Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Windows XP behavior


  • This topic is locked This topic is locked
19 replies to this topic

#1 sniper7

sniper7

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 09 March 2011 - 07:22 PM

Please refer to my original post per Cryptodan. Here's link: http://www.bleepingcomputer.com/forums/topic383909.html

As I was running the GMER program PC Tools must have been running in the background. I thoughtI had it disabled but it poped up and said it cleaned 7 infections while GMER was running. I hope this did not screw with the log I just generated. If you need the PC Tools log (if I can get one) I will send it also if you let me know you want it.

Thanks so much for the help!
Roger

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Roger White at 14:03:52.09 on Wed 03/09/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1237 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\PC Tools Security\TFEngine\TFService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Roger White\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110301163452.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [CARPService] carpserv.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [VTTimer] VTTimer.exe
mRun: [<NO NAME>]
mRun: [Norton Ghost 9.0] c:\program files\symantec\norton ghost\agent\GhostTray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\viarai~1.lnk - c:\program files\via\raid\raid_tool.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167970944203
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
Hosts: 10.10.109.120 HP00215A9F21C0
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-1 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-1 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-1 656320]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-11-10 138801]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-3-1 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-3-1 69392]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-12-24 77312]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-1 84072]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-3-1 251560]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-11-10 46800]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-3-1 247760]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-1 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-1 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-1 141792]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-3-1 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-3-1 1150936]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-1 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-1 152960]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-1 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88544]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-3-1 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-3-1 33552]
R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S2 gupdate1c9f924ddead1a4;Google Update Service (gupdate1c9f924ddead1a4);c:\program files\google\update\GoogleUpdate.exe [2009-6-29 133104]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 cpuz134;cpuz134;\??\c:\docume~1\rogerw~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\rogerw~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-1 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-1 84264]
.
=============== Created Last 30 ================
.
2011-03-08 21:25:32 -------- d-----w- c:\program files\Symantec
2011-03-03 16:15:32 -------- d-----w- c:\program files\TurboTax
2011-03-01 21:34:50 9344 ------w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-01 21:34:38 88544 ------w- c:\windows\system32\drivers\mfendisk.sys
2011-03-01 21:34:38 84264 ------w- c:\windows\system32\drivers\mferkdet.sys
2011-03-01 21:34:38 84072 ------w- c:\windows\system32\drivers\mfetdi2k.sys
2011-03-01 21:34:37 52104 ------w- c:\windows\system32\drivers\mfebopk.sys
2011-03-01 21:34:37 313288 ------w- c:\windows\system32\drivers\mfefirek.sys
2011-03-01 21:34:37 152960 ------w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-01 21:34:36 55840 ------w- c:\windows\system32\drivers\cfwids.sys
2011-03-01 21:34:24 -------- d-----w- c:\program files\common files\Mcafee
2011-03-01 21:34:21 -------- d-----w- c:\program files\McAfee.com
2011-03-01 21:34:10 -------- d-----w- c:\program files\McAfee
2011-03-01 21:27:54 141792 ------w- c:\windows\system32\mfevtps.exe
2011-03-01 21:05:00 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-03-01 21:05:00 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-03-01 21:05:00 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-03-01 21:04:47 767952 ------w- c:\windows\BDTSupport.dll
2011-03-01 21:04:47 2000848 ------w- c:\windows\PCTBDCore.dll
2011-03-01 21:04:47 1533904 ------w- c:\windows\PCTBDRes.dll
2011-03-01 21:04:47 149456 ------w- c:\windows\SGDetectionTool.dll
2011-03-01 21:02:12 656320 ------w- c:\windows\system32\drivers\pctEFA.sys
2011-03-01 21:02:12 338880 ------w- c:\windows\system32\drivers\pctDS.sys
2011-03-01 21:02:11 251560 ------w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-01 21:02:06 239168 ------w- c:\windows\system32\drivers\PCTCore.sys
2011-03-01 21:02:06 160448 ------w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-01 21:01:58 70536 ------w- c:\windows\system32\drivers\pctplsg.sys
2011-03-01 21:01:50 -------- d-----w- c:\program files\common files\PC Tools
2011-03-01 21:01:50 -------- d-----w- c:\docume~1\rogerw~1\applic~1\PC Tools
2011-02-28 19:26:55 -------- d-----w- c:\docume~1\rogerw~1\applic~1\Malwarebytes
2011-02-28 19:26:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-28 16:33:23 -------- d-----w- c:\docume~1\rogerw~1\applic~1\AVG10
2011-02-28 16:32:22 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-02-28 16:31:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-02-28 16:15:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-02-27 17:44:50 3576 ------w- c:\windows\system32\tmp.reg
2011-02-27 15:55:17 -------- d-----w- c:\program files\PC Tools Security
2011-02-25 22:52:29 5943120 ------w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{6b2ebbf3-fa79-49a7-9f35-8d9782a3219c}\mpengine.dll
2011-02-25 01:14:33 -------- d-----w- c:\docume~1\rogerw~1\locals~1\applic~1\Threat Expert
2011-02-24 22:49:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-02-24 18:22:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-02-24 17:41:15 388096 ------r- c:\docume~1\rogerw~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-24 17:41:15 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M ====================
.
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 14:08:31.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:23 PM

Posted 14 March 2011 - 08:41 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sniper7

sniper7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 14 March 2011 - 04:19 PM

Hi Gringo!

Thanks for the help! I understand that you are swamped. There is some kind of MalWare storm going on right now. So I am thankful you got to me as fast as you did! RKUnhooker does not run for me. I tried several different ways and no luck. I get the attached failure log. Let me know if you have any ideas...

I did get the other two logs you requested.

Also: Should I turn off PC Tools Spyware Doctor while you are helping me?

Thanks again!
Sniper

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Roger White at 16:50:29.54 on Mon 03/14/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1270 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\PC Tools Security\TFEngine\TFService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Roger White\Desktop\New Folder\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110301163452.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [CARPService] carpserv.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [VTTimer] VTTimer.exe
mRun: [Norton Ghost 9.0] c:\program files\symantec\norton ghost\agent\GhostTray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\viarai~1.lnk - c:\program files\via\raid\raid_tool.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167970944203
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
Hosts: 10.10.109.120 HP00215A9F21C0
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-1 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-1 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-1 656320]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-11-10 138801]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-3-1 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-3-1 69392]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-12-24 77312]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-1 84072]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-3-1 251560]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-11-10 46800]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-3-1 247760]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-1 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-1 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-1 141792]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-3-1 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-3-1 1150936]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-1 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-1 152960]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-1 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88544]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-3-1 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-3-1 33552]
R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S2 gupdate1c9f924ddead1a4;Google Update Service (gupdate1c9f924ddead1a4);c:\program files\google\update\GoogleUpdate.exe [2009-6-29 133104]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 cpuz134;cpuz134;\??\c:\docume~1\rogerw~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\rogerw~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-1 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-1 84264]
.
=============== Created Last 30 ================
.
2011-03-08 21:25:32 -------- d-----w- c:\program files\Symantec
2011-03-03 16:15:32 -------- d-----w- c:\program files\TurboTax
2011-03-01 21:34:50 9344 ------w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-01 21:34:38 88544 ------w- c:\windows\system32\drivers\mfendisk.sys
2011-03-01 21:34:38 84264 ------w- c:\windows\system32\drivers\mferkdet.sys
2011-03-01 21:34:38 84072 ------w- c:\windows\system32\drivers\mfetdi2k.sys
2011-03-01 21:34:37 52104 ------w- c:\windows\system32\drivers\mfebopk.sys
2011-03-01 21:34:37 313288 ------w- c:\windows\system32\drivers\mfefirek.sys
2011-03-01 21:34:37 152960 ------w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-01 21:34:36 55840 ------w- c:\windows\system32\drivers\cfwids.sys
2011-03-01 21:34:24 -------- d-----w- c:\program files\common files\Mcafee
2011-03-01 21:34:21 -------- d-----w- c:\program files\McAfee.com
2011-03-01 21:34:10 -------- d-----w- c:\program files\McAfee
2011-03-01 21:27:54 141792 ------w- c:\windows\system32\mfevtps.exe
2011-03-01 21:05:00 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-03-01 21:05:00 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-03-01 21:05:00 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-03-01 21:04:47 767952 ------w- c:\windows\BDTSupport.dll
2011-03-01 21:04:47 2000848 ------w- c:\windows\PCTBDCore.dll
2011-03-01 21:04:47 1533904 ------w- c:\windows\PCTBDRes.dll
2011-03-01 21:04:47 149456 ------w- c:\windows\SGDetectionTool.dll
2011-03-01 21:02:12 656320 ------w- c:\windows\system32\drivers\pctEFA.sys
2011-03-01 21:02:12 338880 ------w- c:\windows\system32\drivers\pctDS.sys
2011-03-01 21:02:11 251560 ------w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-01 21:02:06 239168 ------w- c:\windows\system32\drivers\PCTCore.sys
2011-03-01 21:02:06 160448 ------w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-01 21:01:58 70536 ------w- c:\windows\system32\drivers\pctplsg.sys
2011-03-01 21:01:50 -------- d-----w- c:\program files\common files\PC Tools
2011-03-01 21:01:50 -------- d-----w- c:\docume~1\rogerw~1\applic~1\PC Tools
2011-02-28 19:26:55 -------- d-----w- c:\docume~1\rogerw~1\applic~1\Malwarebytes
2011-02-28 19:26:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-28 16:33:23 -------- d-----w- c:\docume~1\rogerw~1\applic~1\AVG10
2011-02-28 16:32:22 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-02-28 16:31:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-02-28 16:15:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-02-27 17:44:50 3576 ------w- c:\windows\system32\tmp.reg
2011-02-27 15:55:17 -------- d-----w- c:\program files\PC Tools Security
2011-02-25 22:52:29 5943120 ------w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{6b2ebbf3-fa79-49a7-9f35-8d9782a3219c}\mpengine.dll
2011-02-25 01:14:33 -------- d-----w- c:\docume~1\rogerw~1\locals~1\applic~1\Threat Expert
2011-02-24 22:49:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-02-24 18:22:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-02-24 17:41:15 388096 ------r- c:\docume~1\rogerw~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-24 17:41:15 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 16:54:52.46 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/5/2007 11:39:27 AM
System Uptime: 3/14/2011 9:56:29 AM (7 hours ago)
.
Motherboard: | | PM800-8237
Processor: Intel® Pentium® 4 CPU 3.00GHz | Socket 478 | 3000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 932 GiB total, 792.996 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 101.562 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7500
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro L7500
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7500_7600_7700_Help
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.2
Adobe SVG Viewer 3.0
Apple Software Update
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
Browser Defender 3.0
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Imaging Device Functions 7.0
HP Officejet Pro All-In-One Series
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
L7500
LiveUpdate 2.0 (Symantec Corporation)
Logitech QuickCam
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MPM
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetDeviceManager
Norton Ghost 9.0
OCR Software by I.R.I.S 7.0
OGA Notifier 2.0.0048.0
PanoStandAlone
PC Wizard 2010.1.92
Print Perfect Deluxe
ProductContext
PS7400
QuickTime
RealPlayer
RealUpgrade 1.0
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Skype™ 4.1
SolutionCenter
Spyware Doctor 8.0
Status
Toolbox
TrayApp
TurboTax 2010
TurboTax 2010 wgaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
VIA Rhine-Family Fast Ethernet Adapter
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
ZipWiz 2005 by Synaptek Software
.
==== Event Viewer Messages From Past Week ========
.
3/8/2011 4:36:30 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
3/8/2011 4:29:56 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/11/2011 3:10:45 PM, error: Disk [15] - The device, \Device\Harddisk1\D, is not ready for access yet.
.
==== End Of File ===========================

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:23 PM

Posted 14 March 2011 - 07:08 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sniper7

sniper7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 15 March 2011 - 12:15 AM

Here's the log file from combofix. It is already running better!

