSidewalk.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_new.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_premium.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_reun.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_ringtones.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_SearchBoxTrapper.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_searchfor.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_searchgo.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_weather.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_yellowpages.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\email-def-511724-548964.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\email-def-511724-9595.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.idx (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.dat (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.cdf (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xml (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\theweb.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.cdf (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Top7_theweb.mnu (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.res (Adware.Zango) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip (Adware.Zango) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\100BBAAC.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvcfglib.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvhlp.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvpop.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvutil.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvwslib.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\Thumbs.db (Adware.Gamevance) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0006DFA4 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00098E2A (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\000F5848 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\04ADADC6 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\09B0A317.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\09B0B075.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\09B0BD84.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\09B0BE8E.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\1009ED3F (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\1009F137 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\1009F415.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\1009F5CB.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\1009F751.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\1009F8B9.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\122C3E5D (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\wsnpoem\audio(2).dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_hpk.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WeatherDPA\Weather\WeatherStartup.xml (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Games!.lnk (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> No action taken.
C:\WINDOWS\system32\aspimgr.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> No action taken.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> No action taken.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\winivstr.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\_check32.bat (Malware.Trace) -> No action taken.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\s32.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\ws386.ini (Malware.Trace) -> No action taken.




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 14:19:46
Windows 5.1.2600 Service Pack 3
Running: m1vu5ix7.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwrdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\Beep.SYS ZwQuerySystemInformation [0xF777E1B4]

---- Kernel code sections - GMER 1.0.15 ----

init
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF78EC300]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer F7AC8512

---- Threads - GMER 1.0.15 ----

Thread System [4:8] 806856A8
Thread System [4:104] F72ABB85
Thread System [4:112] F7732090
Thread System [4:128] F609592D
Thread System [4:132] F6096133
Thread System [4:236] F5ECE086
Thread System [4:268] F5ECE086
Thread System [4:272] F5ECE086
Thread System [4:276] F5AB3B66
Thread System [4:280] F5AF46D6
Thread System [4:284] F5A626C4
Thread System [4:300] F7A49038
Thread System [4:304] ED7AD517
Thread System [4:308] ED7AD517
Thread System [4:312] ED7AD517
Thread System [4:316] ED7968B1
Thread System [4:1284] EB0B1478

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\ntos.exe 216064 bytes executable
File C:\WINDOWS\system32\ntos.exe 216064 bytes executable
File C:\WINDOWS\system32\wsnpoem 0 bytes
File C:\WINDOWS\system32\wsnpoem\audio(2).dll 18618781 bytes
File C:\WINDOWS\system32\wsnpoem\audio.dll 18619506 bytes
File C:\WINDOWS\system32\wsnpoem\video.dll 0 bytes
File C:\WINDOWS\system32\wsnpoem 0 bytes
File C:\WINDOWS\system32\wsnpoem\audio(2).dll 18618781 bytes
File C:\WINDOWS\system32\wsnpoem\audio.dll 18619506 bytes
File C:\WINDOWS\system32\wsnpoem\video.dll 0 bytes

---- EOF - GMER 1.0.15 ----





OTL logfile created on: 8/31/2010 10:49:07 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 175.00 Mb Available Physical Memory | 46.00% Memory free
919.00 Mb Paging File | 770.00 Mb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150.30 Gb Total Space | 121.52 Gb Free Space | 80.85% Space Free | Partition Type: NTFS
Drive D: | 3.07 Gb Total Space | 0.85 Gb Free Space | 27.61% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3.81 Gb Total Space | 2.63 Gb Free Space | 69.06% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JETHHED
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Gamevance\gamevance32.exe ()
PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\McAfee AntiSpyware\Msscli.exe (Network Associates, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\WMVCore.dll (Microsoft Corporation)
MOD - C:\Program Files\Gamevance\gvwslib.dll ()
MOD - C:\Program Files\Gamevance\gvpop.dll ()
MOD - C:\Program Files\Gamevance\gvhlp.dll ()
MOD - C:\Program Files\Gamevance\gamevancelib32.dll ()
MOD - C:\Program Files\Gamevance\gvcfglib.dll ()
MOD - C:\Program Files\Gamevance\gvutil.dll ()
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shgina.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbc32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msgina.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbcint.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wmasf.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (aspimgr) -- C:\WINDOWS\system32\aspimgr.exe (Microsoft Corporation)
SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (SBService) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation)
SRV - (navapsvc) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (ISSVC) -- C:\Program Files\Norton Internet Security\ISSVC.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (SAVScan) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (SymWSC) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (McAfeeAntiSpyware) -- C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe (Network Associates, Inc.)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (mcupdmgr.exe) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Beep) -- C:\WINDOWS\System32\drivers\beep.sys ()
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20070124.003\SymIDSCo.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060906.017\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060906.017\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SAVRTPEL) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS (Symantec Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....p;l=zc&o=sb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\Zango@Zango.com: C:\Program Files\Zango\bin\10.3.70.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\Hotbar@Hotbar.com: C:\Program Files\Hotbar\bin\11.0.78.0\firefox\extensions

