Author Topic: Terrible virus (Read 27683 times)

matter92 · « **on:** May 11, 2008, 01:46:56 PM »

I recently downloaded what i thought was to be a youtube video downloader.... Unknowlingly, I allowed access to my internet to some user and I got a virus. My computer was running slow shortly after so I restarted my computer. When I did this, I had nothing. The only thing I could do was use task manager. I immediately googled for help and found your site. How can I fix this?

quaxo · « **Reply #1 on:** May 11, 2008, 01:50:05 PM »

I'll let one of the malware guys help you out with this. However, when you get it all sorted, install Free Download Manager. It's a clean, reliable program that can manage downloads and also download videos from YouTube and other video website.

http://www.freedownloadmanager.org/

matter92 · « **Reply #2 on:** May 11, 2008, 01:54:12 PM »

okay, I'll check that out. Thanks.

SuperDave · « **Reply #3 on:** May 11, 2008, 01:54:36 PM »

You should go to the virus portion of these forums and read their instructions. They will want you to download some programs and post the logs here. Your thread will probably be moved to that forum. Good Luck

Broni · « **Reply #4 on:** May 11, 2008, 02:10:12 PM »

Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

matter92 · « **Reply #5 on:** May 11, 2008, 02:20:49 PM »

wow, thanks a ton

Broni · « **Reply #6 on:** May 11, 2008, 02:29:09 PM »

Go to work. You'll thank later...LOL

matter92 · « **Reply #7 on:** May 12, 2008, 07:40:36 PM »

I deleted all of the viruses when I ran superantispyware, but when I ran malwarebytes, it found another 230 infected files. What should I do then?

Broni · « **Reply #8 on:** May 12, 2008, 07:46:03 PM »

I need all THREE logs.

matter92 · « **Reply #9 on:** May 12, 2008, 07:52:00 PM »

darn, I closed them

matter92 · « **Reply #10 on:** May 12, 2008, 07:57:52 PM »

First Time:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/12/2008 at 06:39 PM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 00:42:51

Memory items scanned : 184
Memory threats detected : 1
Registry items scanned : 5046
Registry threats detected : 0
File items scanned : 72466
File threats detected : 3

Adware.Vundo Variant/Resident
   C:\WINDOWS\SYSTEM32\MLJBCBCU.DLL
   C:\WINDOWS\SYSTEM32\MLJBCBCU.DLL

Adware.MyWebSearch
   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE
   C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSOEMON.EXE

Second One:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/11/2008 at 10:55 PM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 01:02:15

Memory items scanned : 209
Memory threats detected : 1
Registry items scanned : 5044
Registry threats detected : 1
File items scanned : 72549
File threats detected : 92

Adware.Vundo Variant/Resident
   C:\WINDOWS\SYSTEM32\IIFEDEFV.DLL
   C:\WINDOWS\SYSTEM32\IIFEDEFV.DLL

Adware.Tracking Cookie
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt

Browser Hijacker.Internet Explorer Settings Hijack
   HKU\S-1-5-21-790525478-746137067-839522115-1004\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 ]

Adware.MyWay
   C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE
   C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS
   C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL
   C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT
   C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT
   C:\Program Files\MyWay\myBar\1.bin
   C:\Program Files\MyWay\myBar\Cache\0025ECDC
   C:\Program Files\MyWay\myBar\Cache\0264A392.bin
   C:\Program Files\MyWay\myBar\Cache\0264AF98.bin
   C:\Program Files\MyWay\myBar\Cache\0264B005.bin
   C:\Program Files\MyWay\myBar\Cache\files.ini
   C:\Program Files\MyWay\myBar\Cache
   C:\Program Files\MyWay\myBar\History\search
   C:\Program Files\MyWay\myBar\History
   C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
   C:\Program Files\MyWay\myBar\Settings
   C:\Program Files\MyWay\myBar
   C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
   C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT
   C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER2.DAT
   C:\Program Files\MyWay\SrchAstt\1.bin
   C:\Program Files\MyWay\SrchAstt\Cache\0517D83D
   C:\Program Files\MyWay\SrchAstt\Cache\files.ini
   C:\Program Files\MyWay\SrchAstt\Cache
   C:\Program Files\MyWay\SrchAstt
   C:\Program Files\MyWay

Trojan.Unclassified-Packed/Suspicious
   C:\DOCUMENTS AND SETTINGS\MATT.MATTSCOMPUTER\LOCAL SETTINGS\TEMP\TEMP.DLL

Adware.MyWebSearch
   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE
   C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSOEMON.EXE