I really appreciate your help! I will post an update on how its running tomorrow.


ComboFix 11-03-14.02 - Roger White 03/15/2011 0:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1381 [GMT -4:00]
Running from: c:\documents and settings\Roger White\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 )))))))))))))))))))))))))))))))
.
.
2011-03-15 04:08 . 2011-03-15 04:10 -------- d-----r- C:\32788R22FWJFW
2011-03-08 21:25 . 2011-03-08 21:26 -------- d-----w- c:\program files\Symantec
2011-03-03 16:15 . 2011-03-03 16:15 -------- d-----w- c:\program files\TurboTax
2011-03-01 21:34 . 2010-10-14 03:28 9344 ------w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-01 21:34 . 2010-10-14 03:28 88544 ------w- c:\windows\system32\drivers\mfendisk.sys
2011-03-01 21:34 . 2010-10-14 03:28 84264 ------w- c:\windows\system32\drivers\mferkdet.sys
2011-03-01 21:34 . 2010-10-14 03:28 84072 ------w- c:\windows\system32\drivers\mfetdi2k.sys
2011-03-01 21:34 . 2010-10-14 03:28 52104 ------w- c:\windows\system32\drivers\mfebopk.sys
2011-03-01 21:34 . 2010-10-14 03:28 313288 ------w- c:\windows\system32\drivers\mfefirek.sys
2011-03-01 21:34 . 2010-10-14 03:28 152960 ------w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-01 21:34 . 2010-10-14 03:28 55840 ------w- c:\windows\system32\drivers\cfwids.sys
2011-03-01 21:34 . 2011-03-01 21:35 -------- d-----w- c:\program files\Common Files\Mcafee
2011-03-01 21:34 . 2011-03-01 22:20 -------- d-----w- c:\program files\McAfee
2011-03-01 21:27 . 2010-10-14 03:28 141792 ------w- c:\windows\system32\mfevtps.exe
2011-03-01 21:05 . 2010-12-31 14:36 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-03-01 21:05 . 2010-12-31 14:36 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-03-01 21:05 . 2010-12-31 14:36 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-03-01 21:04 . 2011-01-07 19:54 149456 ------w- c:\windows\SGDetectionTool.dll
2011-03-01 21:04 . 2011-01-07 19:54 1533904 ------w- c:\windows\PCTBDRes.dll
2011-03-01 21:04 . 2011-01-07 19:54 2000848 ------w- c:\windows\PCTBDCore.dll
2011-03-01 21:04 . 2011-01-07 19:54 767952 ------w- c:\windows\BDTSupport.dll
2011-03-01 21:02 . 2010-07-16 19:59 656320 ------w- c:\windows\system32\drivers\pctEFA.sys
2011-03-01 21:02 . 2010-07-16 19:59 338880 ------w- c:\windows\system32\drivers\pctDS.sys
2011-03-01 21:02 . 2011-01-17 14:10 251560 ------w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-01 21:02 . 2010-12-10 21:57 160448 ------w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-01 21:02 . 2010-12-10 18:24 239168 ------w- c:\windows\system32\drivers\PCTCore.sys
2011-03-01 21:01 . 2010-12-16 13:46 70536 ------w- c:\windows\system32\drivers\pctplsg.sys
2011-03-01 21:01 . 2011-03-01 21:04 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-01 21:01 . 2011-03-01 21:01 -------- d-----w- c:\documents and settings\Roger White\Application Data\PC Tools
2011-02-28 20:44 . 2011-02-28 20:44 -------- d-----w- c:\documents and settings\Administrator
2011-02-28 19:26 . 2011-02-28 19:26 -------- d-----w- c:\documents and settings\Roger White\Application Data\Malwarebytes
2011-02-28 19:26 . 2011-02-28 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-28 16:33 . 2011-02-28 16:33 -------- d-----w- c:\documents and settings\Roger White\Application Data\AVG10
2011-02-28 16:32 . 2011-02-28 16:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-02-28 16:31 . 2011-03-01 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-02-28 16:15 . 2011-02-28 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-02-27 20:15 . 2011-02-27 20:26 -------- d-----w- c:\windows\BDOSCAN8
2011-02-27 17:44 . 2011-02-27 18:05 3576 ------w- c:\windows\system32\tmp.reg
2011-02-27 17:36 . 2009-06-02 16:17 75776 ------w- c:\windows\system32\WS2Fix.exe
2011-02-27 17:36 . 2008-12-12 06:57 78336 ------w- c:\windows\system32\Agent.OMZ.Fix.exe
2011-02-27 17:36 . 2008-11-29 23:58 82944 ------w- c:\windows\system32\IEDFix.C.exe
2011-02-27 17:36 . 2008-10-01 20:51 87552 ------w- c:\windows\system32\VACFix.exe
2011-02-27 17:36 . 2008-09-20 17:45 80384 ------w- c:\windows\system32\o4Patch.exe
2011-02-27 17:36 . 2008-08-18 17:19 82432 ------w- c:\windows\system32\404Fix.exe
2011-02-27 17:36 . 2008-05-19 02:40 82944 ------w- c:\windows\system32\IEDFix.exe
2011-02-27 17:36 . 2007-09-06 05:22 289144 ------w- c:\windows\system32\VCCLSID.exe
2011-02-27 17:36 . 2006-04-27 22:49 288417 ------w- c:\windows\system32\SrchSTS.exe
2011-02-27 17:36 . 2004-07-31 23:50 51200 ------w- c:\windows\system32\dumphive.exe
2011-02-27 17:36 . 2003-06-06 02:13 53248 ----a-w- c:\windows\system32\Process.exe
2011-02-27 15:55 . 2011-03-15 03:47 -------- d-----w- c:\program files\PC Tools Security
2011-02-26 02:00 . 2011-02-26 02:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-02-25 22:52 . 2011-02-11 06:54 5943120 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{6B2EBBF3-FA79-49A7-9F35-8D9782A3219C}\mpengine.dll
2011-02-25 15:46 . 2011-02-25 15:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-02-25 01:14 . 2011-02-25 01:14 -------- d-----w- c:\documents and settings\Roger White\Local Settings\Application Data\Threat Expert
2011-02-24 22:49 . 2011-03-01 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-02-24 18:22 . 2011-02-25 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-02-24 17:41 . 2011-02-24 17:41 388096 ------r- c:\documents and settings\Roger White\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-24 17:41 . 2011-02-24 17:41 -------- d-----w- c:\program files\Trend Micro
2011-02-16 01:25 . 2011-03-02 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-15 11:35 . 2011-02-15 11:35 12 ----a-w- c:\windows\Fonts\wfonts.key
2011-02-09 13:53 . 2002-08-29 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-08-29 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 22:11 . 2009-10-03 01:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2007-03-05 16:03 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2007-03-05 16:03 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2002-08-29 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 09:41 . 2006-06-26 02:52 5890896 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-01-07 14:09 . 2002-08-29 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-06 16:54 . 2011-03-01 21:04 2125 ------w- c:\windows\UDB.zip
2010-12-31 13:10 . 2002-08-29 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2002-08-29 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2002-08-29 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2007-02-13 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"CARPService"="carpserv.exe" [2003-06-11 4608]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-04 344064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1193848]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-11-10 1126400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2006-2-19 288472]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2004-12-24 565248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\digital imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\digital imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/1/2011 5:02 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3/1/2011 5:02 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [3/1/2011 5:02 PM 656320]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [11/10/2004 11:30 AM 138801]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3/1/2011 5:05 PM 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3/1/2011 5:05 PM 69392]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12/24/2004 4:47 PM 77312]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/1/2011 5:34 PM 84072]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/1/2011 5:02 PM 251560]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [11/10/2004 11:49 AM 46800]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [3/1/2011 5:04 PM 247760]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/1/2011 5:34 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/1/2011 5:34 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/1/2011 5:34 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/1/2011 5:34 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/1/2011 5:27 PM 141792]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [3/1/2011 5:01 PM 366840]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/1/2011 5:34 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/1/2011 5:34 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/1/2011 5:34 PM 88544]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/1/2011 5:01 PM 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3/1/2011 5:05 PM 33552]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
S2 gupdate1c9f924ddead1a4;Google Update Service (gupdate1c9f924ddead1a4);c:\program files\Google\Update\GoogleUpdate.exe [6/29/2009 9:48 PM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 cpuz134;cpuz134;\??\c:\docume~1\ROGERW~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ROGERW~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/1/2011 5:34 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/1/2011 5:34 PM 84264]
S3 Normandy;Normandy SR2; [x]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
*Deregistered* - PCTSDInjDriver32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 01:48]
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 01:48]
.
2011-03-15 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe [2004-06-07 04:53]
.
2011-03-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1275210071-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1275210071-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-15 c:\windows\Tasks\User_Feed_Synchronization-{B4ABB188-C66A-4498-A998-A5A67F5E8D9D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-15 00:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1308)
c:\windows\system32\Ati2evxx.dll
c:\program files\PC Tools Security\TFEngine\TFNI.dll
c:\program files\PC Tools Security\TFEngine\TFMon.dll
c:\program files\PC Tools Security\TFEngine\TFRK.dll
c:\program files\PC Tools Security\TFEngine\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(1364)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\PC Tools Security\TFEngine\TFWAH.dll
.
- - - - - - - > 'explorer.exe'(3596)
c:\windows\system32\WININET.dll
c:\program files\PC Tools Security\TFEngine\TfWah.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-15 01:09:31
ComboFix-quarantined-files.txt 2011-03-15 05:09
.
Pre-Run: 851,226,136,576 bytes free
Post-Run: 851,439,808,512 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 061CD84371093B0EC07DC0824550A0F7
.

Attached Files


Edited by gringo_pr, 15 March 2011 - 06:01 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:23 PM

Posted 15 March 2011 - 06:04 AM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.2

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sniper7

sniper7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 15 March 2011 - 09:26 AM

Gringo,

My PC is still acting stupid... not showing all the running program icons in the taskbar. When I ran ComboFix last night some came back while it was working, those do not show up today... I get 4 icons now I did have 7 before all this started... It does seem to be faster but I still see HD activity all the time. I have McAfee and PC Tools disabled but they might still be causing some HD activity, not sure about that.

Here's the logs.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6065

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/15/2011 10:13:54 AM
mbam-log-2011-03-15 (10-13-54).txt

Scan type: Quick scan
Objects scanned: 159506
Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:16:32 AM, on 3/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\PC Tools Security\TFEngine\TFService.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110301163452.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167970944203
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Update Service (gupdate1c9f924ddead1a4) (gupdate1c9f924ddead1a4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Security\TFEngine\TFService.exe

--
End of file - 10202 bytes

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:23 PM

Posted 15 March 2011 - 09:45 AM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sniper7

sniper7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 15 March 2011 - 11:24 AM

Here you go....No threats found..