[2009/06/22 00:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/06/22 00:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2005/10/23 09:57:30 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Norton Internet Security) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll ()
O3 - HKLM\..\Toolbar: (toolbartv Toolbar) - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Hotbar) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\11.0.78.0\HostIE.dll File not found
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (toolbartv Toolbar) - {7762A897-2A75-4E3F-A3A7-55BD098B9879} - C:\Program Files\toolbartv\tbtoo1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (toolbartv Toolbar) - {7762A897-2A75-4E3F-A3A7-55BD098B9879} - C:\Program Files\toolbartv\tbtoo1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotbar) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\11.0.78.0\HostIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll File not found
O4 - HKLM..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\Msscli.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6JN2T2I5\WinDefender2008Setup[1].exe" --install] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6JN2T2I5\WinDefender2008Setup[1].exe File not found
O4 - HKLM..\Run: [C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TPBAWTF7\WinDefender2008Setup[1].exe" --install] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TPBAWTF7\WinDefender2008Setup[1].exe File not found
O4 - HKLM..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe ()
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [OOBEDDDemise] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O20 - AppInit_DLLs: (cru629.dat\Extensio.) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\ntos.exe) - C:\WINDOWS\System32\ntos.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {F2A0229A-C4CA-4789-B606-973D24DCDD1C} - C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll (Network Associates, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 11:13:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2009/04/13 16:04:38 | 000,047,616 | ---- | M] (Rockwell Automation, Inc.) - G:\autorun.exe -- [ FAT ]
O33 - MountPoints2\{6e1811d8-3ec1-11de-a02d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1811d8-3ec1-11de-a02d-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6e1811d8-3ec1-11de-a02d-00038a000015}\Shell\AutoRun\command - "" = J:\ImageViewer4.exe -- File not found
O33 - MountPoints2\{87d0bcef-c8a3-11d9-9ff5-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{87d0bcef-c8a3-11d9-9ff5-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a870af84-5dff-11db-9ef3-00038a000015}\Shell\AutoRun\command - "" = J:\ReCYCleR\sE.exe -- File not found
O33 - MountPoints2\{a870af84-5dff-11db-9ef3-00038a000015}\Shell\OpEn\CoMmAnD - "" = J:\ReCYCleR\sE.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (63908430464679936)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/31 09:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/08/31 09:37:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/31 09:37:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/31 09:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/31 09:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/24 11:33:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/23 13:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/08/23 13:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AolCoach
[2010/08/23 13:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2010/08/23 13:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AOL Toolbar
[2010/08/23 13:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Toolbar
[2010/08/23 13:23:16 | 000,000,000 | ---D | C] -- C:\EPSONREG
[2010/08/23 13:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2010/08/23 13:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BearShare
[2010/08/23 13:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis
[2010/08/23 13:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/08/23 13:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2010/08/23 13:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\toolbartv
[2010/08/23 13:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\toolbartv
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/31 09:37:30 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/31 09:30:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/31 09:30:17 | 401,133,568 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/31 09:30:11 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2010/08/31 09:30:11 | 000,009,216 | ---- | M] () -- C:\WINDOWS\braviax.exe
[2010/08/31 09:30:11 | 000,006,144 | ---- | M] () -- C:\WINDOWS\System32\cru629.dat
[2010/08/31 09:30:11 | 000,006,144 | ---- | M] () -- C:\WINDOWS\cru629.dat
[2010/08/25 11:44:29 | 005,881,856 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/25 11:44:29 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/24 10:07:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds (1).scr
[2010/08/23 13:37:11 | 000,000,771 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/23 13:37:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/23 13:37:11 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2010/08/23 13:31:58 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/08/23 13:31:57 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/23 13:30:06 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/08/23 13:22:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/23 13:21:00 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (YOUR-60E4B8F107-Owner).job
[2010/08/23 13:21:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/08/23 13:12:00 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (JETHHED-Owner).job
[2010/08/23 12:40:36 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{711381DF-DFB0-41BF-9F98-D5D125CFDC13}.job
[2010/08/23 11:53:47 | 000,384,422 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/23 11:53:46 | 000,054,222 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/23 11:44:23 | 004,319,656 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/23 09:46:19 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/17 16:20:22 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe
[2010/08/17 16:19:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/31 09:37:30 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 11:33:06 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds (1).scr
[2010/08/23 14:53:03 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe
[2010/08/23 14:47:51 | 401,133,568 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/23 13:31:58 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/08/23 13:31:57 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/10/01 15:04:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/10/01 14:41:58 | 000,001,142 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/02 22:38:40 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/04 09:00:59 | 000,019,071 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\equq.ban
[2008/07/04 09:00:59 | 000,018,179 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ywapobige.sys
[2008/07/04 09:00:59 | 000,017,458 | ---- | C] () -- C:\Program Files\Common Files\ilujameqe.dat
[2008/07/04 09:00:59 | 000,016,972 | ---- | C] () -- C:\Program Files\Common Files\ifazahomyv.inf
[2008/07/04 09:00:59 | 000,013,934 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yreqeqez.exe
[2008/07/04 09:00:59 | 000,011,970 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\xuqijepugu.vbs
[2008/07/04 09:00:59 | 000,010,744 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ilokufib.vbs
[2008/07/04 09:00:59 | 000,010,710 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wugucumyd.exe
[2008/07/04 09:00:58 | 000,019,907 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\asudoha._sy
[2007/08/07 21:49:59 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/02 02:58:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/02/08 23:06:27 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/18 14:36:25 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/27 13:34:13 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/10/27 13:26:19 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/10/27 13:25:35 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/10/27 13:19:19 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4600.ini
[2005/09/22 22:57:42 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2005/09/20 19:33:19 | 000,000,525 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/09/20 19:32:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2005/09/20 19:32:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2005/05/09 16:17:15 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/09 16:13:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/27 00:10:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/23 09:53:24 | 000,001,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/23 09:53:24 | 000,000,479 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/03/23 09:52:18 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys
[2004/08/18 09:00:00 | 000,000,012 | ---- | C] () -- C:\WINDOWS\ws386.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/12/05 19:37:27 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/12/05 19:37:27 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2005/03/23 11:13:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/23 13:37:11 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2005/09/12 10:28:18 | 000,000,103 | ---- | M] () -- C:\BootErr.log
[2005/03/23 11:13:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/09/07 23:37:38 | 000,000,000 | ---- | M] () -- C:\EasyShare.dmp
[2006/05/29 16:06:44 | 000,403,512 | ---- | M] () -- C:\EasyShareInstall.log
[2008/02/10 15:02:46 | 000,081,554 | ---- | M] () -- C:\Frameofmind.pdf
[2008/02/10 15:05:24 | 000,082,780 | ---- | M] () -- C:\Gradanswers.pdf
[2008/02/10 15:07:42 | 000,094,434 | ---- | M] () -- C:\GradKitAward.pdf
[2008/02/10 15:10:06 | 000,079,098 | ---- | M] () -- C:\GraduatesGuideToLife.pdf
[2008/02/10 15:11:48 | 000,074,687 | ---- | M] () -- C:\GraduationGame.pdf
[2008/02/10 15:14:14 | 000,084,866 | ---- | M] () -- C:\GRADUATIONInstructions.pdf
[2010/08/31 09:30:17 | 401,133,568 | -HS- | M] () -- C:\hiberfil.sys
[2005/03/23 11:13:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/03/23 11:13:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/11/15 09:46:37 | 000,001,098 | ---- | M] () -- C:\net_save.dna
[2007/08/29 14:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/22 19:13:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/31 09:30:12 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys
[2008/02/10 15:15:38 | 000,075,456 | ---- | M] () -- C:\Questionnaire1.pdf
[2008/02/10 15:17:18 | 000,075,470 | ---- | M] () -- C:\Questionnaire2.pdf
[2008/02/10 15:18:36 | 000,075,481 | ---- | M] () -- C:\Questionnaire3.pdf
[2008/02/10 15:19:50 | 000,075,448 | ---- | M] () -- C:\Questionnaire4.pdf
[2008/02/10 15:21:12 | 000,075,433 | ---- | M] () -- C:\Questionnaire5.pdf
[2005/10/31 08:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2010/02/21 09:20:27 | 000,054,272 | -HS- | M] () -- C:\Thumbs.db
[2006/03/17 23:06:30 | 000,000,470 | ---- | M] () -- C:\twacker.log
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/03/23 11:12:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/11/05 19:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2003/07/29 02:36:00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBLPP5C.DLL
[2004/03/22 15:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >
[2008/07/04 09:00:59 | 000,011,154 | ---- | M] () -- C:\WINDOWS\qykuwi._sy
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/03/23 03:02:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/03/23 03:02:03 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/03/23 03:02:03 | 000,851,968 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/22 19:19:41 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2010/05/26 13:58:37 | 000,008,192 | -HS- | M] () -- C:\WINDOWS\system32\Thumbs.db
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-28 14:49:58

