GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


Anti Virus Systems Pro too Infected to Download Removal Tool

3 posters

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyAnti Virus Systems Pro too Infected to Download Removal Tool18th September 2009, 1:38 pm

more_horiz
Hello, everyone. New member here. Geek Police was recomended highly by friends on another forum, so here I am with a basket full of problems. I have two machines networked together to a broadband conection, via wireless router. However, the machine that is infected is running so slow I can not download any of the removal tools. I't's been crunching on the cnet Malwarebytes download page all night, but has yet to even get to the agreement page. It has been crippled with the Anti Virus Systems Pro bug.

I did, however manage to download the Dr. Spyware free scan yesterday before the computer became so slow. The scan showed like 24 Trogans, and all the other related threats that come with the AVSP scam. I have not purchased the full package yet to try the fix, because I'm not sure the cripple machine is capable of all that transaction. It is running like a 386 with 4 megs of ram. Also, I was advised on another forum to try the cnet Malwarebytes free download, however, as was my fear, now the infected machine has become too slow to download it.

The machine I am typing this on is clean, and I have sucessfully downloaded the cnet tool and removed 134 malware bugs. I was thinking that I might be able to use the removal tool on this machine to fix the other one, since they are both hardwired together on the same IP, via router, however, I don't know how to do this.

The two machines are in the same room close together, however, the infected machine is using a different OS. It is Vistas Home, and this machine I'm typing on mow is XP.

I have to go to work now, so I won't be able to get on this project until later this afternoon, but look forward to working through this problem later this afternoon, or even tonight. I will post this now and check back later for any responces.

Thanks in advance for your assistance in this matter.

Hora

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool18th September 2009, 1:49 pm

more_horiz
Hello.
Lets not go with removal tool just yet, see if we can see what's going on before doing anything.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool18th September 2009, 2:15 pm

more_horiz
Belahzur, thanks for quick repley:

I assume you need the DDS from the inficted machine. Not sure if I can do that, or it may take a while. Or did you mean the DDS from this machine, the uninfected one that I'm accessing this forum on. I have the DDS from this machine ready to paste here now. I will close the cnet site on the infected machine and see if I can access this page, but it is doutful.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool18th September 2009, 2:31 pm

more_horiz
Hello.
I need the log from the infected machine.

DDS is just a scanner, but also it doesn't use the normal exe file extension like many things use, so sometimes we can get around restrictions and the malware doesn't notice an scr file.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool18th September 2009, 2:49 pm

more_horiz
Okay. I just tried to access the forum on the sick machine. The problem is, I made the cnet download.com as my homepage, so now when I click on Internet Exployer it goes there and starts loading the page. I hit stop and typed www.geekpolice.net into the location bar, and it is crunching, but will probably take forever to go there if it goes at all.

I realize you guys are probably busy and can only get back to these post sporadically, so I'll list all questions now and check later.

If I do manage to get the GeekPolice forum on the infected machine, should I save this page as Home to save steps in the future? I see it was a mistake with the cnet site, and I have a feeling we are working within a critical window here, because the infected machine seems to be getting slower. Also wanted to ask if it is possible for the virus to infect this machine through the router conection. Probably a stupid question, but I did find a lot of malware on this machine in the scan.

I will go ahead and paste the DDS log from this uninfected machine here, although I'm pretty sure you need it from the infected machine. Please deleat the folling paste if it is redundant.:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Patricia Meeks at 9:05:24.53 on Fri 09/18/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.94 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090917-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBelkinBelkin Wireless Network UtilityWLService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesBelkinBelkin Wireless Network UtilityWLanCfgG.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe
C:Program FilesYahoo!Search ProtectionSearchProtection.exe
C:Program FilesCanonMyPrinterBJMyPrt.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCyberLinkPower2GoPower2GoExpress.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWindows Media PlayerWMPNSCFG.exe
C:QUICKENWQWDLLS.EXE
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesiPodbiniPodService.exe
C:Program FilesYahoo!Messengerymsgr_tray.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Documents and SettingsPatricia MeeksLocal SettingsTemporary Internet FilesContent.IE5G7M7D4I1dds[1].scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.everex.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpn2yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpn2yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:program filesyahoo!commonyiesrvc.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:program filescanoneasy-webprintEWPBrowseLoader.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.2.4204.1700swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:program filesgooglegoogle toolbarcomponentfastsearch_B7C5AC242193BB3E.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpn2YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpn2yt.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:program filescanoneasy-webprintToolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
uRun: [Power2GoExpress] "c:program filescyberlinkpower2goPower2GoExpress.exe" /Startup
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [YSearchProtection] c:program filesyahoo!search protectionSearchProtection.exe
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [MyWebSearch Email Plugin] c:progra~1mywebs~1bar1.binmwsoemon.exe
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
uRun: [Search Protection] c:program filesyahoo!search protectionSearchProtection.exe
uRun: [Messenger (Yahoo!)] "c:program filesyahoo!messengerYahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [RemoteControl] "c:program filescyberlinkpowerdvdPDVDServ.exe"
mRun: [Adobe Photo Downloader] "c:program filesadobephotoshop album starter edition3.0appsapdproxy.exe"
mRun: [YSearchProtection] "c:program filesyahoo!search protectionSearchProtection.exe"
mRun: [CanonMyPrinter] c:program filescanonmyprinterBJMyPrt.exe /logon
mRun: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [avast!] c:progra~1alwils~1avast4ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
StartupFolder: c:docume~1alluse~1startm~1programsstartupbillmi~1.lnk - c:quickenwBILLMIND.EXE
StartupFolder: c:docume~1alluse~1startm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeofficeOSA9.EXE
StartupFolder: c:docume~1alluse~1startm~1programsstartupquicke~1.lnk - c:quickenwQWDLLS.EXE
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:program filesyahoo!commonyiesrvc.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonYinsthelper.dll
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - hxxps://www.peryourhealth.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2009-8-14 114768]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-9-4 74480]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2009-8-14 20560]
R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast4ashServ.exe [2009-8-14 138680]
R2 YahooAUService;Yahoo! Updater;c:program filesyahoo!softwareupdateYahooAUService.exe [2008-11-9 602392]
R3 avast! Mail Scanner;avast! Mail Scanner;c:program filesalwil softwareavast4ashMaiSv.exe [2009-8-14 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:program filesalwil softwareavast4ashWebSv.exe [2009-8-14 352920]
R3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-9-4 7408]