2011/03/15 12:22:18.0343 5888 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/15 12:22:19.0125 5888 ================================================================================
2011/03/15 12:22:19.0125 5888 SystemInfo:
2011/03/15 12:22:19.0125 5888
2011/03/15 12:22:19.0125 5888 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/15 12:22:19.0125 5888 Product type: Workstation
2011/03/15 12:22:19.0125 5888 ComputerName: BIGDOG
2011/03/15 12:22:19.0125 5888 UserName: Roger White
2011/03/15 12:22:19.0125 5888 Windows directory: C:\WINDOWS
2011/03/15 12:22:19.0125 5888 System windows directory: C:\WINDOWS
2011/03/15 12:22:19.0125 5888 Processor architecture: Intel x86
2011/03/15 12:22:19.0125 5888 Number of processors: 2
2011/03/15 12:22:19.0125 5888 Page size: 0x1000
2011/03/15 12:22:19.0125 5888 Boot type: Normal boot
2011/03/15 12:22:19.0125 5888 ================================================================================
2011/03/15 12:22:19.0468 5888 Initialize success
2011/03/15 12:22:22.0453 5304 ================================================================================
2011/03/15 12:22:22.0453 5304 Scan started
2011/03/15 12:22:22.0453 5304 Mode: Manual;
2011/03/15 12:22:22.0453 5304 ================================================================================
2011/03/15 12:22:23.0093 5304 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/15 12:22:23.0125 5304 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/15 12:22:23.0218 5304 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/15 12:22:23.0296 5304 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/15 12:22:23.0671 5304 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/15 12:22:23.0703 5304 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/15 12:22:23.0828 5304 ati2mtag (9bb016be998fbe484da76be470aa9c56) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/03/15 12:22:23.0890 5304 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/15 12:22:23.0937 5304 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/15 12:22:24.0000 5304 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/15 12:22:24.0140 5304 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/15 12:22:24.0187 5304 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/15 12:22:24.0250 5304 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/15 12:22:24.0296 5304 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/15 12:22:24.0343 5304 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/15 12:22:24.0406 5304 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
2011/03/15 12:22:24.0671 5304 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/15 12:22:24.0750 5304 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/15 12:22:24.0781 5304 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/03/15 12:22:24.0828 5304 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/15 12:22:24.0875 5304 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/15 12:22:24.0984 5304 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/15 12:22:25.0078 5304 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/15 12:22:25.0125 5304 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/15 12:22:25.0171 5304 FET5X86V (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/03/15 12:22:25.0203 5304 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/03/15 12:22:25.0281 5304 FETNDISB (a306e75d699da98d0f9286b4e268661d) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
2011/03/15 12:22:25.0343 5304 FilterService (ed6c44547540e7892a1c34fd4bd35a53) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/03/15 12:22:25.0375 5304 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/15 12:22:25.0437 5304 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/15 12:22:25.0484 5304 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/15 12:22:25.0562 5304 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/15 12:22:25.0593 5304 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/15 12:22:25.0656 5304 GearAspiWDM (d9d93a84da53e0bd515a62b3c4aeea78) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
2011/03/15 12:22:25.0703 5304 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/15 12:22:25.0765 5304 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/15 12:22:25.0875 5304 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/15 12:22:25.0921 5304 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/15 12:22:25.0968 5304 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/15 12:22:26.0015 5304 HSFHWBS2 (3d3f3ae5bde2be80dfb8a03f121b3849) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/03/15 12:22:26.0062 5304 HSF_DP (9b731969ba86d9a3ca55638264603e12) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/15 12:22:26.0156 5304 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/15 12:22:26.0328 5304 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/15 12:22:26.0421 5304 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/15 12:22:26.0640 5304 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/15 12:22:26.0718 5304 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/15 12:22:26.0781 5304 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/15 12:22:26.0843 5304 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/15 12:22:26.0890 5304 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/15 12:22:26.0937 5304 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/15 12:22:26.0984 5304 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/15 12:22:27.0046 5304 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/15 12:22:27.0062 5304 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/15 12:22:27.0125 5304 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/15 12:22:27.0156 5304 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/15 12:22:27.0375 5304 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/03/15 12:22:27.0468 5304 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2011/03/15 12:22:27.0578 5304 lvpopflt (92990b040b68632cc3f80a742d163937) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/03/15 12:22:27.0656 5304 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2011/03/15 12:22:27.0718 5304 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/03/15 12:22:27.0828 5304 LVUVC (b0dfee7da5e6d04762e25e355d94d8b5) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/03/15 12:22:27.0968 5304 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/15 12:22:28.0046 5304 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/03/15 12:22:28.0093 5304 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/03/15 12:22:28.0156 5304 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/03/15 12:22:28.0250 5304 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/03/15 12:22:28.0296 5304 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/03/15 12:22:28.0375 5304 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/03/15 12:22:28.0390 5304 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/03/15 12:22:28.0437 5304 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/03/15 12:22:28.0484 5304 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/03/15 12:22:28.0531 5304 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/15 12:22:28.0593 5304 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/15 12:22:28.0625 5304 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/15 12:22:28.0671 5304 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/15 12:22:28.0734 5304 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/15 12:22:28.0765 5304 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/15 12:22:28.0859 5304 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/15 12:22:28.0921 5304 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/15 12:22:28.0968 5304 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/15 12:22:29.0015 5304 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/15 12:22:29.0046 5304 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/15 12:22:29.0093 5304 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/15 12:22:29.0140 5304 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/15 12:22:29.0203 5304 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/15 12:22:29.0234 5304 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/15 12:22:29.0296 5304 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/15 12:22:29.0328 5304 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/15 12:22:29.0406 5304 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/15 12:22:29.0437 5304 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/15 12:22:29.0484 5304 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/15 12:22:29.0515 5304 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/15 12:22:29.0578 5304 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/15 12:22:29.0640 5304 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/15 12:22:29.0671 5304 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/15 12:22:29.0812 5304 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/15 12:22:29.0859 5304 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/15 12:22:29.0937 5304 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\System32\ntsim.sys
2011/03/15 12:22:29.0968 5304 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/15 12:22:30.0031 5304 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/15 12:22:30.0093 5304 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/15 12:22:30.0171 5304 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/15 12:22:30.0203 5304 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/15 12:22:30.0281 5304 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/15 12:22:30.0312 5304 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/15 12:22:30.0453 5304 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/15 12:22:30.0500 5304 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/03/15 12:22:30.0546 5304 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
2011/03/15 12:22:30.0593 5304 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
2011/03/15 12:22:30.0640 5304 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/03/15 12:22:30.0687 5304 pctplsg (1ea4b41d30f28ff5e186a49b4a1d36d9) C:\WINDOWS\system32\drivers\pctplsg.sys
2011/03/15 12:22:31.0015 5304 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/15 12:22:31.0062 5304 PQIMount (ee2fcc8ed392a6977118725eba57deea) C:\WINDOWS\system32\drivers\PQIMount.sys
2011/03/15 12:22:31.0125 5304 PQV2i (37ebf1b8ac2be603e5ba08dbb3c113ab) C:\WINDOWS\system32\drivers\PQV2i.sys
2011/03/15 12:22:31.0156 5304 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/15 12:22:31.0218 5304 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/15 12:22:31.0265 5304 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/15 12:22:31.0515 5304 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/15 12:22:31.0593 5304 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/15 12:22:31.0656 5304 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/15 12:22:31.0687 5304 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/15 12:22:31.0765 5304 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/15 12:22:31.0781 5304 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/15 12:22:31.0843 5304 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/15 12:22:31.0890 5304 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/15 12:22:31.0937 5304 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/15 12:22:32.0109 5304 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/15 12:22:32.0156 5304 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/15 12:22:32.0218 5304 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/15 12:22:32.0296 5304 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/15 12:22:32.0421 5304 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/15 12:22:32.0500 5304 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/03/15 12:22:32.0578 5304 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/15 12:22:32.0656 5304 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/15 12:22:32.0703 5304 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/15 12:22:32.0781 5304 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/03/15 12:22:32.0812 5304 StreamDispatcher (d69904a55aaace06b244e33824da89b7) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
2011/03/15 12:22:32.0859 5304 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/15 12:22:32.0906 5304 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/15 12:22:32.0937 5304 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/15 12:22:33.0171 5304 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/15 12:22:33.0218 5304 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/15 12:22:33.0250 5304 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/15 12:22:33.0328 5304 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/15 12:22:33.0390 5304 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/15 12:22:33.0500 5304 TfFsMon (1c7be4e77d42a93e6cd82ef742a50524) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/03/15 12:22:33.0546 5304 TfNetMon (40d1ad5741204ea83661e1b4d3d0d0c5) C:\WINDOWS\system32\drivers\TfNetMon.sys
2011/03/15 12:22:33.0593 5304 TFSysMon (5d30e224ac2183357cb478b5cb73bd31) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/03/15 12:22:33.0703 5304 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/03/15 12:22:33.0750 5304 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/03/15 12:22:33.0906 5304 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/15 12:22:34.0015 5304 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/15 12:22:34.0109 5304 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/15 12:22:34.0140 5304 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/15 12:22:34.0187 5304 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/15 12:22:34.0250 5304 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/15 12:22:34.0296 5304 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/15 12:22:34.0359 5304 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/15 12:22:34.0406 5304 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/15 12:22:34.0453 5304 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/15 12:22:34.0484 5304 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/15 12:22:34.0531 5304 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/03/15 12:22:34.0593 5304 viagfx (ba3553bb64b1a44be24d5dc94de0764a) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/03/15 12:22:34.0625 5304 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/15 12:22:34.0687 5304 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\DRIVERS\viasraid.sys
2011/03/15 12:22:34.0734 5304 VIAudio (df47d922e86f4c571d81221bfb5873b8) C:\WINDOWS\system32\drivers\vinyl97.sys
2011/03/15 12:22:34.0765 5304 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/15 12:22:34.0812 5304 vulfnths (16409c468ceee99b6b129fcaa5c0f206) C:\WINDOWS\System32\Drivers\vulfnth.sys
2011/03/15 12:22:34.0859 5304 vulfntrs (9fcad546c6285d5073fb926709203049) C:\WINDOWS\System32\Drivers\vulfntr.sys
2011/03/15 12:22:34.0921 5304 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/15 12:22:35.0000 5304 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/15 12:22:35.0078 5304 winachsf (3a2c273922037971f9e7a0ab549b8b0e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/15 12:22:35.0218 5304 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/15 12:22:35.0296 5304 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/15 12:22:35.0343 5304 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/15 12:22:35.0578 5304 ================================================================================
2011/03/15 12:22:35.0578 5304 Scan finished
2011/03/15 12:22:35.0578 5304 ================================================================================

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:23 PM

Posted 15 March 2011 - 11:26 AM

Do you know what programs are missing?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sniper7

sniper7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 15 March 2011 - 11:48 AM

Sorry, I had a bunch of phone calls I had to take...

Missing now: Volume Control, HP printer center, PC Tools Spyware Doctor, VIA RAID. This changes with every reboot.

Icons I do have now: Norton Ghost, McAfee, HP 7400 Printer and ATI Video card control.

Thanks!

#12 sniper7

sniper7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 15 March 2011 - 05:28 PM

OK, I just came back to my computer and Spyware Doctor is telling me it has removed 36 infections! I have not done much of anything with this PC but what I have worked on with you... I realize that some of these are just cookies but I also see a ton of trojan spyware infections! Looks serious to me!

I have the logs if you want to see them..

Thanks!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:23 PM

Posted 15 March 2011 - 09:29 PM

show me the report

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 sniper7

sniper7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 16 March 2011 - 07:36 AM

Here you go...

Thanks!