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA
< End of report >

Edited by Hunter_1980, 31 August 2010 - 04:58 PM.


#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:01:57 PM

Posted 31 August 2010 - 09:06 PM

Hi there,

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    CODE
    :OTL
    O4 - HKLM..\Run: [C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6JN2T2I5\WinDefender2008Setup[1].exe" --install] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6JN2T2I5\WinDefender2008Setup[1].exe File not found
    O4 - HKLM..\Run: [C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TPBAWTF7\WinDefender2008Setup[1].exe" --install] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TPBAWTF7\WinDefender2008Setup[1].exe File not found
    O4 - HKLM..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\ntos.exe) - C:\WINDOWS\System32\ntos.exe File not found
    O33 - MountPoints2\{a870af84-5dff-11db-9ef3-00038a000015}\Shell\AutoRun\command - "" = J:\ReCYCleR\sE.exe -- File not found
    O33 - MountPoints2\{a870af84-5dff-11db-9ef3-00038a000015}\Shell\OpEn\CoMmAnD - "" = J:\ReCYCleR\sE.exe -- File not found
    [2010/08/31 09:30:11 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
    [2010/08/31 09:30:11 | 000,009,216 | ---- | M] () -- C:\WINDOWS\braviax.exe
    [2010/08/31 09:30:11 | 000,006,144 | ---- | M] () -- C:\WINDOWS\System32\cru629.dat
    [2010/08/31 09:30:11 | 000,006,144 | ---- | M] () -- C:\WINDOWS\cru629.dat
    [2008/07/04 09:00:59 | 000,019,071 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\equq.ban
    [2008/07/04 09:00:59 | 000,018,179 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ywapobige.sys
    [2008/07/04 09:00:59 | 000,017,458 | ---- | C] () -- C:\Program Files\Common Files\ilujameqe.dat
    [2008/07/04 09:00:59 | 000,016,972 | ---- | C] () -- C:\Program Files\Common Files\ifazahomyv.inf
    [2008/07/04 09:00:59 | 000,013,934 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yreqeqez.exe
    [2008/07/04 09:00:59 | 000,011,970 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\xuqijepugu.vbs
    [2008/07/04 09:00:59 | 000,010,744 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ilokufib.vbs
    [2008/07/04 09:00:59 | 000,010,710 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wugucumyd.exe
    [2008/07/04 09:00:58 | 000,019,907 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\asudoha._sy
    [2008/07/04 09:00:59 | 000,011,154 | ---- | M] () -- C:\WINDOWS\qykuwi._sy

    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Open up OTL and push the Quickscan button. Post the resulting log here in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 Hunter_1980

Hunter_1980
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 01 September 2010 - 03:44 PM

I was poking about the device manager to see if I could get the usb ports working - the device manager window shows up as a blank square. Hopefully this process will result in the ports working again. <sigh>

Today's logfile:




OTL logfile created on: 8/31/2010 10:49:07 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 175.00 Mb Available Physical Memory | 46.00% Memory free
919.00 Mb Paging File | 770.00 Mb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150.30 Gb Total Space | 121.52 Gb Free Space | 80.85% Space Free | Partition Type: NTFS
Drive D: | 3.07 Gb Total Space | 0.85 Gb Free Space | 27.61% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3.81 Gb Total Space | 2.63 Gb Free Space | 69.06% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JETHHED
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Gamevance\gamevance32.exe ()
PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\McAfee AntiSpyware\Msscli.exe (Network Associates, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\WMVCore.dll (Microsoft Corporation)
MOD - C:\Program Files\Gamevance\gvwslib.dll ()
MOD - C:\Program Files\Gamevance\gvpop.dll ()
MOD - C:\Program Files\Gamevance\gvhlp.dll ()
MOD - C:\Program Files\Gamevance\gamevancelib32.dll ()
MOD - C:\Program Files\Gamevance\gvcfglib.dll ()
MOD - C:\Program Files\Gamevance\gvutil.dll ()
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shgina.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbc32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msgina.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbcint.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wmasf.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (aspimgr) -- C:\WINDOWS\system32\aspimgr.exe (Microsoft Corporation)
SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (SBService) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation)
SRV - (navapsvc) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (ISSVC) -- C:\Program Files\Norton Internet Security\ISSVC.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (SAVScan) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (SymWSC) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (McAfeeAntiSpyware) -- C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe (Network Associates, Inc.)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (mcupdmgr.exe) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Beep) -- C:\WINDOWS\System32\drivers\beep.sys ()
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20070124.003\SymIDSCo.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060906.017\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060906.017\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SAVRTPEL) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS (Symantec Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....p;l=zc&o=sb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\Zango@Zango.com: C:\Program Files\Zango\bin\10.3.70.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\Hotbar@Hotbar.com: C:\Program Files\Hotbar\bin\11.0.78.0\firefox\extensions