=============== Created Last 30 ================

2009-09-18 01:13 --d----- c:docume~1alluse~1applic~1SUPERAntiSpyware.com
2009-09-18 01:13 --d----- c:program filesSUPERAntiSpyware
2009-09-18 01:13 --d----- c:docume~1patric~1applic~1SUPERAntiSpyware.com
2009-09-18 00:02 --d----- c:docume~1patric~1applic~1Malwarebytes
2009-09-18 00:02 38,224 a------- c:windowssystem32driversmbamswissarmy.sys
2009-09-18 00:02 19,160 a------- c:windowssystem32driversmbam.sys
2009-09-18 00:02 --d----- c:program filesMalwarebytes' Anti-Malware
2009-09-18 00:02 --d----- c:docume~1alluse~1applic~1Malwarebytes
2009-09-09 02:20 153,088 -------- c:windowssystem32dllcachetriedit.dll
2009-08-29 12:45 --d----- c:program filesiPod
2009-08-29 12:45 --d----- c:program filesiTunes

==================== Find3M ====================

2009-08-05 04:01 204,800 a------- c:windowssystem32mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:windowssystem32dllcachemswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:windowssystem32dllcacheieframe.dll
2009-07-19 08:18 5,937,152 -------- c:windowssystem32dllcachemshtml.dll
2009-07-17 14:01 58,880 a------- c:windowssystem32atl.dll
2009-07-17 14:01 58,880 -------- c:windowssystem32dllcacheatl.dll
2009-07-13 23:43 10,841,088 a------- c:windowssystem32dllcachewmp.dll
2009-07-13 23:43 286,208 a------- c:windowssystem32wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:windowssystem32dllcachewmpdxm.dll
2009-07-10 08:27 1,315,328 -------- c:windowssystem32dllcachemsoe.dll
2009-07-03 12:09 915,456 a------- c:windowssystem32wininet.dll
2009-07-03 12:09 915,456 -------- c:windowssystem32dllcachewininet.dll
2009-07-03 12:09 12,800 -------- c:windowssystem32dllcachexpshims.dll
2009-07-03 12:09 1,208,832 -------- c:windowssystem32dllcacheurlmon.dll
2009-07-03 12:09 206,848 -------- c:windowssystem32dllcacheoccache.dll
2009-07-03 12:09 594,432 -------- c:windowssystem32dllcachemsfeeds.dll
2009-07-03 12:09 55,296 -------- c:windowssystem32dllcachemsfeedsbs.dll
2009-07-03 12:09 1,985,536 -------- c:windowssystem32dllcacheiertutil.dll
2009-07-03 12:09 25,600 -------- c:windowssystem32dllcachejsproxy.dll
2009-07-03 12:09 246,272 -------- c:windowssystem32dllcacheieproxy.dll
2009-07-03 12:09 184,320 -------- c:windowssystem32dllcacheiepeers.dll
2009-07-03 12:09 386,048 -------- c:windowssystem32dllcacheiedkcs32.dll
2009-07-03 06:01 173,056 -------- c:windowssystem32dllcacheie4uinit.exe
2009-07-01 02:08 101,376 -------- c:windowssystem32dllcacheiecompat.dll
2009-06-29 11:12 133,120 a------- c:windowssystem32dllcacheextmgr.dll
2009-06-29 06:07 13,824 -------- c:windowssystem32dllcacheieudinit.exe
2009-06-22 01:44 726,528 a------- c:windowssystem32dllcachejscript.dll
2008-08-28 18:48 32,768 a--sh--- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012008082820080829index.dat