PC Tools Spyware Doctor PC Tools Spyware Doctor
DateStatus
3/1/2011 4:05:08 PM:250Service Started
Spyware Doctor Service Application started
3/1/2011 4:05:08 PM:250Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/1/2011 4:05:08 PM:484Anti-Malware Engine
Anti-Malware detection engine was disabled
3/1/2011 4:05:19 PM:78Behavior Guard
Successfully initialized the ThreatFire engine.
3/1/2011 4:05:38 PM:437IntelliGuards status
All IntelliGuards were Enabled
3/1/2011 4:05:40 PM:718Scan Started
Scan Type - Intelli-Scan

3/1/2011 4:05:49 PM:578Immunizer Results
ActiveX section has been immunized, Processed 2542 items.
3/1/2011 4:05:50 PM:718Scan Finished
Scan Type - Intelli-Scan
Items Processed - 0
Threats Detected - 0
Infections Detected - 0

3/1/2011 4:06:22 PM:93Service Stopped
Spyware Doctor Service Application Stopped
3/1/2011 4:08:07 PM:515Service Started
Spyware Doctor Service Application started
3/1/2011 4:08:07 PM:515Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/1/2011 4:08:07 PM:796IntelliGuards status
All IntelliGuards were Enabled
3/1/2011 4:08:14 PM:609Immunizer Results
ActiveX section has been immunized. No items were processed.
3/1/2011 4:09:09 PM:375Behavior Guard
Successfully initialized the ThreatFire engine.
3/1/2011 4:10:40 PM:125Scan Started
Scan Type - Intelli-Scan

3/1/2011 4:10:45 PM:562Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - avgtechnologies.112.2o7.net/ avgtechnologies.112.2o7.net

3/1/2011 4:11:33 PM:750Infection was detected on this computer
Threat Name - Trojan-Downloader.Small.CDY
Type - Registry Value
Risk Level - Elevated
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\stb,
t

3/1/2011 4:11:33 PM:750Infection was detected on this computer
Threat Name - Trojan-Downloader.Small.CDY
Type - Registry Key
Risk Level - Elevated
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\stb

3/1/2011 4:12:24 PM:828Infection was detected on this computer
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Type

3/1/2011 4:12:24 PM:828Infection was detected on this computer
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Time

3/1/2011 4:12:24 PM:843Infection was detected on this computer
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
LoadTime

3/1/2011 4:12:24 PM:843Infection was detected on this computer
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Count

3/1/2011 4:12:24 PM:843Infection was detected on this computer
Threat Name - Trojan.Popuper
Type - Registry Key
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore

3/1/2011 4:12:24 PM:843Infection was detected on this computer
Threat Name - Trojan.Popuper
Type - Registry Key
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}

3/1/2011 4:12:26 PM:156Infection was detected on this computer
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Type

3/1/2011 4:12:26 PM:156Infection was detected on this computer
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Flags

3/1/2011 4:12:26 PM:156Infection was detected on this computer
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Count

3/1/2011 4:12:26 PM:156Infection was detected on this computer
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Time

3/1/2011 4:12:26 PM:171Infection was detected on this computer
Threat Name - Trojan.Popuper
Type - Registry Key
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore

3/1/2011 4:12:26 PM:171Infection was detected on this computer
Threat Name - Trojan.Popuper
Type - Registry Key
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}

3/1/2011 4:14:18 PM:953Scan Finished
Scan Type - Intelli-Scan
Items Processed - 390241
Threats Detected - 3
Infections Detected - 15

3/1/2011 4:14:54 PM:812Infection quarantined
Threat Name - Trojan-Downloader.Small.CDY
Type - Registry Key
Risk Level - Elevated
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\stb

3/1/2011 4:14:54 PM:828Infection quarantined
Threat Name - Trojan-Downloader.Small.CDY
Type - Registry Value
Risk Level - Elevated
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\stb,
t

3/1/2011 4:14:54 PM:828Infection cleaned
Threat Name - Trojan-Downloader.Small.CDY
Type - Registry Key
Risk Level - Elevated
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\stb

3/1/2011 4:14:54 PM:828Infection cleaned
Threat Name - Trojan-Downloader.Small.CDY
Type - Registry Value
Risk Level - Elevated
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\stb,
t

3/1/2011 4:14:54 PM:859Infection quarantined
Threat Name - Trojan.Popuper
Type - Registry Key
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}

3/1/2011 4:14:54 PM:859Infection quarantined
Threat Name - Trojan.Popuper
Type - Registry Key
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore

3/1/2011 4:14:54 PM:859Infection quarantined
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Time

3/1/2011 4:14:54 PM:859Infection quarantined
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Count

3/1/2011 4:14:54 PM:859Infection quarantined
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Flags

3/1/2011 4:14:54 PM:875Infection quarantined
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Type

3/1/2011 4:14:54 PM:875Infection quarantined
Threat Name - Trojan.Popuper
Type - Registry Key
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}

3/1/2011 4:14:54 PM:875Infection quarantined
Threat Name - Trojan.Popuper
Type - Registry Key
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore

3/1/2011 4:14:54 PM:890Infection quarantined
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Count

3/1/2011 4:14:54 PM:890Infection quarantined
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
LoadTime

3/1/2011 4:14:54 PM:906Infection quarantined
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Time

3/1/2011 4:14:54 PM:906Infection quarantined
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Type

3/1/2011 4:14:54 PM:921Infection cleaned
Threat Name - Trojan.Popuper
Type - Registry Key
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}

3/1/2011 4:14:54 PM:921Infection cleaned
Threat Name - Trojan.Popuper
Type - Registry Key
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore

3/1/2011 4:14:54 PM:921Infection cleaned
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Time

3/1/2011 4:14:54 PM:921Infection cleaned
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Count

3/1/2011 4:14:54 PM:921Infection cleaned
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Flags

3/1/2011 4:14:54 PM:921Infection cleaned
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Type

3/1/2011 4:14:54 PM:921Infection cleaned
Threat Name - Trojan.Popuper
Type - Registry Key
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}

3/1/2011 4:14:54 PM:921Infection cleaned
Threat Name - Trojan.Popuper
Type - Registry Key
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore

3/1/2011 4:14:54 PM:921Infection cleaned
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Count

3/1/2011 4:14:54 PM:921Infection cleaned
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
LoadTime

3/1/2011 4:14:54 PM:921Infection cleaned
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Time

3/1/2011 4:14:54 PM:921Infection cleaned
Threat Name - Trojan.Popuper
Type - Registry Value
Risk Level - High
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore,
Type

3/1/2011 4:14:54 PM:953Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - avgtechnologies.112.2o7.net/ avgtechnologies.112.2o7.net

3/1/2011 4:14:57 PM:15Infections Quarantined/Removed Summary
Quarantined - 14
Quarantine Failed - 0
Removed - 15
Remove Failed - 0

3/1/2011 4:15:11 PM:625Scan Started
Scan Type - Intelli-Scan

3/1/2011 4:17:03 PM:906Scan Finished
Scan Type - Intelli-Scan
Items Processed - 389985
Threats Detected - 0
Infections Detected - 0

3/1/2011 4:21:05 PM:765Service Stopped
Spyware Doctor Service Application Stopped
3/1/2011 4:22:47 PM:578Service Started
Spyware Doctor Service Application started
3/1/2011 4:22:47 PM:578Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/1/2011 4:22:47 PM:875IntelliGuards status
All IntelliGuards were Enabled
3/1/2011 4:22:54 PM:640Immunizer Results
ActiveX section has been immunized. No items were processed.
3/1/2011 4:23:51 PM:0Behavior Guard
Successfully initialized the ThreatFire engine.
3/1/2011 4:24:04 PM:156IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - coxhsi.112.2o7.net/ coxhsi.112.2o7.net

3/1/2011 4:26:11 PM:546IntelliGuard Detection Cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - ads.pointroll.com/ ads.pointroll.com

3/1/2011 4:26:11 PM:562IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/1/2011 4:26:11 PM:562IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - coxhsi.112.2o7.net/ coxhsi.112.2o7.net

3/1/2011 4:26:11 PM:562IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - tribalfusion.com/ tribalfusion.com

3/1/2011 4:49:27 PM:734Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/1/2011 5:16:36 PM:468IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - intellitxt.com/ intellitxt.com

3/1/2011 5:16:57 PM:15IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - insightexpressai.com/ insightexpressai.com

3/1/2011 5:16:57 PM:62IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - ad.yieldmanager.com/ ad.yieldmanager.com

3/1/2011 5:16:57 PM:62IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - intellitxt.com/ intellitxt.com

3/1/2011 5:16:57 PM:62IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/1/2011 5:16:57 PM:62IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - serving-sys.com/ serving-sys.com

3/1/2011 5:18:03 PM:828IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - microsoftwindows.112.2o7.net/
microsoftwindows.112.2o7.net

3/1/2011 5:18:03 PM:859IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - m.webtrends.com/ m.webtrends.com

3/1/2011 5:18:40 PM:46IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - microsoftwindows.112.2o7.net/
microsoftwindows.112.2o7.net

3/1/2011 5:18:40 PM:109IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - ad.yieldmanager.com/ ad.yieldmanager.com

3/1/2011 5:18:40 PM:109IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - m.webtrends.com/ m.webtrends.com

3/1/2011 5:18:40 PM:109IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/1/2011 5:19:35 PM:328Service Stopped
Spyware Doctor Service Application Stopped
3/1/2011 7:16:49 PM:421Service Started
Spyware Doctor Service Application started
3/1/2011 7:16:49 PM:421Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/1/2011 7:16:49 PM:781IntelliGuards status
All IntelliGuards were Enabled
3/1/2011 7:16:53 PM:921Immunizer Results
ActiveX section has been immunized. No items were processed.
3/1/2011 7:17:51 PM:921Behavior Guard
Successfully initialized the ThreatFire engine.
3/1/2011 7:45:39 PM:421Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/1/2011 10:30:16 PM:796IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - intellitxt.com/ intellitxt.com

3/1/2011 10:34:33 PM:609IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - adserver.adtechus.com/ adserver.adtechus.com

3/1/2011 10:34:33 PM:609IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/1/2011 10:34:33 PM:609IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/1/2011 10:34:33 PM:671IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - content.yieldmanager.com/ content.yieldmanager.com

3/1/2011 10:35:04 PM:921IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com

3/1/2011 10:35:04 PM:921IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/1/2011 10:53:26 PM:62IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - content.yieldmanager.com/ content.yieldmanager.com

3/1/2011 11:12:48 PM:484Service Stopped
Spyware Doctor Service Application Stopped
3/2/2011 1:14:34 PM:546Service Started
Spyware Doctor Service Application started
3/2/2011 1:14:34 PM:546Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/2/2011 1:16:28 PM:46Behavior Guard
Error: Unable to contact the ThreatFire service, please reinstall.
3/2/2011 1:18:14 PM:0Scan Started
Scan Type - Full Scan

3/2/2011 1:18:26 PM:562Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/2/2011 1:18:30 PM:265Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - m.webtrends.com/ m.webtrends.com

3/2/2011 1:18:32 PM:62Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/2/2011 1:18:32 PM:765Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/2/2011 1:25:09 PM:31Infection was detected on this computer
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\FJOJQTYE\Re_ [GSR]
Some fun in the GS on Friday.

3/2/2011 1:25:09 PM:62Infection was detected on this computer
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\HDAJ3X7U\Fw_
Gynecologist and a Mechanic....

3/2/2011 1:25:09 PM:828Infection was detected on this computer
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\JLEFOHIT\Fw_ THE
MARINES WANT THIS TO ROLL ALL OVER THE U.S.

3/2/2011 1:25:47 PM:437Infection was detected on this computer
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\YNNVTK2S\Fw_ RE_ John
McCain's remark about the Pledge of Allegiance....

3/2/2011 1:26:06 PM:781Infection was detected on this computer
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\ZZE24G9S\FW_ If you
build it, they will come.

3/2/2011 1:31:14 PM:843Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/2/2011 2:47:36 PM:625Scan Finished
Scan Type - Full Scan
Items Processed - 566109
Threats Detected - 3
Infections Detected - 9

3/2/2011 2:47:38 PM:62Infection quarantined
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\ZZE24G9S\FW_ If you
build it, they will come.

3/2/2011 2:47:38 PM:93Infection quarantined
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\YNNVTK2S\Fw_ RE_ John
McCain's remark about the Pledge of Allegiance....

3/2/2011 2:47:38 PM:125Infection quarantined
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\JLEFOHIT\Fw_ THE
MARINES WANT THIS TO ROLL ALL OVER THE U.S.

3/2/2011 2:47:38 PM:156Infection quarantined
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\HDAJ3X7U\Fw_
Gynecologist and a Mechanic....

3/2/2011 2:47:38 PM:187Infection quarantined
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\FJOJQTYE\Re_ [GSR]
Some fun in the GS on Friday.