[2009/06/22 00:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/06/22 00:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2005/10/23 09:57:30 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Norton Internet Security) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll ()
O3 - HKLM\..\Toolbar: (toolbartv Toolbar) - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Hotbar) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\11.0.78.0\HostIE.dll File not found
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (toolbartv Toolbar) - {7762A897-2A75-4E3F-A3A7-55BD098B9879} - C:\Program Files\toolbartv\tbtoo1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (toolbartv Toolbar) - {7762A897-2A75-4E3F-A3A7-55BD098B9879} - C:\Program Files\toolbartv\tbtoo1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotbar) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\11.0.78.0\HostIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll File not found
O4 - HKLM..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\Msscli.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6JN2T2I5\WinDefender2008Setup[1].exe" --install] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6JN2T2I5\WinDefender2008Setup[1].exe File not found
O4 - HKLM..\Run: [C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TPBAWTF7\WinDefender2008Setup[1].exe" --install] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TPBAWTF7\WinDefender2008Setup[1].exe File not found
O4 - HKLM..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe ()
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [OOBEDDDemise] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O20 - AppInit_DLLs: (cru629.dat\Extensio.) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\ntos.exe) - C:\WINDOWS\System32\ntos.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {F2A0229A-C4CA-4789-B606-973D24DCDD1C} - C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll (Network Associates, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 11:13:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2009/04/13 16:04:38 | 000,047,616 | ---- | M] (Rockwell Automation, Inc.) - G:\autorun.exe -- [ FAT ]
O33 - MountPoints2\{6e1811d8-3ec1-11de-a02d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1811d8-3ec1-11de-a02d-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6e1811d8-3ec1-11de-a02d-00038a000015}\Shell\AutoRun\command - "" = J:\ImageViewer4.exe -- File not found
O33 - MountPoints2\{87d0bcef-c8a3-11d9-9ff5-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{87d0bcef-c8a3-11d9-9ff5-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a870af84-5dff-11db-9ef3-00038a000015}\Shell\AutoRun\command - "" = J:\ReCYCleR\sE.exe -- File not found
O33 - MountPoints2\{a870af84-5dff-11db-9ef3-00038a000015}\Shell\OpEn\CoMmAnD - "" = J:\ReCYCleR\sE.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (63908430464679936)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/31 09:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/08/31 09:37:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/31 09:37:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/31 09:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/31 09:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/24 11:33:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/23 13:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/08/23 13:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AolCoach
[2010/08/23 13:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2010/08/23 13:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AOL Toolbar
[2010/08/23 13:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Toolbar
[2010/08/23 13:23:16 | 000,000,000 | ---D | C] -- C:\EPSONREG
[2010/08/23 13:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2010/08/23 13:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BearShare
[2010/08/23 13:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis
[2010/08/23 13:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/08/23 13:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2010/08/23 13:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\toolbartv
[2010/08/23 13:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\toolbartv
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/31 09:37:30 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/31 09:30:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/31 09:30:17 | 401,133,568 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/31 09:30:11 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2010/08/31 09:30:11 | 000,009,216 | ---- | M] () -- C:\WINDOWS\braviax.exe
[2010/08/31 09:30:11 | 000,006,144 | ---- | M] () -- C:\WINDOWS\System32\cru629.dat
[2010/08/31 09:30:11 | 000,006,144 | ---- | M] () -- C:\WINDOWS\cru629.dat
[2010/08/25 11:44:29 | 005,881,856 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/25 11:44:29 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/24 10:07:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds (1).scr
[2010/08/23 13:37:11 | 000,000,771 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/23 13:37:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/23 13:37:11 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2010/08/23 13:31:58 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/08/23 13:31:57 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/23 13:30:06 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/08/23 13:22:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/23 13:21:00 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (YOUR-60E4B8F107-Owner).job
[2010/08/23 13:21:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/08/23 13:12:00 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (JETHHED-Owner).job
[2010/08/23 12:40:36 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{711381DF-DFB0-41BF-9F98-D5D125CFDC13}.job
[2010/08/23 11:53:47 | 000,384,422 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/23 11:53:46 | 000,054,222 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/23 11:44:23 | 004,319,656 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/23 09:46:19 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/17 16:20:22 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe
[2010/08/17 16:19:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/31 09:37:30 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 11:33:06 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds (1).scr
[2010/08/23 14:53:03 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\m1vu5ix7.exe
[2010/08/23 14:47:51 | 401,133,568 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/23 13:31:58 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/08/23 13:31:57 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/10/01 15:04:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/10/01 14:41:58 | 000,001,142 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/02 22:38:40 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/04 09:00:59 | 000,019,071 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\equq.ban
[2008/07/04 09:00:59 | 000,018,179 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ywapobige.sys
[2008/07/04 09:00:59 | 000,017,458 | ---- | C] () -- C:\Program Files\Common Files\ilujameqe.dat
[2008/07/04 09:00:59 | 000,016,972 | ---- | C] () -- C:\Program Files\Common Files\ifazahomyv.inf
[2008/07/04 09:00:59 | 000,013,934 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yreqeqez.exe
[2008/07/04 09:00:59 | 000,011,970 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\xuqijepugu.vbs
[2008/07/04 09:00:59 | 000,010,744 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ilokufib.vbs
[2008/07/04 09:00:59 | 000,010,710 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wugucumyd.exe
[2008/07/04 09:00:58 | 000,019,907 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\asudoha._sy
[2007/08/07 21:49:59 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/02 02:58:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/02/08 23:06:27 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/18 14:36:25 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/27 13:34:13 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/10/27 13:26:19 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/10/27 13:25:35 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/10/27 13:19:19 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4600.ini
[2005/09/22 22:57:42 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2005/09/20 19:33:19 | 000,000,525 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/09/20 19:32:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2005/09/20 19:32:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2005/05/09 16:17:15 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/09 16:13:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/27 00:10:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/23 09:53:24 | 000,001,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/23 09:53:24 | 000,000,479 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/03/23 09:52:18 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys
[2004/08/18 09:00:00 | 000,000,012 | ---- | C] () -- C:\WINDOWS\ws386.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/12/05 19:37:27 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/12/05 19:37:27 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2005/03/23 11:13:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/23 13:37:11 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2005/09/12 10:28:18 | 000,000,103 | ---- | M] () -- C:\BootErr.log
[2005/03/23 11:13:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/09/07 23:37:38 | 000,000,000 | ---- | M] () -- C:\EasyShare.dmp
[2006/05/29 16:06:44 | 000,403,512 | ---- | M] () -- C:\EasyShareInstall.log
[2008/02/10 15:02:46 | 000,081,554 | ---- | M] () -- C:\Frameofmind.pdf
[2008/02/10 15:05:24 | 000,082,780 | ---- | M] () -- C:\Gradanswers.pdf
[2008/02/10 15:07:42 | 000,094,434 | ---- | M] () -- C:\GradKitAward.pdf
[2008/02/10 15:10:06 | 000,079,098 | ---- | M] () -- C:\GraduatesGuideToLife.pdf
[2008/02/10 15:11:48 | 000,074,687 | ---- | M] () -- C:\GraduationGame.pdf
[2008/02/10 15:14:14 | 000,084,866 | ---- | M] () -- C:\GRADUATIONInstructions.pdf
[2010/08/31 09:30:17 | 401,133,568 | -HS- | M] () -- C:\hiberfil.sys
[2005/03/23 11:13:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/03/23 11:13:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/11/15 09:46:37 | 000,001,098 | ---- | M] () -- C:\net_save.dna
[2007/08/29 14:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/22 19:13:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/31 09:30:12 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys
[2008/02/10 15:15:38 | 000,075,456 | ---- | M] () -- C:\Questionnaire1.pdf
[2008/02/10 15:17:18 | 000,075,470 | ---- | M] () -- C:\Questionnaire2.pdf
[2008/02/10 15:18:36 | 000,075,481 | ---- | M] () -- C:\Questionnaire3.pdf
[2008/02/10 15:19:50 | 000,075,448 | ---- | M] () -- C:\Questionnaire4.pdf
[2008/02/10 15:21:12 | 000,075,433 | ---- | M] () -- C:\Questionnaire5.pdf
[2005/10/31 08:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2010/02/21 09:20:27 | 000,054,272 | -HS- | M] () -- C:\Thumbs.db
[2006/03/17 23:06:30 | 000,000,470 | ---- | M] () -- C:\twacker.log
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/03/23 11:12:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/11/05 19:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2003/07/29 02:36:00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBLPP5C.DLL
[2004/03/22 15:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >
[2008/07/04 09:00:59 | 000,011,154 | ---- | M] () -- C:\WINDOWS\qykuwi._sy
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/03/23 03:02:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/03/23 03:02:03 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/03/23 03:02:03 | 000,851,968 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/22 19:19:41 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2010/05/26 13:58:37 | 000,008,192 | -HS- | M] () -- C:\WINDOWS\system32\Thumbs.db
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-28 14:49:58