============= FINISH: 9:05:56.17 ===============

Ah. I guess we were typing at the same time. Okay, I'm working on getting the infected machine onto GeekPolice. Any suggestions how I can do this? Maybe close IE try to get to Internet Options from the desktop to type in url. Can't seem to do anything from this cnet page.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool18th September 2009, 5:21 pm

more_horiz
Hello.
You can also do it from something like your C:\ drive. When you open the C:\ Drive, it shows the Adress bar, type in our URL in there.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool18th September 2009, 7:47 pm

more_horiz
Bel: Just came in from work and would you believe the thing is still right where I left it, crunching on the cnet page . Before I left for work, I finally got into tools, Internet Options and put in your url and hit Enter, but here 6 hours later it is stuck on that cnet malware page.

Looks like the only way to get back to the desktop would be a hard boot. If I could just get it back to the desktop, I might be able to boot in safemode, then make sure the correct url is in place, hit Apply, OK and reboot in normal mode then try going to IE with the least amout of steps possible. I'll still have to deal with logging on and navigating to the forum page, unless being logged on this computer will apply to the other.

I'm not getting the popup warnings anymore, but probably only because the machine is too slow to popup anything.

Not sure what you mean by C:/ Are you talking about doing something from where I am now, or from My Computer?

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool18th September 2009, 7:51 pm

more_horiz
Oh, I forgot, yesterday when the machine was responding better, I had disabled cookies and inabled popup blokers, because of the constant Nag Box warning made a work around almost impossible. Now I see there is a message at the bottom of the page that ends with: waiting for cookieXfer. html.. Not sure what this means.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool18th September 2009, 11:26 pm

more_horiz
Okay, got it:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Mikel at 18:21:10.11 on Fri 09/18/2009
Internet Explorer: 8.0.6001.18813
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.1.1033.18.1013.219 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\sttray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mikel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CM1DP1I9\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.geekpolice.net/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5086
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5086
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5086
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: Media Access Startup: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\media access startup\1.5.0.850\HPIEAddOn.dll
BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\internet saving optimizer\3.4.0.4340\NPIEAddOn.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.3.0.840\ssd.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
mRun: [SiteAdvisor] "c:\program files\siteadvisor\6261\SiteAdv.exe"
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=0
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\users\mikel\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\versio~1.lnk - c:\windows\installer\{78c5d256-a94e-4593-bb24-ced07afc7938}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/PopularScreenSaversFWBInitialSetup1.0.1.0.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-17 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-12 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-6-12 53328]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2008-2-11 28728]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-17 348752]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-09-17 07:50 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-17 07:50 a-d----- c:\programdata\TEMP
2009-09-17 07:50 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-17 07:50 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-17 07:50 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-17 07:50 --d----- c:\program files\common files\PC Tools
2009-09-17 07:50 --d----- c:\users\mikel\appdata\roaming\PC Tools
2009-09-17 07:50 --d----- c:\programdata\PC Tools
2009-09-17 07:50 --d----- c:\program files\Spyware Doctor
2009-09-17 07:50 --d----- c:\progra~2\PC Tools
2009-09-16 18:07 --d----- c:\program files\common files\Symantec Shared
2009-09-14 21:00 --d----- c:\windows\system32\drivers\NSS
2009-09-14 21:00 --d----- c:\programdata\Norton
2009-09-14 21:00 --d----- c:\program files\Norton Security Scan
2009-09-14 21:00 --d----- c:\progra~2\Norton
2009-09-14 21:00 --d----- c:\programdata\Symantec
2009-09-14 21:00 --d----- c:\progra~2\Symantec
2009-09-14 21:00 --d----- c:\programdata\NortonInstaller
2009-09-14 21:00 --d----- c:\program files\NortonInstaller
2009-09-14 21:00 --d----- c:\progra~2\NortonInstaller
2009-09-14 17:58 --d----- c:\windows\system32\Adobe
2009-09-10 22:38 --d----- c:\program files\iPhone Configuration Utility
2009-09-10 22:36 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-10 22:36 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-10 22:35 --d----- c:\program files\iPod
2009-09-10 22:35 --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 22:35 --d----- c:\program files\iTunes
2009-09-10 22:35 --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-08 18:04 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-08 18:04 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-08 18:04 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-08 18:04 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-08 18:04 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-08 18:04 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-08 18:04 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-08 18:04 10,240 a------- c:\windows\system32\finger.exe
2009-09-08 18:04 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-08 18:04 17,920 a------- c:\windows\system32\netevent.dll
2009-09-08 18:03 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-08 18:03 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-08 18:03 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-08 18:03 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-08 18:03 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-08 18:02 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-02 16:15 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 16:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 10:01 2,048 a------- c:\windows\system32\tzres.dll