3/2/2011 2:47:38 PM:203Infection cleaned
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\ZZE24G9S\FW_ If you
build it, they will come.

3/2/2011 2:47:38 PM:218Infection cleaned
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\YNNVTK2S\Fw_ RE_ John
McCain's remark about the Pledge of Allegiance....

3/2/2011 2:47:38 PM:218Infection cleaned
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\JLEFOHIT\Fw_ THE
MARINES WANT THIS TO ROLL ALL OVER THE U.S.

3/2/2011 2:47:38 PM:218Infection cleaned
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\HDAJ3X7U\Fw_
Gynecologist and a Mechanic....

3/2/2011 2:47:38 PM:218Infection cleaned
Threat Name - Hidden Files
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Roger White\Local
Settings\Temporary Internet Files\Content.IE5\FJOJQTYE\Re_ [GSR]
Some fun in the GS on Friday.

3/2/2011 2:47:38 PM:281Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/2/2011 2:47:38 PM:296Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/2/2011 2:47:38 PM:312Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/2/2011 2:47:38 PM:312Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - m.webtrends.com/ m.webtrends.com

3/2/2011 2:47:40 PM:359Infections Quarantined/Removed Summary
Quarantined - 5
Quarantine Failed - 0
Removed - 9
Remove Failed - 0

3/2/2011 2:52:08 PM:390Service Stopped
Spyware Doctor Service Application Stopped
3/2/2011 2:54:23 PM:578Service Started
Spyware Doctor Service Application started
3/2/2011 2:54:23 PM:578Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/2/2011 2:54:24 PM:421IntelliGuards status
All IntelliGuards were Enabled
3/2/2011 2:54:34 PM:968Immunizer Results
ActiveX section has been immunized, Processed 2 items.
3/2/2011 2:55:25 PM:78Behavior Guard
Successfully initialized the ThreatFire engine.
3/2/2011 3:07:36 PM:937Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/2/2011 3:26:52 PM:453Scan Started
Scan Type - Custom Scan

3/2/2011 6:00:04 PM:468Scheduled Scan Skipped
Scheduled task Full scan of this computer skipped - another scan is
already running.
3/2/2011 6:00:04 PM:468Scheduled Scan Skipped
Scheduled task Intelli-Scan of this computer skipped - another scan
is already running.
3/2/2011 6:00:51 PM:500Scan Finished
Scan Type - Custom Scan
Items Processed - 455550
Threats Detected - 0
Infections Detected - 0

3/2/2011 6:01:51 PM:796Scan Started
Scan Type - Full Scan

3/2/2011 7:37:23 PM:437Scan Finished
Scan Type - Full Scan
Items Processed - 442948
Threats Detected - 0
Infections Detected - 0

3/2/2011 7:38:20 PM:671Scan Started
Scan Type - Custom Scan

3/2/2011 7:40:04 PM:421Scan Finished
Scan Type - Custom Scan
Items Processed - 370477
Threats Detected - 0
Infections Detected - 0

3/2/2011 7:54:02 PM:750Scan Started
Scan Type - Custom Scan

3/2/2011 9:10:13 PM:812Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/2/2011 9:16:09 PM:843Scan Finished
Scan Type - Custom Scan
Items Processed - 460735
Threats Detected - 0
Infections Detected - 0

3/2/2011 9:24:04 PM:171Site Guard: Blocked Site
Threat Name - Spyware.Known_Bad_Sites
Details - Site Guard has blocked access to a bad website
Risk Level - High
Infection - link.p0.com (206.165.245.102)

3/2/2011 9:25:24 PM:453Scan Started
Scan Type - Custom Scan

3/2/2011 9:25:41 PM:937Scan Finished
Scan Type - Custom Scan
Items Processed - 460735
Threats Detected - 0
Infections Detected - 0

3/2/2011 9:28:36 PM:140IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/2/2011 9:28:36 PM:140IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/2/2011 9:29:11 PM:218IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/2/2011 9:29:11 PM:328IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - content.yieldmanager.com/ content.yieldmanager.com

3/2/2011 9:29:30 PM:968IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - adserver.adtechus.com/ adserver.adtechus.com

3/2/2011 9:29:30 PM:984IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/2/2011 9:29:51 PM:15IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - adserver.adtechus.com/ adserver.adtechus.com

3/2/2011 9:29:51 PM:15IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/2/2011 9:29:51 PM:62IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/2/2011 9:30:11 PM:62IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/2/2011 9:30:36 PM:31IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com

3/2/2011 9:30:36 PM:31IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/2/2011 9:30:36 PM:156IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/2/2011 9:30:54 PM:546IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/2/2011 9:30:54 PM:625IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/2/2011 9:31:18 PM:15IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/2/2011 9:31:18 PM:62IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/2/2011 9:35:17 PM:234IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com

3/2/2011 9:40:33 PM:15IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/2/2011 9:53:02 PM:328IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - intellitxt.com/ intellitxt.com

3/3/2011 1:46:35 AM:703Service Stopped
Spyware Doctor Service Application Stopped
3/3/2011 10:48:22 AM:875Service Started
Spyware Doctor Service Application started
3/3/2011 10:48:22 AM:875Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/3/2011 10:48:23 AM:796IntelliGuards status
All IntelliGuards were Enabled
3/3/2011 10:48:32 AM:546Immunizer Results
ActiveX section has been immunized. No items were processed.
3/3/2011 10:49:31 AM:500Behavior Guard
Successfully initialized the ThreatFire engine.
3/3/2011 11:05:52 AM:796Smart Update
Smart Update has found updates available for download
3/3/2011 11:05:56 AM:765Immunizer Results
ActiveX section has been immunized. No items were processed.
3/3/2011 11:06:29 AM:218Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/3/2011 12:02:25 PM:765Scan Started
Scan Type - Idle Scan

3/3/2011 12:13:01 PM:109Scan Finished
Scan Type - Idle Scan
Items Processed - 6847
Threats Detected - 0
Infections Detected - 0

3/3/2011 4:30:50 PM:15IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/3/2011 4:31:26 PM:859IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:31:26 PM:859IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:31:26 PM:859IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/3/2011 4:31:49 PM:0IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:31:49 PM:15IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:31:49 PM:15IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/3/2011 4:32:11 PM:390IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/3/2011 4:32:11 PM:390IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:32:11 PM:390IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:32:11 PM:390IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/3/2011 4:32:36 PM:531IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/3/2011 4:32:36 PM:546IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:32:36 PM:546IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:32:36 PM:546IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/3/2011 4:32:57 PM:296IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/3/2011 4:32:57 PM:296IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:32:57 PM:296IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:32:57 PM:296IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/3/2011 4:33:25 PM:109IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:33:25 PM:109IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:33:25 PM:109IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/3/2011 4:33:52 PM:828IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/3/2011 4:33:52 PM:828IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:33:52 PM:828IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/3/2011 4:33:52 PM:843IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/3/2011 5:08:52 PM:78Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/3/2011 6:00:04 PM:703Scheduled task started
Initializing Scheduled task: Intelli-Scan of this computer
3/3/2011 6:00:20 PM:93Scan Started
Scan Type - Intelli-Scan

3/3/2011 6:07:59 PM:906Scan Finished
Scan Type - Intelli-Scan
Items Processed - 378676
Threats Detected - 0
Infections Detected - 0

3/3/2011 9:32:36 PM:46Scan Started
Scan Type - Idle Scan

3/3/2011 9:48:58 PM:421Scan Finished
Scan Type - Idle Scan
Items Processed - 5324
Threats Detected - 0
Infections Detected - 0

3/3/2011 9:50:15 PM:156IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/3/2011 9:50:40 PM:718IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/3/2011 9:51:04 PM:781IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/3/2011 9:51:36 PM:750IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/3/2011 9:52:13 PM:187IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/3/2011 9:52:55 PM:656IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/3/2011 9:53:34 PM:187IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/3/2011 9:54:01 PM:984IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/3/2011 9:54:32 PM:703IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/3/2011 9:55:39 PM:156IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/3/2011 9:56:36 PM:515IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/3/2011 9:57:11 PM:78IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/3/2011 9:58:19 PM:734IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/3/2011 11:11:04 PM:890Smart Update
Smart Update has found updates available for download
3/4/2011 12:01:07 AM:281Smart Update
Smart Update was not launched by the user
3/4/2011 12:27:06 AM:296IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/4/2011 12:27:36 AM:109IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/4/2011 12:36:04 AM:859IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/4/2011 11:51:40 AM:609Service Started
Spyware Doctor Service Application started
3/4/2011 11:51:40 AM:609Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/4/2011 11:51:41 AM:328IntelliGuards status
All IntelliGuards were Enabled
3/4/2011 11:51:56 AM:140Immunizer Results
ActiveX section has been immunized, Processed 2 items.
3/4/2011 11:52:40 AM:171Behavior Guard
Successfully initialized the ThreatFire engine.
3/4/2011 12:02:22 PM:46IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ru4.com/ ru4.com

3/4/2011 12:02:22 PM:468IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - ad.yieldmanager.com/ ad.yieldmanager.com

3/4/2011 12:02:33 PM:250IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:02:33 PM:265IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:02:33 PM:281IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 12:02:55 PM:328IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:03:29 PM:687IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:04:05 PM:203IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:04:05 PM:203IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:04:05 PM:203IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 12:04:38 PM:359IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:04:38 PM:359IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:04:38 PM:359IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 12:04:58 PM:921IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:05:32 PM:531IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:06:11 PM:281IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:06:11 PM:281IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:06:11 PM:281IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 12:06:45 PM:218IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:06:52 PM:140Smart Update
Smart Update has found updates available for download
3/4/2011 12:06:55 PM:468Immunizer Results
ActiveX section has been immunized. No items were processed.
3/4/2011 12:14:37 PM:937Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/4/2011 12:15:09 PM:921IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:15:09 PM:921IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:15:09 PM:937IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 12:15:33 PM:421IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ru4.com/ ru4.com

3/4/2011 12:15:33 PM:453IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - ad.yieldmanager.com/ ad.yieldmanager.com

3/4/2011 12:16:30 PM:921IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:16:30 PM:921IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:16:30 PM:921IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 12:16:59 PM:31IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:16:59 PM:31IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ru4.com/ ru4.com

3/4/2011 12:16:59 PM:62IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - ad.yieldmanager.com/ ad.yieldmanager.com

3/4/2011 12:21:16 PM:187IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:21:16 PM:187IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 12:21:16 PM:187IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ru4.com/ ru4.com

3/4/2011 12:21:16 PM:187IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 12:21:16 PM:218IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - ad.yieldmanager.com/ ad.yieldmanager.com

3/4/2011 12:21:35 PM:625IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:28:03 PM:859IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:28:03 PM:859IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:28:35 PM:890IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/4/2011 1:28:35 PM:890IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:28:35 PM:890IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:28:35 PM:937IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - 2o7.net/ 2o7.net

3/4/2011 1:28:56 PM:0IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/4/2011 1:28:56 PM:0IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:28:56 PM:0IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:28:56 PM:0IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:28:56 PM:78IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - 2o7.net/ 2o7.net

3/4/2011 1:29:17 PM:734IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/4/2011 1:29:17 PM:734IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:29:17 PM:734IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:29:17 PM:734IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:29:17 PM:781IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - 2o7.net/ 2o7.net

3/4/2011 1:30:09 PM:15IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:30:29 PM:625IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/4/2011 1:30:29 PM:625IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:30:29 PM:625IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:30:29 PM:656IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - 2o7.net/ 2o7.net

3/4/2011 1:30:58 PM:500IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:32:12 PM:140IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/4/2011 1:32:12 PM:140IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:32:12 PM:140IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:32:12 PM:171IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - 2o7.net/ 2o7.net