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA
< End of report >


#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:01:57 PM

Posted 01 September 2010 - 05:22 PM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 Hunter_1980

Hunter_1980
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 02 September 2010 - 03:52 PM

I couldn't run Combofix from either the CF drive or by copying it to the desktop. I ran MBAM & it cleaned out +200 files again (I can post the log if you want). Tried Combofix after reboot, seems to be working.

Lovely. I can't access the internet either, probably related to the 'no usb port / empty device manager window' issue. I see no network connections for me to repair or enable. Proceeded without installing the recovery console, here are the scan results:




ComboFix 10-09-01.04 - Owner 09/02/2010 13:34:10.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.165 [GMT -7:00]
Running from: g:\j_thomas\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\msimg32.dll
C:\Thumbs.db
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\g32.txt
c:\windows\gs32.txt
c:\windows\system32\Thumbs.db
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASPIMGR


((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-09-01 17:44 . 2010-09-01 17:44 -------- d-----w- C:\_OTL
2010-08-31 16:37 . 2010-08-31 16:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-08-31 16:37 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 16:37 . 2010-08-31 17:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 16:37 . 2010-08-31 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-31 16:37 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-23 20:57 . 2010-08-23 20:57 -------- d-sh--w- c:\documents and settings\Administrator.JETHHED\IETldCache
2010-08-23 20:43 . 2010-08-23 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-23 20:23 . 2010-08-23 20:23 -------- d-----w- c:\program files\Common Files\AolCoach
2010-08-23 20:23 . 2010-08-23 20:23 -------- d-----w- c:\program files\AOL Toolbar
2010-08-23 20:23 . 2010-08-23 20:23 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AOL Toolbar
2010-08-23 20:23 . 2010-08-23 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Toolbar
2010-08-23 20:23 . 2010-08-23 20:23 -------- d-----w- C:\EPSONREG
2010-08-23 20:23 . 2010-08-23 20:23 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2010-08-23 20:23 . 2010-08-23 20:23 -------- d-----w- c:\documents and settings\Owner\Application Data\BearShare
2010-08-23 17:43 . 2010-08-23 20:22 -------- d-s---w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 20:26 . 2010-09-02 20:26 2750 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-08-23 20:30 . 2007-11-29 03:20 256 ----a-w- c:\windows\system32\pool.bin
2010-08-23 20:29 . 2005-09-30 04:34 -------- d-----w- c:\program files\Greetings Workshop
2010-08-23 20:23 . 2007-11-29 03:28 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2010-08-23 20:23 . 2010-08-23 20:22 -------- d-----w- c:\program files\BitTorrent
2010-08-23 20:22 . 2010-08-23 20:22 -------- d-----w- c:\program files\Maxis
2010-08-23 20:22 . 2010-08-23 20:22 -------- d-----w- c:\program files\EA GAMES
2010-08-23 20:22 . 2010-08-23 20:22 -------- d-----w- c:\program files\toolbartv
2005-09-12 17:49 . 2005-09-12 17:49 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7762a897-2a75-4e3f-a3a7-55bd098b9879}"= "c:\program files\toolbartv\tbtoo1.dll" [2007-09-23 1453080]