==================== Find3M ====================

2009-09-10 22:29 86,016 a------- c:\windows\inf\infstrng.dat
2009-09-10 22:29 86,016 a------- c:\windows\inf\infstor.dat
2009-09-10 22:29 51,200 a------- c:\windows\inf\infpub.dat
2009-08-28 07:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 07:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 07:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 07:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-17 11:05 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-07-21 16:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 16:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 16:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 15:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 09:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 08:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 07:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 07:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 05:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2008-12-23 08:12 20 ----h--- c:\programdata\PKP_DLdu.DAT
2008-12-23 08:12 20 ----h--- c:\progra~2\PKP_DLdu.DAT
2008-09-21 14:40 174 a--sh--- c:\program files\desktop.ini
2008-09-21 14:32 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-06-14 15:07 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-06-14 15:07 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-06-14 15:07 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-04-04 03:14 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2007-04-04 03:14 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2007-04-04 03:14 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:23:47.94 ===============

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool18th September 2009, 11:30 pm

more_horiz
Okay: I finally rebooted the infected machine and got it to this page, Actually fairly quick, machine must be in a state of remission. I saved the two logs, will await your advise.

Thanks

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool19th September 2009, 6:23 pm

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool19th September 2009, 9:18 pm

more_horiz
Bel: I'm doing this on two computers at once, the sick one and this one I am typing on. On this one after the update and download, the Scan window popped up ready to scan, but on the sick machine it did not, although I think it did install. Should I close or minimize the GeekPolice page and look for the icon on the desktop, or just reinstall it again. I'm afraid to lose what I have.

Thanks

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool19th September 2009, 9:21 pm

more_horiz
Never mind. I minimized the window and the scan box was there. I'll start the scan. Still not sure if I should close the other window to free up resources or just leave it minimized. Let me know if you think it is a problem leaving it open. The sick computer seems to be running much faster today.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool19th September 2009, 9:49 pm

more_horiz
Malwarebytes' Anti-Malware 1.41
Database version: 2825
Windows 6.0.6001 Service Pack 1

9/19/2009 4:37:24 PM
mbam-log-2009-09-19 (16-37-24).txt

Scan type: Quick Scan
Objects scanned: 85416
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 167
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 34
Files Infected: 100

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Mikel\Favorites\Free porn Pale galleries.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Mikel\Favorites\Free Porn pictures and movies galleries.url (Rogue.Link) -> Quarantined and deleted successfully.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool19th September 2009, 11:32 pm

more_horiz
Bel, thanks tons. Looks like my machine is back to normal. However, I just had a scan run on its own by one of the tools I downloaded before I contacted GeekPolice, and it still shows some cooties. The program is Spyware Doctor recommende by Digg. Their scan shows 4 threats and 324 infections, and wants me to purchase their package to fix them. Actually, I'd rather donate that money to you guys, if you don't think I need to buy this.

Also, I noticed that I have Norton Antiviris icon on my desktop. I did not download this that I am aware of. Should I uninstall these two programs?

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool20th September 2009, 2:11 am

more_horiz
Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool20th September 2009, 11:54 am

more_horiz
Sorry, didn't see page two of the thread yesterday. I assume you need this DDS log again, and that wasn't just a double post.

Thanks




DDS (Ver_09-07-30.01) - NTFSx86
Run by Mikel at 6:45:52.82 on Sun 09/20/2009
Internet Explorer: 8.0.6001.18813
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.1.1033.18.1013.341 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\RegCure\RegCure.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mikel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CM1DP1I9\dds[2].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.geekpolice.net/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5086
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5086
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5086
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
mRun: [SiteAdvisor] "c:\program files\siteadvisor\6261\SiteAdv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\mikel\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\versio~1.lnk - c:\windows\installer\{78c5d256-a94e-4593-bb24-ced07afc7938}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-17 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-12 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-6-12 53328]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-17 348752]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-09-19 16:09 --d----- c:\users\mikel\appdata\roaming\Malwarebytes
2009-09-19 16:09 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 16:09 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-19 16:09 --d----- c:\programdata\Malwarebytes
2009-09-19 16:09 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 16:09 --d----- c:\progra~2\Malwarebytes
2009-09-17 07:50 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-17 07:50 a-d----- c:\programdata\TEMP
2009-09-17 07:50 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-17 07:50 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-17 07:50 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-17 07:50 --d----- c:\program files\common files\PC Tools
2009-09-17 07:50 --d----- c:\users\mikel\appdata\roaming\PC Tools
2009-09-17 07:50 --d----- c:\programdata\PC Tools
2009-09-17 07:50 --d----- c:\program files\Spyware Doctor
2009-09-17 07:50 --d----- c:\progra~2\PC Tools
2009-09-16 18:07 --d----- c:\program files\common files\Symantec Shared
2009-09-14 21:00 --d----- c:\windows\system32\drivers\NSS
2009-09-14 21:00 --d----- c:\programdata\Norton
2009-09-14 21:00 --d----- c:\program files\Norton Security Scan
2009-09-14 21:00 --d----- c:\progra~2\Norton
2009-09-14 21:00 --d----- c:\programdata\Symantec
2009-09-14 21:00 --d----- c:\progra~2\Symantec
2009-09-14 21:00 --d----- c:\programdata\NortonInstaller
2009-09-14 21:00 --d----- c:\program files\NortonInstaller
2009-09-14 21:00 --d----- c:\progra~2\NortonInstaller
2009-09-14 17:58 --d----- c:\windows\system32\Adobe
2009-09-10 22:38 --d----- c:\program files\iPhone Configuration Utility
2009-09-10 22:36 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-10 22:36 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-10 22:35 --d----- c:\program files\iPod
2009-09-10 22:35 --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 22:35 --d----- c:\program files\iTunes
2009-09-10 22:35 --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-08 18:04 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-08 18:04 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-08 18:04 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-08 18:04 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-08 18:04 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-08 18:04 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-08 18:04 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-08 18:04 10,240 a------- c:\windows\system32\finger.exe
2009-09-08 18:04 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-08 18:04 17,920 a------- c:\windows\system32\netevent.dll
2009-09-08 18:03 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-08 18:03 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-08 18:03 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-08 18:03 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-08 18:03 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-08 18:02 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-02 16:15 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 16:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 10:01 2,048 a------- c:\windows\system32\tzres.dll