Trojan.Unclassified/Dropper
   C:\WINDOWS\OADKXRTS.EXE

Trace.Known Threat Sources
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\destrub[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\hd_bg[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\item4[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\1[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\Install_526_1_[1].exe
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\li[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\warning_label_1[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\item2_1[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\alert[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\alert2[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\glb[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\pr_item[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\index[2].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\2[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\img1[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\left_bttm[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\scns[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\right_up_lnk[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\crypt[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\4[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\point[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\scns[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\head[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\box[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\folder[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\item5[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\favicon[2].ico
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\2[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\left_top[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\data[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\right_top[1].jpg
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\spacer[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\img2[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\bg[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\bg[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\style[1].css
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\item2[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\lupa[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\6[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\common[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\img2[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\script[1].js
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\botton_03[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\5[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\shld[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\bttn[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\setup[1].exe
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\ajax[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\shield[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\right_bttm[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\a[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\warning_label_2[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\but_remove_all[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\3[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\managers[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\progressbar[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\shkaladelenie[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\logo[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\CAWT23SP.htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\stats[2].jpg

matter92 · « **Reply #11 on:** May 12, 2008, 07:58:25 PM »

Third Time:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/11/2008 at 09:14 PM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 01:04:01

Memory items scanned : 433
Memory threats detected : 5
Registry items scanned : 5099
Registry threats detected : 40
File items scanned : 36205
File threats detected : 289

Adware.Vundo Variant/Resident
   C:\WINDOWS\SYSTEM32\WVUNOGXU.DLL
   C:\WINDOWS\SYSTEM32\WVUNOGXU.DLL

Adware.Vundo-Variant/J
   C:\WINDOWS\MPFANVQG.DLL
   C:\WINDOWS\MPFANVQG.DLL
   C:\WINDOWS\VBKSROFA.DLL
   C:\WINDOWS\VBKSROFA.DLL

Trojan.Service
   C:\WINDOWS\SYSTEM32\SERVICE.EXE
   C:\WINDOWS\SYSTEM32\SERVICE.EXE
   [Windows Update] C:\WINDOWS\SYSTEM32\SERVICE.EXE
   [Windows Update] C:\WINDOWS\SYSTEM32\SERVICE.EXE
   [Windows Update] C:\WINDOWS\SYSTEM32\SERVICE.EXE

Rogue.MalWarrior-Installer
   C:\DOCUME~1\MATT~1.MAT\LOCALS~1\TEMP\SETUP_526_1_.EXE
   C:\DOCUME~1\MATT~1.MAT\LOCALS~1\TEMP\SETUP_526_1_.EXE

Adware.SXGAdvisor-A
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}\InprocServer32
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}\InprocServer32#ThreadingModel
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}\ProgID
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}\Programmable
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}\TypeLib
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}\VersionIndependentProgID
   C:\WINDOWS\FVOWKETQSOQ.DLL

Trojan.Unclassified/GTS
   HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}\InprocServer32
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}\InprocServer32#ThreadingModel
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}\ProgID
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}\Programmable
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}\TypeLib
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}\VersionIndependentProgID
   HKCR\pvnsmfor.1
   HKCR\pvnsmfor
   HKCR\TypeLib\{85116C11-B265-4635-8FD8-A500007A6915}
   HKCR\TypeLib\{85116C11-B265-4635-8FD8-A500007A6915}\1.0
   HKCR\TypeLib\{85116C11-B265-4635-8FD8-A500007A6915}\1.0\0
   HKCR\TypeLib\{85116C11-B265-4635-8FD8-A500007A6915}\1.0\0\win32
   HKCR\TypeLib\{85116C11-B265-4635-8FD8-A500007A6915}\1.0\FLAGS
   HKCR\TypeLib\{85116C11-B265-4635-8FD8-A500007A6915}\1.0\HELPDIR
   C:\WINDOWS\PVNSMFOR.DLL

Adware.Tracking Cookie
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@adlegend[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@bluestreak[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@atdmt[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@adnetserver[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@clicksor[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@questionmarket[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@tradedoubler[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@adrevolver[3].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@doubleclick[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@statcounter[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@serving-sys[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@cgi-bin[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@html[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@apmebf[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@realmedia[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@revsci[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@burstnet[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@adserver[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@antivirus-scanner[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@2o7[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@advertising[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@zedo[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@casalemedia[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@tacoda[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@tribalfusion[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@insightexpressai[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@OS[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@fastclick[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@winantivirus[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@trafficmp[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@gomyhit[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@partner2profit[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@specificclick[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@atwola[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@247realmedia[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@media6degrees[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@antispywaremaster[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@interclick[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@adbrite[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@mediaplex[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@drivecleaner[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@windowsmedia[1].txt
   C:\Documents and

matter92 · « **Reply #12 on:** May 12, 2008, 07:58:44 PM »

Settings\Matt.MATTSCOMPUTER\cookies\matt@adrevolver[2].txt
   C:\Documents and Settings\Kathy\Cookies\[email protected][1].txt
   C:\Documents and Settings\Kathy\Cookies\[email protected][2].txt
   C:\Documents and Settings\Kathy\Cookies\kathy@insightexpressai[1].txt
   C:\Documents and Settings\Kathy\Cookies\kathy@mywebsearch[2].txt
   C:\Documents and Settings\Kathy\Cookies\kathy@partner2profit[1].txt
   C:\Documents and Settings\Kathy\Cookies\kathy@precisionclick[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@247realmedia[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@2o7[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@adbrite[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@adbrite[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@adbrite[3].txt
   C:\Documents and Settings\Matt\Cookies\matt@adbrite[4].txt
   C:\Documents and Settings\Matt\Cookies\matt@adecn[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@adinterax[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@adlegend[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@adnetserver[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@adrevolver[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@adultfriendfinder[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@advertising[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@adviva[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@apmebf[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@atdmt[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@avsmedia[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@azjmp[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@bluestreak[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@burstnet[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@casalemedia[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@casalemedia[3].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@clickbank[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@clickshift[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@coolsavings[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@dealtime[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@dynamicsitestats[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@ehg-*censored*.hitbox[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@enhance[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@entrepreneur[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@ez-tracks[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@fastclick[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@findology[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@findwhat[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@fonefinder[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@hitbox[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@hornymatches[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@imrworldwide[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@indexstats[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@insightexpressai[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@interclick[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@kontera[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@maxserving[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][3].txt
   C:\Documents and Settings\Matt\Cookies\matt@mediaplex[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@mywebsearch[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@overture[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@partner2profit[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@precisionclick[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@pro-market[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@qksrv[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@questionmarket[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@realmedia[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@redorbit[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@revsci[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@roiservice[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@serial[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][3].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][4].txt
   C:\Documents and Settings\Matt\Cookies\matt@serving-sys[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@sexprofiler[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@specificclick[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@statcounter[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@superstats[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@tacoda[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@toseeka[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@tradedoubler[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@trafficmp[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@tribalfusion[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@tvshowfind[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@valueclick[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][3].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@zedo[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Cookies\matt@banner[1].txt

Adware.UCMore/The Search Accelerator
   C:\Program Files\TheSearchAccelerator\INSTALL.LOG
   C:\Program Files\TheSearchAccelerator

Browser Hijacker.Internet Explorer Settings Hijack
   HKU\S-1-5-21-790525478-746137067-839522115-1004\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 ]

Adware.MyWay
   C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE
   C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS
   C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL
   C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT
   C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT
   C:\Program Files\MyWay\myBar\1.bin
   C:\Program Files\MyWay\myBar\Cache\0025ECDC
   C:\Program Files\MyWay\myBar\Cache\0264A392.bin
   C:\Program Files\MyWay\myBar\Cache\0264AF98.bin
   C:\Program Files\MyWay\myBar\Cache\0264B005.bin
   C:\Program Files\MyWay\myBar\Cache\files.ini
   C:\Program Files\MyWay\myBar\Cache
   C:\Program Files\MyWay\myBar\History\search
   C:\Program Files\MyWay\myBar\History
   C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
   C:\Program Files\MyWay\myBar\Settings
   C:\Program Files\MyWay\myBar
   C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
   C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT
   C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER2.DAT
   C:\Program Files\MyWay\SrchAstt\1.bin
   C:\Program Files\MyWay\SrchAstt\Cache\0517D83D
   C:\Program Files\MyWay\SrchAstt\Cache\files.ini
   C:\Program Files\MyWay\SrchAstt\Cache
   C:\Program Files\MyWay\SrchAstt
   C:\Program Files\MyWay

Trojan.Net-MSV/VPS
   HKCR\MSVPS.MSVPSApp
   HKCR\MSVPS.MSVPSApp\CLSID
   HKCR\MSVPS.MSVPSApp\CurVer

Desktop Hijacker.AboutYourPrivacy
   C:\WINDOWS\privacy_danger\images\capt.gif
   C:\WINDOWS\privacy_danger\images\danger.jpg
   C:\WINDOWS\privacy_danger\images\down.gif
   C:\WINDOWS\privacy_danger\images\spacer.gif
   C:\WINDOWS\privacy_danger\images
   C:\WINDOWS\privacy_danger\index.htm
   C:\WINDOWS\privacy_danger
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Desktop\Error Cleaner.url
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Desktop\Privacy Protector.url
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Desktop\Spyware&Malware Protection.url
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Favorites\Error Cleaner.url
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Favorites\Privacy Protector.url
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Favorites\Spyware&Malware Protection.url

Trojan.Net-MU/Gen
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

Malware.LocusSoftware Inc/ConfidentSurf
   HKLM\Software\Microsoft\Windows\CurrentVersion\Run#Salestart [ "C:\Program Files\Common Files\System Doctor\dcmon.exe" ]

Rogue.MalWarrior
   HKU\S-1-5-21-790525478-746137067-839522115-1004\Software\Adsl Software Limited

Trojan.Media-Codec/V5
   C:\Program Files\Helper\1202352666.dll
   C:\Program Files\Helper\1202352667.dll
   C:\Program Files\Helper\1202352756.dll
   C:\Program Files\Helper

Rogue.AntiSpywareMaster
   C:\Program Files\AntiSpywareMaster\asm.exe
   C:\Program Files\AntiSpywareMaster
   C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AntiSpywareMaster\AntiSpywareMaster.lnk
   C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk
   C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AntiSpywareMaster
   HKU\S-1-5-21-790525478-746137067-839522115-1004\Software\AntiSpywareMaster
   HKLM\Software\Microsoft\Windows\CurrentVersion\Run#AntiSpywareMaster [ C:\Program Files\AntiSpywareMaster\asm.exe ]
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk

Trojan.Unclassified/Out-Variant
   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BMPWTGLI.DLL

Trojan.Downloader-Gen/MobRules
   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\IRUDSHGZ.DLL

Trojan.Net-Explore/DND
   C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\INFO.EXE
   C:\DOCUMENTS AND SETTINGS\KATHY\START MENU\PROGRAMS\STARTUP\INFO.EXE
   C:\DOCUMENTS AND SETTINGS\MATT\START MENU\PROGRAMS\STARTUP\INFO.EXE

Adware.E404 Helper/Variant-A
   C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\AIFMM0J1\QWERTY1[1].HTM
   C:\DOCUMENTS AND SETTINGS\MATT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0YKI4HWX\LMMQRV[1].HTM

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
   C:\DOCUMENTS AND SETTINGS\MATT\LOCAL SETTINGS\TEMP\NI.UWA7P_0001_N91M0809\SETUP.EXE

Rogue.LocusSoftware-Installer
   C:\DOCUMENTS AND SETTINGS\MATT\LOCAL SETTINGS\TEMP\QRJATYDI.EXE

Trojan.Unknown Origin
   C:\DOCUMENTS AND SETTINGS\MATT\LOCAL SETTINGS\TEMP\~DFB4A9.TMP

Rogue.SystemDefender-Installer
   C:\DOCUMENTS AND SETTINGS\MATT.MATTSCOMPUTER\DESKTOP\SYSTEMDEFENDER_INSTALLER.EXE

Rogue.Antivirus 2008/Installer
   C:\DOCUMENTS AND SETTINGS\MATT.MATTSCOMPUTER\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XDOFCY0D.DEFAULT\CACHE\B207EDF5D01

Trojan.Smitfraud Variant
   C:\DOCUMENTS AND SETTINGS\MATT.MATTSCOMPUTER\LOCAL SETTINGS\TEMP\SYSTEMDOCTOR2006FREEINSTALL.EXE
   C:\DOCUMENTS AND SETTINGS\MATT.MATTSCOMPUTER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2P2ZQ5OL\SYSTEMDOCTOR2006FREEINSTALL[1].EXE

Trojan.Unclassified-Packed/Suspicious
   C:\DOCUMENTS AND SETTINGS\MATT.MATTSCOMPUTER\LOCAL SETTINGS\TEMP\TEMP.DLL

Broni · « **Reply #13 on:** May 12, 2008, 08:02:08 PM »

I still need Malwarebytes log, and HijackThis log.

matter92 · « **Reply #14 on:** May 12, 2008, 08:04:05 PM »

hmm... know how to reformat a dell dimension 4700? Cus this is really annoying, unless.... would you do logmein.com for me?

Broni · « **Reply #15 on:** May 12, 2008, 08:06:07 PM »

matter92 · « **Reply #16 on:** May 12, 2008, 08:10:44 PM »

nevermind... I give up

Broni · « **Reply #17 on:** May 12, 2008, 08:13:27 PM »

Why would you give up. You're doing fine.
Just follow my instructions, and post two other logs.

matter92 · « **Reply #18 on:** May 12, 2008, 08:14:06 PM »

How do I get the logs from the otehr two programs?

matter92 · « **Reply #19 on:** May 12, 2008, 08:20:15 PM »

ok, I'm gonna start over again, maybe that'll do it.

Broni · « **Reply #20 on:** May 12, 2008, 08:24:07 PM »

Re-read my instructions. You don't have to run Superantispyware, because I saw the log.
If you DID run Malwarebytes:

Quote

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post it.

Then, run HijackThis, and post its log.

matter92 · « **Reply #21 on:** May 12, 2008, 08:25:25 PM »

when I go to username, there is no antimalwarebytes folder.

Broni · « **Reply #22 on:** May 12, 2008, 08:27:18 PM »

Username is some your name.
For instance, on my computer, it says C:\Documents and Settings\Broni....

matter92 · « **Reply #23 on:** May 12, 2008, 08:32:32 PM »

yeah, I know, but the malware folder isn't there, it's alright, I'm gonna go through it all over again tonight.

Broni · « **Reply #24 on:** May 12, 2008, 08:33:36 PM »

Did you try C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt?

matter92 · « **Reply #25 on:** May 12, 2008, 08:36:24 PM »

No, but it's O.K., I'm patient enough to go through it all again. Thanks though.

Broni · « **Reply #26 on:** May 12, 2008, 08:39:25 PM »

No problem

matter92 · « **Reply #27 on:** May 13, 2008, 01:00:15 PM »

Heres SUPERAntiSpyware Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/13/2008 at 00:35 AM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 01:59:53

Memory items scanned : 229
Memory threats detected : 1
Registry items scanned : 5046
Registry threats detected : 0
File items scanned : 72447
File threats detected : 1

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\MLJBCBCU.DLL
C:\WINDOWS\SYSTEM32\MLJBCBCU.DLL

matter92 · « **Reply #28 on:** May 13, 2008, 01:01:28 PM »

Heres Malwarebytes Log:
Malwarebytes' Anti-Malware 1.12
Database version: 740

Scan type: Full Scan (C:\|)
Objects scanned: 152739
Time elapsed: 34 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 27
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 26
Files Infected: 173

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\mlJbcbCU.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byXNDVNf.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e22bb27-fbf6-4153-bf34-0d2281db2ad5} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9e22bb27-fbf6-4153-bf34-0d2281db2ad5} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\Software\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.AntiMalwareGuard) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxndvnf (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{95e554e1-04f3-4d9b-a4e9-881dc420882b} (Trojan.Fakealert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5269d0c0-572b-445a-88ac-8c8843b6d42b} (Trojan.Fakealert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{69c1ef64-a396-4490-8849-52af7f7ec6e5} (Trojan.Fakealert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f5f40e25-cf4d-434e-a6ae-ed625ae87cab} (Trojan.Fakealert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xp codec pack (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\pvnsmfor.btqr (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f43e57be (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\ (Rogue.RegistrySmart) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\Source (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mpfanvqg (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vbksrofa (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljbcbcu -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljbcbcu -> No action taken.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\p2pnetworks (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\acespy (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\PerfInfo (Rogue.WinPerformance) -> No action taken.
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMonitor (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMonitor\Data (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008 (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008\LOG (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> No action taken.

Files Infected:
C:\WINDOWS\system32\mlJbcbCU.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\UCbcbJlm.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\UCbcbJlm.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ygefentc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ctnefegy.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\WINDOWS\system32\byXNDVNf.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\CADGYL13 (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\CAF6GVVD (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\CA3I2D3J (Trojan.Vundo) -> No action taken.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\XP Codec Pack\Uninstall.exe (Trojan.Vundo) -> No action taken.

matter92 · « **Reply #29 on:** May 13, 2008, 01:01:41 PM »

C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040197.scr (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040198.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040199.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040206.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040207.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040208.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040209.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040210.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040211.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040212.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040213.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040214.SCR (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040215.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040216.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040217.EXE (Adware.MyWeb.FunWeb) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040218.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040219.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040220.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040222.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040223.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040224.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040225.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040227.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040228.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040229.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040230.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040231.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040232.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040233.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040234.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040235.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040236.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP344\A0040348.exe (Adware.MyWeb.FunWeb) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP351\A0043238.dll (Rogue.Multiple) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP351\A0043239.dll (Rogue.Multiple) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP351\A0043240.dll (Rogue.Multiple) -> No action taken.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP351\A0043241.exe (Rogue.MalwareAlarm) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP101\A0014055.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP103\A0016145.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP103\A0016148.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP105\A0016251.rbf (Rogue.RegistrySmart) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP105\A0016252.rbf (Rogue.RegistrySmart) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP105\A0016285.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP106\A0016337.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP106\A0017337.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP106\A0017351.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP106\A0017362.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP106\A0017363.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP62\A0007848.exe (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP62\A0007849.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP62\A0007851.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP97\A0013850.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP97\A0013856.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP99\A0013931.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP99\A0013971.rbf (Rogue.RegistrySmart) -> No action taken.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP99\A0013972.rbf (Rogue.RegistrySmart) -> No action taken.
C:\WINDOWS\system32\yaywtQHb.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00024C8F (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\000814C9 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\6B94A5D2.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\6B94B265.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\6B94B340.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\6B94C689.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\6B94CE78 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\7A980A16.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\7A981DDC.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\7A982ACD.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\7A982D3E.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\p2pnetworks\amp2pl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\RegistrySmart\Setup(2).exe (Rogue.RegistrySmart) -> No action taken.
C:\Program Files\RegistrySmart\Setup.exe (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080511162648859.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 02_04_48 PM_609.log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 04_31_27 PM_078.log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 06_17_20 PM_921.log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 06_23_49 PM_375.log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 06_31_41 PM_234.log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 08_03_56 PM_015.log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 09_20_07 PM_562.log (Rogue.RegistrySmart) -> No action taken.
C:\WINDOWS\rs.txt (Malware.Trace) -> No action taken.
C:\Documents and Settings\Kathy\Desktop\Help and Support Center.lnk (Rogue.Link) -> No action taken.

matter92 · « **Reply #30 on:** May 13, 2008, 01:03:32 PM »

HiJack This Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:04 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemDoctor Free] C:\Program Files\System Doctor Free\systemdoc.exe /min
O4 - HKLM\..\Run: [f43e57be] rundll32.exe "C:\WINDOWS\system32\ygefentc.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [InstallProgram] C:\DOCUME~1\MATT~1.MAT\LOCALS~1\Temp\setup_526_1_.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210445566982
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O21 - SSODL: mpfanvqg - {EB94B033-9EA8-4D22-8D43-3BA3FD1B40D7} - C:\WINDOWS\mpfanvqg.dll (file missing)
O21 - SSODL: vbksrofa - {7CAEEE5B-6E92-4BBA-B1B5-93BDEB8672E4} - C:\WINDOWS\vbksrofa.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 5164 bytes

Broni · « **Reply #31 on:** May 13, 2008, 06:01:20 PM »

In Mylwarebytes log, after each line, it says:

Quote

No action taken.

That means, you didn't follow instructions, which say:

Quote

* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.

You have to re-run Malwarebytes, post a new log.
Then re-run HJT, and post its fresh log.

matter92 · « **Reply #32 on:** May 13, 2008, 07:33:30 PM »

ok $:-\$

matter92 · « **Reply #33 on:** May 13, 2008, 08:27:46 PM »

Here's Malwarebytes Log:
Malwarebytes' Anti-Malware 1.12
Database version: 740

Scan type: Full Scan (C:\|)
Objects scanned: 153266
Time elapsed: 39 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 27
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 26
Files Infected: 175

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\mlJbcbCU.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\rqgptfms.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\byXNDVNf.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e22bb27-fbf6-4153-bf34-0d2281db2ad5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9e22bb27-fbf6-4153-bf34-0d2281db2ad5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxndvnf (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{95e554e1-04f3-4d9b-a4e9-881dc420882b} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5269d0c0-572b-445a-88ac-8c8843b6d42b} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{69c1ef64-a396-4490-8849-52af7f7ec6e5} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f5f40e25-cf4d-434e-a6ae-ed625ae87cab} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xp codec pack (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.btqr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f43e57be (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\Source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mpfanvqg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vbksrofa (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljbcbcu -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljbcbcu -> Delete on reboot.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\p2pnetworks (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\acespy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\PerfInfo (Rogue.WinPerformance) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\mlJbcbCU.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\UCbcbJlm.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\UCbcbJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqgptfms.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\smftpgqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ygefentc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctnefegy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXNDVNf.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\CADGYL13 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\CAF6GVVD (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\CA3I2D3J (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\XP Codec Pack\Uninstall.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume

matter92 · « **Reply #34 on:** May 13, 2008, 08:27:56 PM »

Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040197.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040198.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040199.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040206.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040207.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040208.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040209.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040210.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040211.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040212.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040213.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040214.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040215.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040216.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040217.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040218.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040219.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040220.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040222.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040223.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040224.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040225.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040227.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040228.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040229.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040230.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040231.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040232.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040233.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040234.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040235.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP333\A0040236.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP344\A0040348.exe (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP351\A0043238.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP351\A0043239.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP351\A0043240.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5813C16A-554F-41EE-A295-A15F7F92ECC5}\RP351\A0043241.exe (Rogue.MalwareAlarm) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP101\A0014055.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP103\A0016145.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP103\A0016148.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP105\A0016251.rbf (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP105\A0016252.rbf (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP105\A0016285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP106\A0016337.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP106\A0017337.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP106\A0017351.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP106\A0017362.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP106\A0017363.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP62\A0007848.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP62\A0007849.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP62\A0007851.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP97\A0013850.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP97\A0013856.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP99\A0013931.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP99\A0013971.rbf (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CDDEF72-D42F-4EC1-BD63-649AE3E24395}\RP99\A0013972.rbf (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaywtQHb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00024C8F (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000814C9 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\6B94A5D2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\6B94B265.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\6B94B340.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\6B94C689.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\6B94CE78 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\7A980A16.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\7A981DDC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\7A982ACD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\7A982D3E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\p2pnetworks\amp2pl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Setup(2).exe (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Setup.exe (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080511162648859.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 02_04_48 PM_609.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 04_31_27 PM_078.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 06_17_20 PM_921.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 06_23_49 PM_375.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 06_31_41 PM_234.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 08_03_56 PM_015.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\RegistrySmart\Log\2008 May 11 - 09_20_07 PM_562.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kathy\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.

matter92 · « **Reply #35 on:** May 13, 2008, 08:29:16 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:28 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemDoctor Free] C:\Program Files\System Doctor Free\systemdoc.exe /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [InstallProgram] C:\DOCUME~1\MATT~1.MAT\LOCALS~1\Temp\setup_526_1_.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210445566982
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 4785 bytes

Broni · « **Reply #36 on:** May 13, 2008, 08:31:46 PM »

You've been doing fine

One more thing, HijackThis has to be run in Normal Mode, not in Safe Mode.
Re-run, please.

matter92 · « **Reply #37 on:** May 13, 2008, 08:41:37 PM »

oh, ok

matter92 · « **Reply #38 on:** May 13, 2008, 08:44:50 PM »

oh, ok here:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:24 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {00B54EEB-98B9-4CCE-A26A-96004D7091AD} - C:\WINDOWS\system32\iifedeFv.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C7CAD0B-1357-49BA-A0AA-B738A6C95005} - C:\WINDOWS\system32\wvUnOGxu.dll (file missing)
O2 - BHO: (no name) - {88EBBE0B-5FF8-4B84-B043-71A216374A5B} - C:\WINDOWS\system32\byXNDVNf.dll
O2 - BHO: (no name) - {967813A1-C7DB-4F71-8C5C-C082933C5091} - C:\WINDOWS\system32\mlJbcbCU.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemDoctor Free] C:\Program Files\System Doctor Free\systemdoc.exe /min
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [InstallProgram] C:\DOCUME~1\MATT~1.MAT\LOCALS~1\Temp\setup_526_1_.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210445566982
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byXNDVNf - C:\WINDOWS\SYSTEM32\byXNDVNf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 6618 bytes

Broni · « **Reply #39 on:** May 13, 2008, 08:51:28 PM »

Let's see what you got there...

Broni · « **Reply #40 on:** May 13, 2008, 09:08:49 PM »

Make sure, you read all instructions carefully.

*** Go Start>Control Panel>Add\Remove, and...
- Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
- uninstall System Doctor Free

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):

- O2 - BHO: (no name) - {00B54EEB-98B9-4CCE-A26A-96004D7091AD} - C:\WINDOWS\system32\iifedeFv.dll (file missing)
- O2 - BHO: (no name) - {7C7CAD0B-1357-49BA-A0AA-B738A6C95005} - C:\WINDOWS\system32\wvUnOGxu.dll (file missing)
- O2 - BHO: (no name) - {88EBBE0B-5FF8-4B84-B043-71A216374A5B} - C:\WINDOWS\system32\byXNDVNf.dll
- O2 - BHO: (no name) - {967813A1-C7DB-4F71-8C5C-C082933C5091} - C:\WINDOWS\system32\mlJbcbCU.dll (file missing)
- *O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
- *O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
- *O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
- *O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
- O4 - HKLM\..\Run: [SystemDoctor Free] C:\Program Files\System Doctor Free\systemdoc.exe /min
- *O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
- O4 - HKCU\..\Run: [InstallProgram] C:\DOCUME~1\MATT~1.MAT\LOCALS~1\Temp\setup_526_1_.exe
- *O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
- *O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
- *O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
- O20 - Winlogon Notify: byXNDVNf - C:\WINDOWS\SYSTEM32\byXNDVNf.dll
- O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
- O24 - Desktop Component 0: Privacy Protection - (no file)

4. Click on Fix checked button.

5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears)

6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

7. Delete following files/folders (if present):

- iifedeFv.dll, byXNDVNf.dll files from C:\WINDOWS\system32
- System Doctor Free, Viewpoint folders from C:\Program Files

8. Restart in Normal Mode.

9. Post new HijackThis log.

matter92 · « **Reply #41 on:** May 13, 2008, 09:21:59 PM »

Some of the files I am supposed to put a check next to didn't show up...

Broni · « **Reply #42 on:** May 13, 2008, 09:32:33 PM »

That's fine.
Restart computer in normal mode (if you didn't), and give me new HJT log.

matter92 · « **Reply #43 on:** May 13, 2008, 09:42:09 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:43 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [f43e57be] rundll32.exe "C:\WINDOWS\system32\ynjxavgs.dll",b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210445566982
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 4813 bytes

Broni · « **Reply #44 on:** May 13, 2008, 09:50:43 PM »

Open HJT one more time, and checkmark:
- O4 - HKLM\..\Run: [f43e57be] rundll32.exe "C:\WINDOWS\system32\ynjxavgs.dll",b
- O24 - Desktop Component 0: Privacy Protection - (no file)
Click Fix checked button.

Restart in Safe Mode, and delete ynjxavgs.dll file from C:\WINDOWS\system32

Restart in Normal Mode, and post new HJT log.

matter92 · « **Reply #45 on:** May 13, 2008, 09:57:24 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:53 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210445566982
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 4699 bytes

Broni · « **Reply #46 on:** May 13, 2008, 10:07:52 PM »

You did it!!

Your computer is clean is clean

1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html.
Run CCleaner.

2. Turn off System Restore:

- Windows XP:
   1. Click Start.
   2. Right-click the My Computer icon, and then click Properties.
   3. Click the System Restore tab.
   4. Check "Turn off System Restore".
   5. Click Apply.
   6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
   7. Click OK.
- Windows Vista:
   1. Click Start.
   2. Right-click the Computer icon, and then click Properties.
   3. Click on System Protection under the Tasks column on the left side
   4. Click on Continue on the "User Account Control" window that pops up
   5. Under the System Protection tab, find Available Disks
   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
   8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Let me know, how your computer is doing.

matter92 · « **Reply #47 on:** May 13, 2008, 10:13:44 PM »

Thank you soooooo much. I love you (in a non-homosexual way)

matter92 · « **Reply #48 on:** May 13, 2008, 10:14:34 PM »

Why id my background white though?

Broni · « **Reply #49 on:** May 13, 2008, 10:15:23 PM »

Quote

in a non-homosexual way

Hahahahaha....

Good luck! Happy (and safe) surfing!

matter92 · « **Reply #50 on:** May 13, 2008, 10:15:46 PM »

thank you

Broni · « **Reply #51 on:** May 13, 2008, 10:20:20 PM »

Quote

Why id my background white though?

Let me check on this.

matter92 · « **Reply #52 on:** May 13, 2008, 10:25:39 PM »

Thanks again, I'm going to go to bed now, its 12:25 AM atm, so good night and I'll check back tomarrow.

Broni · « **Reply #53 on:** May 13, 2008, 10:26:10 PM »

# Right-click anywhere on the Desktop and click Properties
# In Display Properties change to the Desktop tab, where you will see a monitor image with your wallpaper and the list of images below it
# Choose any other image in the list than the one currently selected and then select the original image used as wallpaper and click Ok

Will it work?

Broni · « **Reply #54 on:** May 13, 2008, 10:27:41 PM »

OK. Check back tomorrow.

Broni · « **Reply #55 on:** May 13, 2008, 10:40:02 PM »

Another option:
Open your Control Panel/Display/Desktop tab/click on the Customize Desktop button.
Now click on the Web tab/uncheck the box next to My Current Home Page and any other listed web items. Make sure the box next to "Lock desktop items" is unchecked.
Apply and OK.

matter92 · « **Reply #56 on:** May 14, 2008, 05:29:48 AM »

nope, that doesn't work

matter92 · « **Reply #57 on:** May 14, 2008, 01:01:11 PM »

Oh, ok, thanks alot it worked this time.

matter92 · « **Reply #58 on:** May 14, 2008, 03:07:41 PM »

one more thing, when I'm browsing the internet I keep getting random Porn pop-ups... it's quite awkward.... What should I do to stop that? LOL

Broni · « **Reply #59 on:** May 14, 2008, 06:30:11 PM »

Quote

it worked this time.

Cool

Post one more HJT log. It shouldn't be happening.
I'd also recommend to upgrade your IE to version 7. It's safer.

matter92 · « **Reply #60 on:** May 14, 2008, 07:40:21 PM »

I use firefox

matter92 · « **Reply #61 on:** May 14, 2008, 07:44:26 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:08 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210445566982
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 5056 bytes

Broni · « **Reply #62 on:** May 14, 2008, 07:53:11 PM »

Nothing there - clean

Install couple of Firefox add-ons:
- Adblock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865
- Adblock Filterset.G Updater: https://addons.mozilla.org/en-US/firefox/addon/1136

matter92 · « **Reply #63 on:** May 14, 2008, 07:55:38 PM »

ok, thanks

Broni · « **Reply #64 on:** May 14, 2008, 07:56:56 PM »

Let me know.
Also, even if you don't use IE (like myself), upgrading to version 7 is recommended for security reasons.

matter92 · « **Reply #65 on:** May 14, 2008, 07:58:56 PM »

ok, I'll do that, thanks again.

matter92 · « **Reply #66 on:** May 18, 2008, 07:38:33 PM »

I'm still getting them pop-ups, I just started getting them again today.

Broni · « **Reply #67 on:** May 18, 2008, 07:44:10 PM »

Run this scan: http://www.pandasecurity.com/homeusers/downloads/docs/product/help/rkc/en/rkc_en.htm?

matter92 · « **Reply #68 on:** May 18, 2008, 08:33:45 PM »

how do I run/download it?

Broni · « **Reply #69 on:** May 19, 2008, 04:42:49 PM »

Click on:
Scan your computer and remove any rootkits in a few simple steps at the above link.

Computer Hope Forum

News:

Author Topic: Terrible virus (Read 27683 times)

matter92

quaxo

matter92

SuperDave

Broni

matter92

Broni

matter92

Broni

matter92

matter92

matter92

matter92

Broni

matter92

Broni

matter92

Broni

matter92

matter92

Broni

matter92

Broni

matter92

Broni

matter92

Broni

matter92

matter92

matter92

matter92

Broni

matter92

matter92

matter92

matter92

Broni

matter92

matter92

Broni

Broni

matter92

Broni

matter92

Broni

matter92

Broni

matter92

matter92

Broni

matter92

Broni

matter92

Broni

Broni

Broni

matter92

matter92

matter92

Broni

matter92

matter92

Broni

matter92

Broni

matter92

matter92

Broni

matter92

Broni