[HKEY_CLASSES_ROOT\clsid\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7762A897-2A75-4E3F-A3A7-55BD098B9879}"= "c:\program files\toolbartv\tbtoo1.dll" [2007-09-23 1453080]

[HKEY_CLASSES_ROOT\clsid\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2004-08-18 245760]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2004-10-02 184320]
"_AntiSpyware"="c:\program files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-10-19 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OOBEDDDemise"="erase" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\program files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-10-19 86016]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk
backup=c:\windows\pss\Greetings Workshop Reminders.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\WinDefender 2008

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveSpeed]
2009-01-31 01:04 1998848 ----a-w- c:\program files\Ascentive\ActiveSpeed\AS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-03-18 04:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2005-07-15 05:16 58992 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1126398353\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 04:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 12:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 17:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
2004-07-29 21:55 139264 ----a-w- c:\progra~1\McAfee.com\Agent\McRegWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC SpeedScan Pro]
2008-08-21 23:41 2093056 ----a-w- c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
2008-08-13 22:14 3244032 ----a-w- c:\program files\Ascentive\Performance Center\ApcMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
2004-06-30 16:49 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-26 02:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-03-26 15:07 228088 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-12-01 23:54 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-22 07:03 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-11-15 22:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
2005-09-10 06:11 100056 ----a-w- c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"UMWdf"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SymWSC"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PrismXL"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NwSapAgent"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Net Driver HPZ12"=2 (0x2)
"navapsvc"=2 (0x2)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"LexBceS"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ISSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hpqddsvc"=2 (0x2)
"hpqcxs08"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"getPlus® Helper"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"CiSvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"aspimgr"=2 (0x2)
"AppMgmt"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-11 01:13]

2010-01-30 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1\McSpy.exe [2004-10-19 08:00]

2010-08-23 c:\windows\Tasks\McAfee.com Update Check (JETHHED-Owner).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2005-05-09 23:34]

2010-08-23 c:\windows\Tasks\McAfee.com Update Check (YOUR-60E4B8F107-Owner).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2005-05-09 23:34]

2010-01-30 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Owner.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2004-08-30 20:54]

2010-08-23 c:\windows\Tasks\User_Feed_Synchronization-{711381DF-DFB0-41BF-9F98-D5D125CFDC13}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm492MFUS&fl=0&ptb=y1mBIktOO6wyBFamEK5Llg&url=http://www.ask.com/web&q={searchTerms}&l=zc&o=sb
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6JN2T2I5\WinDefender2008Setup[1].exe --install - c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6JN2T2I5\WinDefender2008Setup[1].exe
HKLM-Run-c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TPBAWTF7\WinDefender2008Setup[1].exe --install - c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TPBAWTF7\WinDefender2008Setup[1].exe
MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
MSConfigStartUp-Uninstall - c:\program files\WinDefender 2008\Uninstall.exe
MSConfigStartUp-HotbarSA - c:\program files\Hotbar\bin\11.0.78.0\HotbarSA.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-WeatherDPA - c:\program files\Hotbar\bin\11.0.78.0\Weather.exe
MSConfigStartUp-ZangoOE - c:\program files\Zango\bin\10.3.70.0\OEAddOn.exe
MSConfigStartUp-ZangoSA - c:\program files\Zango\bin\10.3.70.0\ZangoSA.exe
AddRemove-Crystal Palace - c:\program files\Crystal Palace\Install.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-02 13:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
OOBEDDDemise = cmd /x /c erase c:\windows\System32\oobe\msoobe.exe??????t???????????????C?w?????????????????\???v??`???????????????i?wis???????????H???????????????????????????*&?|l????&?|??-w????????????????????????????????????????????????????`??????????????|?&?|?????&?|B%?|???????????????????|?$?|??????-wC

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6JN2T2I5\\WinDefender2008Setup[1].exe\" --install"="c:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6JN2T2I5\\WinDefender2008Setup[1].exe\" --install"
"c:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\TPBAWTF7\\WinDefender2008Setup[1].exe\" --install"="c:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\TPBAWTF7\\WinDefender2008Setup[1].exe\" --install"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(456)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1736)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\wanmpsvc.exe
.
**************************************************************************
.
Completion time: 2010-09-02 13:51:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-02 20:51

Pre-Run: 130,309,365,760 bytes free
Post-Run: 132,380,000,256 bytes free

- - End Of File - - B3E011B99F9C4851738BF3B31A5FE674

Edited by Hunter_1980, 02 September 2010 - 03:58 PM.