==================== Find3M ====================

2009-09-10 22:29 86,016 a------- c:\windows\inf\infstrng.dat
2009-09-10 22:29 86,016 a------- c:\windows\inf\infstor.dat
2009-09-10 22:29 51,200 a------- c:\windows\inf\infpub.dat
2009-08-28 07:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 07:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 07:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 07:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-17 11:05 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-07-21 16:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 16:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 16:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 15:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 09:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 08:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 07:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 07:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 05:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2008-12-23 08:12 20 ----h--- c:\programdata\PKP_DLdu.DAT
2008-12-23 08:12 20 ----h--- c:\progra~2\PKP_DLdu.DAT
2008-09-21 14:40 174 a--sh--- c:\program files\desktop.ini
2008-09-21 14:32 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-06-14 15:07 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-06-14 15:07 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-06-14 15:07 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 6:48:58.17 ===============

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool20th September 2009, 9:23 pm

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Anti Virus Systems Pro too Infected to Download Removal Tool CF_download_FF

    Anti Virus Systems Pro too Infected to Download Removal Tool CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Anti Virus Systems Pro too Infected to Download Removal Tool Rcauto10

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Anti Virus Systems Pro too Infected to Download Removal Tool Whatne10

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool20th September 2009, 11:25 pm

more_horiz
Okay, I ran the scan and saved it, copied to clipboard, but now I can't get online to send it. I get an error box that says, "Illegal operation attempted on a registry key that has been marked for deletion.

Also, I noticed that in my profile it says I'm using Windows XP. I am not. This machine is XP but the infected machine is Vista's Not sure if that matters. Anyway, can't open Internet Explorer. Should I reboot?

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool20th September 2009, 11:31 pm

more_horiz
I okay-ed the nag box and now get one that says Internet: The item you have selected is unavalible. It may have been moved, renamed or removed. Would you like to remove it from the list?

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool20th September 2009, 11:56 pm

more_horiz
Hello.
See here:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix#restore

Can you restore net connection via that guide?

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool21st September 2009, 1:00 am

more_horiz
Bel: Can't get into the control panel to complete manual restore of EI:

I right clicked IE icon on the task bar, but there is no option to Repair I just let Windows Update run, but still can't open IE. Should I reboot?, perhaps try to get into Control Panel in Safe Mode?

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool21st September 2009, 1:39 am

more_horiz
Okay, IE repaired itself after the reboot from windows updates. Here is the log:

ComboFix 09-09-18.02 - Mikel 09/20/2009 17:25.1.2 - NTFSx86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.1.1033.18.1013.288 [GMT -5:00]
Running from: c:\users\Mikel\Pictures\1234MILFs\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4241358610-77463683-3924183635-500
c:\$recycle.bin\S-1-5-21-915218132-3316391703-626559771-500
c:\program files\MyWebSearch
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.