3/4/2011 1:32:32 PM:140IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:33:02 PM:375IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/4/2011 1:33:02 PM:390IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:33:02 PM:390IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:33:02 PM:390IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:33:02 PM:468IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - 2o7.net/ 2o7.net

3/4/2011 1:33:29 PM:0IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/4/2011 1:33:29 PM:0IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:33:29 PM:0IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:33:29 PM:0IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:33:29 PM:31IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - 2o7.net/ 2o7.net

3/4/2011 1:34:18 PM:578IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/4/2011 1:34:18 PM:578IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:34:18 PM:578IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:34:18 PM:578IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:35:01 PM:890IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/4/2011 1:35:01 PM:890IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:35:01 PM:921IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:35:01 PM:921IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:35:02 PM:0IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - 2o7.net/ 2o7.net

3/4/2011 1:35:22 PM:968IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/4/2011 1:35:22 PM:968IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:35:22 PM:968IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:35:22 PM:968IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:35:23 PM:15IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - 2o7.net/ 2o7.net

3/4/2011 1:35:51 PM:734IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/4/2011 1:35:51 PM:734IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:35:51 PM:734IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:35:51 PM:734IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:35:51 PM:781IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - 2o7.net/ 2o7.net

3/4/2011 1:36:35 PM:671IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:37:11 PM:515IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/4/2011 1:37:11 PM:515IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:37:11 PM:515IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:37:11 PM:515IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:37:11 PM:546IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - 2o7.net/ 2o7.net

3/4/2011 1:37:57 PM:765IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:46:41 PM:421IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com

3/4/2011 1:46:41 PM:421IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:46:41 PM:421IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 1:46:41 PM:421IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net

3/4/2011 1:46:41 PM:453IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - 2o7.net/ 2o7.net

3/4/2011 1:47:18 PM:343IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - liveperson.net/ liveperson.net

3/4/2011 2:22:29 PM:921IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - 2o7.net/ 2o7.net

3/4/2011 3:05:35 PM:890IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - ad.yieldmanager.com/ ad.yieldmanager.com

3/4/2011 3:05:35 PM:890IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - intellitxt.com/ intellitxt.com

3/4/2011 3:05:35 PM:890IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/4/2011 3:07:33 PM:484IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - intellitxt.com/ intellitxt.com

3/4/2011 3:07:33 PM:500IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/4/2011 3:21:45 PM:218Service Stopped
Spyware Doctor Service Application Stopped
3/4/2011 3:28:59 PM:984Service Started
Spyware Doctor Service Application started
3/4/2011 3:28:59 PM:984Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/4/2011 3:29:00 PM:765IntelliGuards status
All IntelliGuards were Enabled
3/4/2011 3:29:14 PM:984Immunizer Results
ActiveX section has been immunized. No items were processed.
3/4/2011 3:30:02 PM:328Behavior Guard
Successfully initialized the ThreatFire engine.
3/4/2011 3:33:03 PM:781IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/4/2011 3:52:31 PM:406Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/4/2011 5:50:16 PM:156IntelliGuard Detection Cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - mediaplex.com/ mediaplex.com

3/4/2011 5:50:16 PM:281IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com

3/4/2011 6:00:00 PM:906Scheduled task started
Initializing Scheduled task: Full scan of this computer
3/4/2011 6:00:00 PM:906Scheduled Scan Skipped
Scheduled task Intelli-Scan of this computer skipped - another scan
is already running.
3/4/2011 6:00:04 PM:109Scan Started
Scan Type - Full Scan

3/4/2011 9:55:15 PM:531Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/5/2011 1:22:52 AM:875Scan Finished
Scan Type - Full Scan
Items Processed - 480710
Threats Detected - 0
Infections Detected - 0

3/5/2011 1:23:21 AM:359Service Stopped
Spyware Doctor Service Application Stopped
3/5/2011 1:28:12 PM:609Service Started
Spyware Doctor Service Application started
3/5/2011 1:28:12 PM:609Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/5/2011 1:28:13 PM:703IntelliGuards status
All IntelliGuards were Enabled
3/5/2011 1:28:25 PM:453Immunizer Results
ActiveX section has been immunized. No items were processed.
3/5/2011 1:29:14 PM:656Behavior Guard
Successfully initialized the ThreatFire engine.
3/5/2011 1:39:36 PM:390Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/5/2011 1:39:38 PM:890Immunizer Results
ActiveX section has been immunized. No items were processed.
3/5/2011 1:40:00 PM:78IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/5/2011 1:40:00 PM:93IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com

3/5/2011 1:40:00 PM:156IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/5/2011 1:53:34 PM:203IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - clickbank.net/ clickbank.net

3/5/2011 2:07:20 PM:187Service Stopped
Spyware Doctor Service Application Stopped
3/5/2011 2:09:23 PM:781Service Started
Spyware Doctor Service Application started
3/5/2011 2:09:23 PM:781Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/5/2011 2:09:24 PM:171IntelliGuards status
All IntelliGuards were Enabled
3/5/2011 2:09:28 PM:171Immunizer Results
ActiveX section has been immunized. No items were processed.
3/5/2011 2:10:26 PM:578Behavior Guard
Successfully initialized the ThreatFire engine.
3/5/2011 2:32:52 PM:812Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/5/2011 6:00:04 PM:187Scheduled task started
Initializing Scheduled task: Intelli-Scan of this computer
3/5/2011 6:00:07 PM:62Scan Started
Scan Type - Intelli-Scan

3/5/2011 6:04:34 PM:109Scan Finished
Scan Type - Intelli-Scan
Items Processed - 378487
Threats Detected - 0
Infections Detected - 0

3/5/2011 8:35:02 PM:546Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/5/2011 9:22:32 PM:625Service Stopped
Spyware Doctor Service Application Stopped
3/7/2011 1:59:58 PM:312Service Started
Spyware Doctor Service Application started
3/7/2011 1:59:58 PM:312Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/7/2011 1:59:58 PM:671IntelliGuards status
All IntelliGuards were Enabled
3/7/2011 2:00:09 PM:828Immunizer Results
ActiveX section has been immunized. No items were processed.
3/7/2011 2:00:59 PM:828Behavior Guard
Successfully initialized the ThreatFire engine.
3/7/2011 2:10:36 PM:406IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/7/2011 2:10:36 PM:406IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com

3/7/2011 2:10:36 PM:406IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/7/2011 2:10:36 PM:437IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - content.yieldmanager.com/ content.yieldmanager.com

3/7/2011 2:10:36 PM:453IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - content.yieldmanager.com/ content.yieldmanager.com

3/7/2011 2:28:20 PM:187Smart Update
Smart Update has found updates available for download
3/7/2011 2:28:22 PM:843Immunizer Results
ActiveX section has been immunized. No items were processed.
3/7/2011 2:41:53 PM:156Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/7/2011 3:27:54 PM:890IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/7/2011 3:27:54 PM:890IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/7/2011 3:28:15 PM:109IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/7/2011 3:28:42 PM:500IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

3/7/2011 3:39:01 PM:734Scan Started
Scan Type - Idle Scan

3/7/2011 3:45:07 PM:562Scan Finished
Scan Type - Idle Scan
Items Processed - 5118
Threats Detected - 0
Infections Detected - 0

3/7/2011 3:46:05 PM:796Service Stopped
Spyware Doctor Service Application Stopped
3/8/2011 9:00:04 AM:562Service Started
Spyware Doctor Service Application started
3/8/2011 9:00:04 AM:562Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/8/2011 9:00:05 AM:125IntelliGuards status
All IntelliGuards were Enabled
3/8/2011 9:00:22 AM:953Immunizer Results
ActiveX section has been immunized. No items were processed.
3/8/2011 9:01:01 AM:859Behavior Guard
Successfully initialized the ThreatFire engine.
3/8/2011 9:22:50 AM:93Smart Update
Smart Update has found updates available for download
3/8/2011 9:22:54 AM:640Immunizer Results
ActiveX section has been immunized. No items were processed.
3/8/2011 9:24:25 AM:718Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/8/2011 12:59:06 PM:15IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/8/2011 2:45:10 PM:171IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com

3/8/2011 3:25:39 PM:921Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/8/2011 4:38:14 PM:390Service Stopped
Spyware Doctor Service Application Stopped
3/9/2011 9:49:13 AM:890Service Started
Spyware Doctor Service Application started
3/9/2011 9:49:13 AM:890Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/9/2011 9:49:14 AM:640IntelliGuards status
All IntelliGuards were Enabled
3/9/2011 9:49:21 AM:609Immunizer Results
ActiveX section has been immunized. No items were processed.
3/9/2011 9:50:15 AM:718Behavior Guard
Successfully initialized the ThreatFire engine.
3/9/2011 10:06:17 AM:953Smart Update
Smart Update has found updates available for download
3/9/2011 10:06:27 AM:203Immunizer Results
ActiveX section has been immunized. No items were processed.
3/9/2011 10:18:47 AM:953Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/9/2011 10:26:46 AM:375IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/9/2011 10:26:46 AM:453IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - revsci.net/ revsci.net

3/9/2011 10:26:46 AM:609IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/9/2011 10:27:06 AM:984IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - content.yieldmanager.com/ content.yieldmanager.com

3/9/2011 10:30:27 AM:531IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - content.yieldmanager.com/ content.yieldmanager.com

3/9/2011 10:33:45 AM:921IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/9/2011 10:33:45 AM:968IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - intellitxt.com/ intellitxt.com

3/9/2011 10:33:45 AM:968IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/9/2011 10:46:37 AM:781IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - revsci.net/ revsci.net

3/9/2011 10:46:37 AM:828IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - intellitxt.com/ intellitxt.com

3/9/2011 10:49:13 AM:78IntelliGuards status
All IntelliGuards were Deactivated (permanently)
3/9/2011 10:49:13 AM:78Immunizer Guard status changed
IntelliGuard Protection: Immunizer Guard had been turned off
3/9/2011 10:49:15 AM:390Immunizer Results
The ActiveX section has been Unimmunized, Processed 2552 items.
3/9/2011 4:01:43 PM:906Service Started
Spyware Doctor Service Application started
3/9/2011 4:01:43 PM:906Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/9/2011 4:02:47 PM:828Behavior Guard
Successfully initialized the ThreatFire engine.
3/9/2011 4:18:08 PM:796Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/9/2011 6:00:00 PM:109Scheduled task started
Initializing Scheduled task: Intelli-Scan of this computer
3/9/2011 6:00:04 PM:125Scan Started
Scan Type - Intelli-Scan

3/9/2011 6:00:13 PM:15Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - ad.yieldmanager.com/ ad.yieldmanager.com

3/9/2011 6:00:13 PM:906Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/9/2011 6:00:17 PM:562Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - domdex.com/ domdex.com

3/9/2011 6:00:19 PM:562Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - intellitxt.com/ intellitxt.com

3/9/2011 6:00:22 PM:656Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/9/2011 6:00:24 PM:171Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - serving-sys.com/ serving-sys.com

3/9/2011 6:00:24 PM:500Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - specificclick.net/ specificclick.net

3/9/2011 6:05:51 PM:953Scan Finished
Scan Type - Intelli-Scan
Items Processed - 378824
Threats Detected - 2
Infections Detected - 7

3/9/2011 6:06:05 PM:328Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - serving-sys.com/ serving-sys.com

3/9/2011 6:06:05 PM:343Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/9/2011 6:06:05 PM:343Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - intellitxt.com/ intellitxt.com

3/9/2011 6:06:05 PM:343Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - ad.yieldmanager.com/ ad.yieldmanager.com

3/9/2011 6:06:05 PM:453Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - specificclick.net/ specificclick.net

3/9/2011 6:06:05 PM:453Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - domdex.com/ domdex.com

3/9/2011 6:06:05 PM:453Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/9/2011 6:06:07 PM:609Infections Quarantined/Removed Summary
Quarantined - 0
Quarantine Failed - 0
Removed - 7
Remove Failed - 0