#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:01:57 PM

Posted 02 September 2010 - 05:35 PM

Hi there,

Can you post that MBAM log as well please?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 Hunter_1980

Hunter_1980
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 02 September 2010 - 05:47 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/2/2010 11:53:03 AM
mbam-log-2010-09-02 (11-53-03).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 207124
Time elapsed: 53 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 223
Registry Values Infected: 8
Registry Data Items Infected: 9
Folders Infected: 46
Files Infected: 272

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gamevance.linker (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1d22e9e4-f771-4b8d-aa68-ba04e8980e07} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a851c98a-6136-4b02-9ec7-22aaf33e7b97} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da4b6a86-82e7-4a9e-abb9-3b225bc214a4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7370f91f-6994-4595-9949-601fa2261c8d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gamevance.linker.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarweather.weathercontroller (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarweather.weathercontroller.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70880ce6-308c-4204-a89e-b266c3f7b7fa} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c788aa2-7530-43be-97b7-4d491f13bea3} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bb05bd70-4605-4829-93fc-ad80d8cc5b66} (Rogue.PerformanceCenter) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\windefender 2008 (Rogue.WinDefender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.70.0 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\zango@zango.com (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\ntos.exe -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (c:\windows\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\IESkins (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0 (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOI (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOI\dynamic (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOL (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOL\dynamic (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\ustat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\1 (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2 (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WeatherDPA\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WeatherDPA\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvtl.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Crystal Palace\bj.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files\Crystal Palace\casino.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files\Crystal Palace\directsound.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files\Crystal Palace\Install.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files\Crystal Palace\lbyinst.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files\Crystal Palace\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files\Crystal Palace\plibc32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files\Crystal Palace\winsound.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\Jessica school\limewiresetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP6\A0011988.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\cru629.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cru629.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\09012010_104402\C_WINDOWS\cru629.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\09012010_104402\C_WINDOWS\system32\cru629.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\890068.sdf (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\domains.txt (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\ustat\36fe.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\avatar.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\components.cdf (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\cursors.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\default.cdf (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\ie_video.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\keywords.idx (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\layout.cdf (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\top7.cdf (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.idx (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.txt (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\components.cdf (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\default.cdf (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_511745-514279.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_bidzC_ZT_IE-ca.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_bidzC_ZT_IE-us.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_categorize.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_comparison.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_explorer-Mails.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_explorer-people.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_favorites.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_Games.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_Hide.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_hotbarcom.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_Hotmail.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_hsskin.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_jemster.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_jemsterie.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_jemsteruk.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_jobsearch.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_Mails.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_MobileSidewalk.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_new.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_premium.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_reun.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_ringtones.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_SearchBoxTrapper.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_searchfor.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_searchgo.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_weather.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_yellowpages.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\email-def-511724-548964.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\email-def-511724-9595.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.idx (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.cdf (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xml (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\theweb.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.cdf (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\Top7_theweb.mnu (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.res (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\100BBAAC.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvcfglib.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvhlp.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvpop.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvutil.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvwslib.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\Thumbs.db (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0006DFA4 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00098E2A (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000F5848 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\04ADADC6 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\09B0A317.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\09B0B075.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\09B0BD84.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\09B0BE8E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1009ED3F (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1009F137 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1009F415.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1009F5CB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1009F751.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1009F8B9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\122C3E5D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio(2).dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_hpk.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WeatherDPA\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aspimgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\winivstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_check32.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.


#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:01:57 PM

Posted 03 September 2010 - 03:20 PM

Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 Hunter_1980

Hunter_1980
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 03 September 2010 - 04:12 PM

I do not have internet access, so I can't update the definitions or run the online Kaspersky scanner. TBF ran and cleaned all the temp files, I have the MBAM scan running but with obsolete definition files.

Update:
I poked around some more, I don't have admin privileges on any account. I tried booting in safe mode using the admin account, and under user accounts the 'Owner' account is listed as having computer administrator rights. I tried adding another user account with admin rights, and when I logged in under the new admin account, I had all the same 'limited user' privileges. I cannot conduct any troubleshooting using the device manager, I get nothing - my sole option under 'Action' is 'Help'.

Edited by Hunter_1980, 03 September 2010 - 04:54 PM.


#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:01:57 PM

Posted 03 September 2010 - 04:32 PM

You can download files okay though, right?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 Hunter_1980

Hunter_1980
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 03 September 2010 - 06:08 PM

Downloading from the internet: no. Strangest circumstances on this system - usb ports don't work, but the integrated flash card reader works which is how I've been loading / running OTL & GMER etc., and how I've transferred the diagnostics logs. I haven't seen every kind of infection, but one that kills the usb and locks out anybody with admin rights? New one on me...

BTW, here is the MBAM log:





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/3/2010 3:26:28 PM
mbam-log-2010-09-03 (15-26-28).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 195135
Time elapsed: 41 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:01:57 PM

Posted 03 September 2010 - 08:53 PM

Hi there,

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 Hunter_1980

Hunter_1980
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 07 September 2010 - 10:03 AM

Sorry for the delay getting back to you, long holiday weekend. Will post logs next.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users