2009-09-20 22:37 . 2009-09-20 22:43 -------- d-----w- c:\users\Mikel\AppData\Local\temp
2009-09-20 22:37 . 2009-09-20 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-19 21:09 . 2009-09-19 21:09 -------- d-----w- c:\users\Mikel\AppData\Roaming\Malwarebytes
2009-09-19 21:09 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 21:09 . 2009-09-19 21:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 21:09 . 2009-09-19 21:09 -------- d-----w- c:\programdata\Malwarebytes
2009-09-19 21:09 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-17 12:50 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-17 12:50 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-17 12:50 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-17 12:50 . 2009-09-17 12:51 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-17 12:50 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-17 12:50 . 2009-09-20 15:11 -------- d-----w- c:\program files\Spyware Doctor
2009-09-17 12:50 . 2009-09-17 12:50 -------- d-----w- c:\users\Mikel\AppData\Roaming\PC Tools
2009-09-17 12:50 . 2009-09-17 12:50 -------- d-----w- c:\programdata\PC Tools
2009-09-16 23:07 . 2009-09-16 23:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-15 02:00 . 2009-09-15 02:00 -------- d-----w- c:\programdata\Norton
2009-09-15 02:00 . 2009-09-15 02:00 -------- d-----w- c:\windows\system32\drivers\NSS
2009-09-15 02:00 . 2009-09-15 02:00 -------- d-----w- c:\program files\Norton Security Scan
2009-09-15 02:00 . 2009-09-16 23:05 -------- d-----w- c:\programdata\Symantec
2009-09-15 02:00 . 2009-09-15 02:00 -------- d-----w- c:\programdata\NortonInstaller
2009-09-15 02:00 . 2009-09-15 02:00 -------- d-----w- c:\program files\NortonInstaller
2009-09-14 22:58 . 2009-09-14 22:59 -------- d-----w- c:\windows\system32\Adobe
2009-09-11 03:38 . 2009-09-11 03:38 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-11 03:36 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-11 03:36 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-11 03:35 . 2009-09-11 03:35 -------- d-----w- c:\program files\iPod
2009-09-11 03:35 . 2009-09-11 03:36 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 03:35 . 2009-09-11 03:36 -------- d-----w- c:\program files\iTunes
2009-09-11 03:32 . 2009-09-11 03:33 -------- d-----w- c:\program files\QuickTime
2009-09-08 23:04 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-08 23:04 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-08 23:04 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-08 23:04 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-08 23:04 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-08 23:04 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-08 23:04 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-08 23:04 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-08 23:04 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-08 23:04 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-08 23:03 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-08 23:03 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-08 23:03 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-08 23:03 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-08 23:02 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-02 21:15 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 21:15 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 15:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 14:49 . 2007-04-21 08:16 -------- d-----w- c:\users\Mikel\AppData\Roaming\VersionTracker Pro
2009-09-17 12:49 . 2009-05-20 21:56 -------- d-----w- c:\users\Mikel\AppData\Roaming\GetRightToGo
2009-09-11 03:35 . 2008-03-27 08:23 -------- d-----w- c:\program files\Common Files\Apple
2009-09-10 15:15 . 2009-08-07 12:00 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 15:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-17 16:10 . 2009-06-12 19:21 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2009-06-12 19:21 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-06-12 19:21 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2009-06-12 19:21 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2009-06-12 19:21 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-06-12 19:21 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2009-06-12 19:21 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-14 04:24 . 2008-03-30 18:32 -------- d-----w- c:\program files\Safari
2009-08-07 17:33 . 2009-08-07 17:33 -------- d-----w- c:\programdata\RegCure
2009-08-07 17:33 . 2008-08-24 08:08 -------- d-----w- c:\program files\RegCure
2009-08-07 04:01 . 2009-08-07 04:01 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-07 04:00 . 2008-10-19 02:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-07 03:52 . 2009-08-07 03:52 -------- d-----w- c:\program files\Ubisoft
2009-08-07 03:52 . 2006-12-30 01:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-04 00:45 . 2006-12-30 02:12 -------- d-----w- c:\programdata\WildTangent
2009-08-04 00:45 . 2006-12-30 02:11 -------- d-----w- c:\program files\eMachines Games
2009-08-03 01:58 . 2007-02-23 01:41 -------- d-----w- c:\users\Mikel\AppData\Roaming\SiteAdvisor
2009-07-21 21:52 . 2009-08-07 12:04 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-07 12:04 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-07 12:04 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-07 12:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-11 23:53 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-11 23:53 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-11 23:53 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-11 23:53 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-11 23:53 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-17 2348584]
"SiteAdvisor"="c:\program files\SiteAdvisor\6261\SiteAdv.exe" [2006-10-18 35928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" - c:\windows\ModPS2Key.exe [2006-11-07 53248]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-11-02 303104]