3/9/2011 7:25:25 PM:0Immunizer Results
The ActiveX section has been Unimmunized. No items were processed.
3/9/2011 7:25:30 PM:375IntelliGuards status
All IntelliGuards were Enabled
3/9/2011 7:25:30 PM:468Immunizer Guard status changed
IntelliGuard Protection: Immunizer Guard has been turned on
3/9/2011 7:25:40 PM:187Immunizer Results
ActiveX section has been immunized, Processed 2542 items.
3/9/2011 10:22:45 PM:31Smart Update
Smart Update has found updates available for download
3/9/2011 11:12:46 PM:31Smart Update
Smart Update was not launched by the user
3/10/2011 12:38:52 AM:750Service Stopped
Spyware Doctor Service Application Stopped
3/11/2011 8:53:59 AM:687Service Started
Spyware Doctor Service Application started
3/11/2011 8:53:59 AM:687Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/11/2011 8:54:00 AM:750IntelliGuards status
All IntelliGuards were Enabled
3/11/2011 8:54:06 AM:828Immunizer Results
ActiveX section has been immunized, Processed 2 items.
3/11/2011 8:55:09 AM:625Behavior Guard
Successfully initialized the ThreatFire engine.
3/11/2011 9:07:55 AM:312IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/11/2011 9:16:21 AM:406Smart Update
Smart Update has found updates available for download
3/11/2011 9:16:23 AM:906Immunizer Results
ActiveX section has been immunized. No items were processed.
3/11/2011 9:34:41 AM:234Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/11/2011 9:35:55 AM:31Service Stopped
Spyware Doctor Service Application Stopped
3/11/2011 9:38:12 AM:578Service Started
Spyware Doctor Service Application started
3/11/2011 9:38:12 AM:578Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/11/2011 9:38:13 AM:328IntelliGuards status
All IntelliGuards were Enabled
3/11/2011 9:38:18 AM:828Immunizer Results
ActiveX section has been immunized, Processed 2 items.
3/11/2011 9:39:15 AM:187Behavior Guard
Successfully initialized the ThreatFire engine.
3/11/2011 9:59:41 AM:109Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/12/2011 8:56:23 AM:812Service Started
Spyware Doctor Service Application started
3/12/2011 8:56:23 AM:812Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/12/2011 8:56:25 AM:15IntelliGuards status
All IntelliGuards were Enabled
3/12/2011 8:56:42 AM:968Immunizer Results
ActiveX section has been immunized. No items were processed.
3/12/2011 8:57:29 AM:281Behavior Guard
Successfully initialized the ThreatFire engine.
3/12/2011 9:19:12 AM:109IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com

3/12/2011 9:24:34 AM:640Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/12/2011 9:24:37 AM:968Immunizer Results
ActiveX section has been immunized. No items were processed.
3/12/2011 2:27:10 PM:218IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - advertising.com/ advertising.com

3/12/2011 2:27:10 PM:218IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ru4.com/ ru4.com

3/12/2011 2:30:28 PM:546IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - revsci.net/ revsci.net

3/12/2011 2:30:58 PM:296IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com

3/12/2011 3:26:27 PM:484Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/12/2011 6:00:06 PM:421Scheduled task started
Initializing Scheduled task: Intelli-Scan of this computer
3/12/2011 6:00:07 PM:609Scan Started
Scan Type - Intelli-Scan

3/12/2011 6:01:01 PM:62Infection was detected on this computer
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress,
(Default)

3/12/2011 6:01:01 PM:62Infection was detected on this computer
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress\CLSID,
(Default)

3/12/2011 6:01:01 PM:62Infection was detected on this computer
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress\CLSID

3/12/2011 6:01:01 PM:78Infection was detected on this computer
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress\CurVer,
(Default)

3/12/2011 6:01:01 PM:78Infection was detected on this computer
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress\CurVer

3/12/2011 6:01:01 PM:78Infection was detected on this computer
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress

3/12/2011 6:01:01 PM:78Infection was detected on this computer
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress.1, (Default)

3/12/2011 6:01:01 PM:78Infection was detected on this computer
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress.1\CLSID,
(Default)

3/12/2011 6:01:01 PM:78Infection was detected on this computer
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress.1\CLSID

3/12/2011 6:01:01 PM:78Infection was detected on this computer
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress.1

3/12/2011 6:04:11 PM:921Infection was detected on this computer
Threat Name - Rootkit.Agent
Type - Modified Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters,
ServiceDll

3/12/2011 6:04:12 PM:62Scan Finished
Scan Type - Intelli-Scan
Items Processed - 356731
Threats Detected - 1
Infections Detected - 11

3/12/2011 6:04:15 PM:875Infection quarantined
Threat Name - Rootkit.Agent
Type - Modified Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters,
ServiceDll

3/12/2011 6:04:15 PM:890Infection quarantined
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress.1

3/12/2011 6:04:15 PM:890Infection quarantined
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress.1\CLSID

3/12/2011 6:04:15 PM:890Infection quarantined
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress.1\CLSID,
(Default)

3/12/2011 6:04:15 PM:906Infection quarantined
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress.1, (Default)

3/12/2011 6:04:15 PM:906Infection quarantined
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress

3/12/2011 6:04:15 PM:921Infection quarantined
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress\CurVer

3/12/2011 6:04:15 PM:921Infection quarantined
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress\CurVer,
(Default)

3/12/2011 6:04:15 PM:921Infection quarantined
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress\CLSID

3/12/2011 6:04:15 PM:953Infection quarantined
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress\CLSID,
(Default)

3/12/2011 6:04:15 PM:968Infection quarantined
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress,
(Default)

3/12/2011 6:04:16 PM:31Infection cleaned
Threat Name - Rootkit.Agent
Type - Modified Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters,
ServiceDll

3/12/2011 6:04:16 PM:31Infection cleaned
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress.1

3/12/2011 6:04:16 PM:31Infection cleaned
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress.1\CLSID

3/12/2011 6:04:16 PM:31Infection cleaned
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress.1\CLSID,
(Default)

3/12/2011 6:04:16 PM:31Infection cleaned
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress.1, (Default)

3/12/2011 6:04:16 PM:31Infection cleaned
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress

3/12/2011 6:04:16 PM:31Infection cleaned
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress\CurVer

3/12/2011 6:04:16 PM:31Infection cleaned
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress\CurVer,
(Default)

3/12/2011 6:04:16 PM:46Infection cleaned
Threat Name - Rootkit.Agent
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress\CLSID

3/12/2011 6:04:16 PM:46Infection cleaned
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress\CLSID,
(Default)

3/12/2011 6:04:16 PM:46Infection cleaned
Threat Name - Rootkit.Agent
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RstrCC.RstrProgress,
(Default)

3/12/2011 6:04:18 PM:140Infections Quarantined/Removed Summary
Quarantined - 11
Quarantine Failed - 0
Removed - 11
Remove Failed - 0

3/12/2011 9:28:35 PM:328Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/13/2011 11:29:48 AM:953Service Started
Spyware Doctor Service Application started
3/13/2011 11:29:48 AM:953Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/13/2011 11:29:49 AM:843IntelliGuards status
All IntelliGuards were Enabled
3/13/2011 11:30:06 AM:937Immunizer Results
ActiveX section has been immunized. No items were processed.
3/13/2011 11:30:42 AM:93Behavior Guard
Successfully initialized the ThreatFire engine.
3/13/2011 11:40:08 AM:312Service Stopped
Spyware Doctor Service Application Stopped
3/13/2011 12:19:28 PM:0Service Started
Spyware Doctor Service Application started
3/13/2011 12:19:28 PM:0Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/13/2011 12:19:28 PM:921IntelliGuards status
All IntelliGuards were Enabled
3/13/2011 12:19:46 PM:234Immunizer Results
ActiveX section has been immunized. No items were processed.
3/13/2011 12:20:24 PM:734Behavior Guard
Successfully initialized the ThreatFire engine.
3/13/2011 12:22:29 PM:437Immunizer Results
ActiveX section has been immunized. No items were processed.
3/13/2011 12:22:38 PM:484Scan Started
Scan Type - Intelli-Scan

3/13/2011 12:27:39 PM:921Scan Finished
Scan Type - Intelli-Scan
Items Processed - 356579
Threats Detected - 0
Infections Detected - 0

3/13/2011 12:44:20 PM:562Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/14/2011 9:58:09 AM:796Service Started
Spyware Doctor Service Application started
3/14/2011 9:58:09 AM:796Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/14/2011 9:58:11 AM:437IntelliGuards status
All IntelliGuards were Enabled
3/14/2011 9:58:27 AM:250Immunizer Results
ActiveX section has been immunized. No items were processed.
3/14/2011 9:59:04 AM:375Behavior Guard
Successfully initialized the ThreatFire engine.
3/14/2011 10:26:41 AM:0Smart Update
Smart Update has found updates available for download
3/14/2011 10:26:44 AM:859Immunizer Results
ActiveX section has been immunized. No items were processed.
3/14/2011 11:16:42 AM:171Smart Update
Smart Update was not launched by the user
3/14/2011 4:48:52 PM:265Behavior Guard
Action: Allowed by user
Details: This program is attempting to activate or install a driver
Risk: HIGH
Process: [wrap]C:\DOCUMENTS AND SETTINGS\ROGER WHITE\LOCAL
SETTINGS\TEMP\DA.TMP\MBR.DAT[/wrap]
3/14/2011 4:49:46 PM:234IntelliGuards status
All IntelliGuards were Deactivated for 15min
3/14/2011 4:49:46 PM:250Immunizer Guard status changed
IntelliGuard Protection: Immunizer Guard had been turned off
3/14/2011 4:49:48 PM:531Immunizer Results
The ActiveX section has been Unimmunized, Processed 2546 items.
3/14/2011 5:04:47 PM:62Immunizer Results
The ActiveX section has been Unimmunized. No items were processed.
3/14/2011 5:04:47 PM:484IntelliGuards status
All IntelliGuards were Enabled
3/14/2011 5:04:47 PM:484Immunizer Guard status changed
IntelliGuard Protection: Immunizer Guard has been turned on
3/14/2011 5:04:57 PM:687Immunizer Results
ActiveX section has been immunized, Processed 2539 items.
3/14/2011 5:05:17 PM:218Scan Started
Scan Type - Intelli-Scan

3/14/2011 5:05:56 PM:453Scan Finished
Scan Type - Intelli-Scan
Items Processed - 423
Threats Detected - 0
Infections Detected - 0

3/14/2011 5:06:11 PM:578IntelliGuards status
All IntelliGuards were Deactivated for 30min
3/14/2011 5:06:11 PM:578Immunizer Guard status changed
IntelliGuard Protection: Immunizer Guard had been turned off
3/14/2011 5:06:13 PM:625Immunizer Results
The ActiveX section has been Unimmunized, Processed 2539 items.
3/14/2011 5:19:03 PM:187Smart Update
Smart Update has found updates available for download
3/14/2011 5:20:10 PM:828Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/14/2011 5:36:11 PM:781IntelliGuards status
All IntelliGuards were Enabled
3/14/2011 5:36:11 PM:875Immunizer Results
Unimmunize operation stopped
3/14/2011 5:36:11 PM:875Immunizer Guard status changed
IntelliGuard Protection: Immunizer Guard has been turned on
3/14/2011 5:36:21 PM:687Immunizer Results
ActiveX section has been immunized, Processed 2539 items.
3/14/2011 5:36:44 PM:203Scan Started
Scan Type - Intelli-Scan

3/14/2011 5:36:48 PM:750Infection was detected on this computer
Threat Name - Spyware.TrustyHound!rem
Type - Cookie
Risk Level - Medium
Infection - adbrite.com/ adbrite.com

3/14/2011 5:36:54 PM:875Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - intellitxt.com/ intellitxt.com

3/14/2011 5:36:57 PM:437Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - pixel.rubiconproject.com/ pixel.rubiconproject.com

3/14/2011 5:36:57 PM:859Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/14/2011 5:36:58 PM:375Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - rubiconproject.com/ rubiconproject.com

3/14/2011 5:43:35 PM:234Scan Finished
Scan Type - Intelli-Scan
Items Processed - 377596
Threats Detected - 2
Infections Detected - 5

3/14/2011 5:43:37 PM:578Infection cleaned
Threat Name - Spyware.TrustyHound!rem
Type - Cookie
Risk Level - Medium
Infection - adbrite.com/ adbrite.com

3/14/2011 5:43:37 PM:656Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - rubiconproject.com/ rubiconproject.com

3/14/2011 5:43:37 PM:671Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/14/2011 5:43:37 PM:671Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - pixel.rubiconproject.com/ pixel.rubiconproject.com

3/14/2011 5:43:37 PM:671Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - intellitxt.com/ intellitxt.com

3/14/2011 5:43:39 PM:781Infections Quarantined/Removed Summary
Quarantined - 0
Quarantine Failed - 0
Removed - 5
Remove Failed - 0

3/14/2011 6:00:03 PM:921Scheduled task started
Initializing Scheduled task: Intelli-Scan of this computer
3/14/2011 6:00:05 PM:968Scan Started
Scan Type - Intelli-Scan

3/14/2011 6:02:17 PM:953Scan Finished
Scan Type - Intelli-Scan
Items Processed - 377367
Threats Detected - 0
Infections Detected - 0

3/14/2011 11:21:45 PM:0Smart Update
Smart Update has found updates available for download
3/14/2011 11:31:36 PM:984Smart Update
Smart Update was not launched by the user
3/14/2011 11:47:50 PM:890Service Started
Spyware Doctor Service Application started
3/14/2011 11:47:50 PM:890Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/14/2011 11:48:50 PM:203Behavior Guard
Successfully initialized the ThreatFire engine.
3/15/2011 12:11:29 AM:546Smart Update
Smart Update has found updates available for download
3/15/2011 12:11:34 AM:937Smart Update
Smart Update was not launched by the user
3/15/2011 1:19:31 AM:265Service Stopped
Spyware Doctor Service Application Stopped
3/15/2011 8:45:23 AM:109Service Started
Spyware Doctor Service Application started
3/15/2011 8:45:23 AM:109Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/15/2011 8:46:22 AM:234Behavior Guard
Successfully initialized the ThreatFire engine.
3/15/2011 9:03:48 AM:890Smart Update
Smart Update has found updates available for download
3/15/2011 9:07:20 AM:359Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/15/2011 10:02:43 AM:406Service Started
Spyware Doctor Service Application started
3/15/2011 10:02:43 AM:421Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/15/2011 10:03:55 AM:421Behavior Guard
Successfully initialized the ThreatFire engine.
3/15/2011 10:31:41 AM:406Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/15/2011 2:03:21 PM:859IntelliGuards status
All IntelliGuards were Enabled
3/15/2011 2:03:24 PM:625Immunizer Results
ActiveX section has been immunized, Processed 5 items.
3/15/2011 4:33:55 PM:468Smart Update
Smart Update has determined that Spyware Doctor is up to date
3/15/2011 5:48:16 PM:0IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - adserver.adtechus.com/ adserver.adtechus.com

3/15/2011 5:48:16 PM:46IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com

3/15/2011 5:48:16 PM:46IntelliGuard Detection Cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - www.regnow.com/ www.regnow.com

3/15/2011 6:00:03 PM:859Scheduled task started
Initializing Scheduled task: Intelli-Scan of this computer
3/15/2011 6:00:07 PM:609Scan Started
Scan Type - Intelli-Scan

3/15/2011 6:01:21 PM:859Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME,
NextInstance

3/15/2011 6:01:21 PM:859Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
Service

3/15/2011 6:01:21 PM:859Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
Legacy

3/15/2011 6:01:21 PM:859Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
ConfigFlags

3/15/2011 6:01:21 PM:875Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
Class

3/15/2011 6:01:21 PM:875Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
ClassGUID

3/15/2011 6:01:21 PM:875Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
DeviceDesc

3/15/2011 6:01:21 PM:875Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
Capabilities

3/15/2011 6:01:21 PM:875Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\LogConf

3/15/2011 6:01:21 PM:890Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control

3/15/2011 6:01:21 PM:890Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000

3/15/2011 6:01:21 PM:890Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME

3/15/2011 6:01:21 PM:968Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type

3/15/2011 6:01:21 PM:968Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme,
ErrorControl

3/15/2011 6:01:21 PM:968Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start

3/15/2011 6:01:21 PM:968Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme,
ImagePath

3/15/2011 6:01:21 PM:968Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group

3/15/2011 6:01:21 PM:968Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0

3/15/2011 6:01:21 PM:968Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum,
Count

3/15/2011 6:01:21 PM:968Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum,
NextInstance

3/15/2011 6:01:21 PM:968Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum

3/15/2011 6:01:21 PM:968Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme

3/15/2011 6:01:28 PM:625Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Wget

3/15/2011 6:06:06 PM:15Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
Hidden

3/15/2011 6:06:06 PM:15Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
ShowSuperHidden

3/15/2011 6:06:06 PM:15Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
HideFileExt

3/15/2011 6:06:06 PM:31Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\DOMStorage\Total, (Default)

3/15/2011 6:06:06 PM:46Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\DOMStorage\Total

3/15/2011 6:06:06 PM:46Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\DOMStorage

3/15/2011 6:06:06 PM:46Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping

3/15/2011 6:06:06 PM:46Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions

3/15/2011 6:06:06 PM:62Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry

3/15/2011 6:06:06 PM:62Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping,
{92780B25-18CC-41C8-B9BE-3C9C571A8263}

3/15/2011 6:06:06 PM:62Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping, NextId

3/15/2011 6:06:06 PM:78Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping,
{FB5F1910-F110-11d2-BB9E-00C04F795683}

3/15/2011 6:06:06 PM:78Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping,
{e2e2dd38-d088-4134-82b7-f2ba38496583}

3/15/2011 6:06:06 PM:78Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping

3/15/2011 6:06:06 PM:78Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions

3/15/2011 6:06:06 PM:78Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry

3/15/2011 6:06:06 PM:125Scan Finished
Scan Type - Intelli-Scan
Items Processed - 378460
Threats Detected - 2
Infections Detected - 39

3/15/2011 6:06:07 PM:656Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme

3/15/2011 6:06:07 PM:671Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum

3/15/2011 6:06:07 PM:671Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum,
NextInstance

3/15/2011 6:06:07 PM:687Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum,
Count

3/15/2011 6:06:07 PM:906Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0

3/15/2011 6:06:07 PM:906Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group

3/15/2011 6:06:07 PM:921Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme,
ImagePath

3/15/2011 6:06:07 PM:921Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start

3/15/2011 6:06:07 PM:937Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme,
ErrorControl

3/15/2011 6:06:07 PM:937Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type

3/15/2011 6:06:07 PM:953Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME

3/15/2011 6:06:07 PM:968Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000

3/15/2011 6:06:07 PM:968Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control

3/15/2011 6:06:07 PM:984Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\LogConf

3/15/2011 6:06:07 PM:984Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
Capabilities

3/15/2011 6:06:08 PM:0Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
DeviceDesc

3/15/2011 6:06:08 PM:31Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
ClassGUID

3/15/2011 6:06:08 PM:31Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
Class

3/15/2011 6:06:08 PM:46Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
ConfigFlags

3/15/2011 6:06:08 PM:46Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
Legacy

3/15/2011 6:06:08 PM:62Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
Service

3/15/2011 6:06:08 PM:78Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME,
NextInstance

3/15/2011 6:06:08 PM:187Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme

3/15/2011 6:06:08 PM:187Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum

3/15/2011 6:06:08 PM:187Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum,
NextInstance

3/15/2011 6:06:08 PM:187Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum,
Count

3/15/2011 6:06:08 PM:187Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0

3/15/2011 6:06:08 PM:187Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group

3/15/2011 6:06:08 PM:187Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme,
ImagePath

3/15/2011 6:06:08 PM:187Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start

3/15/2011 6:06:08 PM:187Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme,
ErrorControl

3/15/2011 6:06:08 PM:187Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type

3/15/2011 6:06:08 PM:203Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME

3/15/2011 6:06:08 PM:203Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000

3/15/2011 6:06:08 PM:203Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control

3/15/2011 6:06:08 PM:203Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\LogConf

3/15/2011 6:06:08 PM:203Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
Capabilities

3/15/2011 6:06:08 PM:203Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
DeviceDesc

3/15/2011 6:06:08 PM:203Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
ClassGUID

3/15/2011 6:06:08 PM:203Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
Class

3/15/2011 6:06:08 PM:203Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
ConfigFlags

3/15/2011 6:06:08 PM:203Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
Legacy

3/15/2011 6:06:08 PM:203Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000,
Service

3/15/2011 6:06:08 PM:203Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME,
NextInstance

3/15/2011 6:06:08 PM:265Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry

3/15/2011 6:06:08 PM:265Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions

3/15/2011 6:06:08 PM:281Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping

3/15/2011 6:06:08 PM:281Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping,
{e2e2dd38-d088-4134-82b7-f2ba38496583}

3/15/2011 6:06:08 PM:296Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping,
{FB5F1910-F110-11d2-BB9E-00C04F795683}

3/15/2011 6:06:08 PM:296Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping, NextId

3/15/2011 6:06:08 PM:312Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping,
{92780B25-18CC-41C8-B9BE-3C9C571A8263}

3/15/2011 6:06:08 PM:328Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry

3/15/2011 6:06:08 PM:343Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions

3/15/2011 6:06:08 PM:343Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping

3/15/2011 6:06:08 PM:390Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\DOMStorage

3/15/2011 6:06:08 PM:406Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\DOMStorage\Total

3/15/2011 6:06:08 PM:406Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\DOMStorage\Total, (Default)

3/15/2011 6:06:08 PM:406Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
HideFileExt

3/15/2011 6:06:08 PM:421Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
ShowSuperHidden

3/15/2011 6:06:08 PM:421Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
Hidden

3/15/2011 6:06:08 PM:421Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Wget

3/15/2011 6:06:08 PM:484Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry

3/15/2011 6:06:08 PM:484Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions

3/15/2011 6:06:08 PM:484Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping

3/15/2011 6:06:08 PM:484Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping,
{e2e2dd38-d088-4134-82b7-f2ba38496583}

3/15/2011 6:06:08 PM:562Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping,
{FB5F1910-F110-11d2-BB9E-00C04F795683}

3/15/2011 6:06:08 PM:562Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping, NextId

3/15/2011 6:06:08 PM:562Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping,
{92780B25-18CC-41C8-B9BE-3C9C571A8263}

3/15/2011 6:06:08 PM:578Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry

3/15/2011 6:06:08 PM:578Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions

3/15/2011 6:06:08 PM:578Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\Extensions\CmdMapping

3/15/2011 6:06:08 PM:578Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\DOMStorage

3/15/2011 6:06:08 PM:578Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\DOMStorage\Total

3/15/2011 6:06:08 PM:578Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Internet
Explorer\LowRegistry\DOMStorage\Total, (Default)

3/15/2011 6:06:08 PM:578Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
HideFileExt

3/15/2011 6:06:08 PM:578Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
ShowSuperHidden

3/15/2011 6:06:08 PM:578Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
Hidden

3/15/2011 6:06:08 PM:578Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection -
HKEY_USERS\S-1-5-21-776561741-1275210071-725345543-1003\Software\Wget

3/15/2011 6:06:08 PM:609Infections Quarantined/Removed Summary
Quarantined - 39
Quarantine Failed - 0
Removed - 39
Remove Failed - 0

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:23 PM

Posted 16 March 2011 - 11:15 AM

Hello

everything I see is either cookies or Registry entries and no files so I want you to run another scan with it and let me know what it finds


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users