c:\users\Mikel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2006-12-29 2348584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
VersionTracker Pro.lnk - c:\windows\Installer\{78C5D256-A94E-4593-BB24-CED07AFC7938}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2007-4-21 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4241358610-77463683-3924183635-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4241358610-77463683-3924183635-500]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{195E7AC6-0CE1-465D-9F0C-625821695B4E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4F5D4B90-AA16-4E22-A078-63E4842A1536}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D8CE6121-E861-4D4E-B1F8-36818A758C60}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{99B4EDEB-1315-4E4F-A31F-524DAF221F2E}"= UDP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
"{B24F8E69-7B1D-4D16-A9AF-D5E228591867}"= TCP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
"{65A0F906-6F8D-473C-A556-62F3BEB94718}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{44DFD9FA-9D7E-4C6F-840E-E93FDF4D89A1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D540B1A8-D9F6-4794-8611-69B5F0EE69C2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{559A82FE-730D-4998-9E4D-1B27A685578F}"= UDP:c:\program files\Ubisoft\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{6C0674EB-C5C9-425D-8800-3D7BD94E1EAF}"= TCP:c:\program files\Ubisoft\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{A38855F8-7095-4E6A-89F6-56E836D1A797}"= UDP:c:\program files\Ubisoft\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{C33AA94B-ABA0-4251-90E6-60F9F3EF0019}"= TCP:c:\program files\Ubisoft\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{D1EF2B6D-B1CE-45BC-A010-50A5817ED5D6}"= UDP:c:\program files\Ubisoft\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
"{B61116F6-FC92-4B62-AF98-688D73F0EDA4}"= TCP:c:\program files\Ubisoft\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
"{05B30521-2D96-4C0A-900E-EBA2C7E9BCAD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{411F8013-BDC7-4463-A350-BBCF7DC76A00}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [9/17/2009 7:50 AM 130936]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/12/2009 2:21 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/12/2009 2:21 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/12/2009 2:21 PM 53328]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/17/2009 7:50 AM 348752]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 5:25 AM 2589184]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-09-18 c:\windows\Tasks\Norton Security Scan for Mikel.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-09-15 17:21]

2009-09-20 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-09-20 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-09-20 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{5B3D7E96-245C-4481-B3EA-DB9A82ED4CE1}.job
- c:\windows\system32\msfeedssync.exe [2009-08-07 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.geekpolice.net/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5086
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 17:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\_av_proI.tm~a03544\setup.lok

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4241358610-77463683-3924183635-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(768)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\progra~1\MICROS~2\Office\MLSHEXT.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-09-20 17:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-20 22:52

Pre-Run: 90,703,675,392 bytes free
Post-Run: 90,365,071,360 bytes free

245 --- E O F --- 2009-09-18 04:19

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool21st September 2009, 8:22 am

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Anti Virus Systems Pro too Infected to Download Removal Tool CF_Cleanup

This will also reset your restore points.

How is the machine running now?

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool21st September 2009, 11:32 am

more_horiz
Bel. Thanks, man. I think that's got it. I still have that hitchhiker, Norton Antivirus that came out of nowhere and the Dr. Spyware freeware as well as RegCure registery cleaner. These programs run on their own, but I don't trust them. Should I just go into add remove and unstall them?

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool21st September 2009, 12:30 pm

more_horiz
Hello.
Keep Norton for now, but lets see what's installed.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool21st September 2009, 12:54 pm

more_horiz
Uh, man. I just uninstalled it. All those that I did not install, thought they were hijackers. Uninstalled Norton, Dr. Spyware, RegCure.

I did install AdAware, and TweakNow, Reg Cleaner, which fixed 64 problems. Did a Disk Cleanup and rebooted.

How do I open Hijack This I don't see a link.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool21st September 2009, 12:56 pm

more_horiz
My bad, didn't realize we hadn't used HJT here.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool21st September 2009, 1:05 pm

more_horiz
Okay. Got it. I also notice an icon for a program called Digital River. Don't remember installing that one either. Here's the log:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABC Island
ACDSee 32
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player 11.5
Age of Castles
Age of Mythology Gold
AGEIA PhysX v7.11.13
Agere Systems PCI-SV92PP Soft Modem
Alchemy Deluxe
Alien Outbreak 2
Ancient Mosaic
Ancient Seal
Ancient Tripeaks 2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aquacade
ArcSoft Panorama Maker 4
Astro Avenger
avast! Antivirus
Bass Tournament Tycoon
Bejeweled 2 Deluxe
BigFix
Blackhawk Striker 2
Bonjour
Boom Voyage

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool21st September 2009, 1:07 pm

more_horiz
Hello.
The log looks cut off, please post the rest.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool21st September 2009, 1:13 pm

more_horiz
Whoops:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABC Island
ACDSee 32
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player 11.5
Age of Castles
Age of Mythology Gold
AGEIA PhysX v7.11.13
Agere Systems PCI-SV92PP Soft Modem
Alchemy Deluxe
Alien Outbreak 2
Ancient Mosaic
Ancient Seal
Ancient Tripeaks 2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aquacade
ArcSoft Panorama Maker 4
Astro Avenger
avast! Antivirus
Bass Tournament Tycoon
Bejeweled 2 Deluxe
BigFix
Blackhawk Striker 2
Bonjour
Boom Voyage
Bricks of Camelot
Bricks of Egypt
Browser Address Error Redirector
Butterfly Escape
Carl the Caveman
Chuzzle Deluxe
Clash'N Slash
Crystal Maze
Cute Knight
Dark Matter
Digby's Donuts
Digital Media Reader
Diner Dash
Diner Dash - Flo on the Go
Disney Pirates of the Caribbean Online
DVD Shrink 3.1.7
EAX Unified
eMachines Game Console
eMachines Recovery Center Installer
FATE
Feeding Frenzy 2
Final Draft 7
Final Drive Fury
Final Drive Nitro
Game Console - WildGames
Geneforge
Geneforge 2
Geneforge 3
Gift Shop
Google Chrome
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Heavy Weapon
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iPhone Configuration Utility
IrfanView (remove only)
iTunes
Java(TM) SE Runtime Environment 6
JEOPARDY
Jewel Quest Solitaire
Jewel Thief
Lara Croft Tomb Raider: The Angel Of Darkness
Lost Via Domus
Magic Lanterns
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Office 2000 Professional
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Mosaic Tomb of Mystery
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Mystery Solitaire - Secret Island
Napster
Napster Burn Engine
Nikon Message Center
Nikon Transfer
Ouba - The Great Journey
Paparazzi
Penguins!
Phoenix Assault
Pirates of the Caribbean Online's Desktop Galleon
PixiePack Codec Pack
Polar Bowler
Polar Golfer
Polar Tubing
Power2Go 5.0
PS2 Multimedia Keyboard Driver
QuickTime
Roller Rush
Safari
Sandlot Games Client Services 1.2.2
SandScript
SCRABBLE
SCRABBLE Rack Attack
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
SigmaTel Audio
Star Defender 2
Super Granny 3
Tangle Bee
Tiki Boom Boom
Tomb Raider: Anniversary 1.0
Tornado Jockey
TweakNow RegCleaner
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VersionTracker Pro for Windows
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Westward
Wheel of Fortune
Wik and The Fable of Souls
Wild West Billy
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool21st September 2009, 2:12 pm

more_horiz
Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight Java(TM) SE Runtime Environment 6
  • Click on the Uninstall/Change button at the top.

How is the machine running now?

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool21st September 2009, 8:56 pm

more_horiz
Java SE gone.

Seem like machine is running great. Anything else?

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool22nd September 2009, 12:53 am

more_horiz
Nope, that should be it.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool22nd September 2009, 12:59 am

more_horiz
Bel: Just noticed my sound is not working. The little speaker icon is no longer in the taskbar.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool22nd September 2009, 1:16 am

more_horiz
Hello.
See here:
http://answers.yahoo.com/question/index?qid=20090829033841AAfOLzT

Try the top answer, or the one below it. If no joy, we'll try updating your drivers.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool22nd September 2009, 1:46 am

more_horiz
Bel, thanks. The icon came back with a reboot. Sound works but doesn't seem to be as loud as it should. I'll look at that link later. Thanks again, the machine seems to be running like new otherwise.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool22nd September 2009, 6:33 am

more_horiz
Bel, maybe I do have a driver problem. Can't get youtubes to play now.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool22nd September 2009, 7:09 pm

more_horiz
Need a little further detail on that.

The video wont play, or the video plays with low/no sound at all?

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool22nd September 2009, 8:25 pm

more_horiz
Seems to be working now. Yesterday couldn't get them to play at all, but now they work fine. I did see a brief popup yesterday advertizing an offer to buy some anti-virus program. It went away before I could see which one. But I did download a few programs yesterday like Ad-Aware, and Google Chrome. Maybe it was from one of those. Everybody seems to be telling me I need to replace IE with a better browser so I'm shopping around. Maybe Firefox would be better.

But, I think the machine is good to go now. Thanks again.

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool23rd September 2009, 7:35 pm

more_horiz
Bel. I did install Firefox, and Google Crome, but YouTubes will only play on EI: With the other browsers vids won't play at all. It says I may need to update Flash Player or enable Java scipt. When I check the Tools box on Firefox it shows Java to be enabled and running, and I did dowload the add ons and plugins, with Flash Player was one.

Not sure these problems are related to the bug problem I had. If this is off topic let me know I can start another thread in the proper forum.

Thanks

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool23rd September 2009, 11:11 pm

more_horiz
Did you download flash player 10?
http://www.adobe.com/products/flashplayer/

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool24th September 2009, 12:07 am

more_horiz
Bel: I did download Flash Player 10 and I still can't play youtubes with Firefox. I was using EI when I downloaded it. Do I need to download Flash Player 10 while in the FireFox browser. I'm in Firefox now I'll try the download again

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool24th September 2009, 4:58 am

more_horiz
Guess the answer to that question was yes. I did and it works.

Thanks

descriptionAnti Virus Systems Pro too Infected to Download Removal Tool EmptyRe: Anti Virus Systems Pro too Infected to Download Removal Tool22nd October 2009, 1:13 am

more_horiz
Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read this over and click here to open a new topic.
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum