Jump to content

Recommended Posts

Hello, I have a dire situation with my brother's computer. It's a Windows Xp Media Center computer that is infected with viruses and recently was further infected by Privacy Protection. Fortunately I was able to remove it from the registry and all users folder. But the problem remains

that the computer is infected still by some unknown viruses I can't find.

I got Google redirect on both Firefox and Google chrome, can't go into safe mode including network and command mode.

So I downloaded and run Malwarebytes, installed it successfully and updated it successfully.

When I performed a quick scan, it worked for at least 10-20 seconds that is until it close on it's own.

I try to open it again and got this:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item"

So I ask for help on how to fix this.

Here's dds.txt file along with attach.txt in zip I did as foretold in the sticky post of this forum, hope it helps:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Owner at 22:34:35 on 2011-11-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.460 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\1113932054:3921582781.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

svchost.exe "C:\WINDOWS\system32\124.tmp"

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhi0.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: EpicPlay Games: {56e4076b-a42b-4745-ba35-34da8ac4c2f2} - c:\program files\epicplay\epicPlayGames.dll

BHO: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: {37B85A29-692B-4205-9CAD-2626E4993404} - No File

TB: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhi0.dll

TB: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [installIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [sunKistEM] "c:\program files\digital media reader\shwiconem.exe"

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [CHotkey] zHotkey.exe

mRun: [pccguide.exe] "c:\program files\trend micro\antivirus\pccguide.exe"

mRun: [PCClient.exe] "c:\program files\trend micro\antivirus\PCClient.exe"

mRun: [TM Outbreak Agent] "c:\program files\trend micro\antivirus\TMOAgent.exe" /run

mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"

mRun: [Picasa Media Detector] "c:\program files\picasa2\PicasaMediaDetector.exe"

mRun: [DigidesignMMERefresh] "c:\program files\digidesign\drivers\MMERefresh.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [soundMan] SOUNDMAN.EXE

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128449084250

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{CF01378A-564E-4950-A6A2-B45DC5CBFA50} : DhcpNameServer = 10.0.0.1

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

Notify: WRNotifier - WRLogonNTF.dll

IFEO: a2service.exe - ntsd -d

IFEO: ArcaCheck.exe - ntsd -d

IFEO: arcavir.exe - ntsd -d

IFEO: ashDisp.exe - ntsd -d

IFEO: ashEnhcd.exe - ntsd -d

.

Note: multiple IFEO entries found. Please refer to Attach.txt

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\32qn3a8n.default user\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2720516&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2720516&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://www.mystart.com/results.php?pr=zugo&id=bflixtoolbar&v=1_0&gen=ms&ent=tb&mkt=us&q=

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\32qn3a8n.default user\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\32qn3a8n.default user\extensions\{392d065e-4679-4d12-8342-2a2d505fd309}\components\RadioWMPCoreGecko19.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\32qn3a8n.default user\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\32qn3a8n.default user\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\32qn3a8n.default user\extensions\{a0729639-d831-46c9-811b-9b0aa79fb45a}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\32qn3a8n.default user\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\32qn3a8n.default user\extensions\toolbar@alot.com\components\AlotXpcom.dll

FF - component: c:\program files\shopperreports3\bin\3.0.307.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\epicplay\npEpicHost.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPMyGlSh.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2006-5-17 16384]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-8-5 3712]

R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2004-3-5 183808]

R2 Tmntsrv;Trend NT Realtime Service;c:\program files\trend micro\antivirus\Tmntsrv.exe [2004-2-17 241737]

R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2004-3-5 25088]

R2 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\antivirus\tmproxy.exe [2004-2-17 204873]

R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2006-5-17 105472]

R3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2006-5-17 15488]

R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2006-5-17 15232]

R4 KProcessHacker2;KProcessHacker2;c:\documents and settings\owner\my documents\downloads\processhacker-2.23-bin\x86\kprocesshacker.sys [2011-11-19 33352]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-28 41272]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\owner\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\owner\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\owner\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\owner\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S2 ehSchedSharedAccess;Media Center Scheduler Service ehSchedSharedAccess;c:\windows\system32\124.tmp srv --> c:\windows\system32\124.tmp srv [?]

S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe [2007-1-15 73728]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-8-28 23624]

.

=============== Created Last 30 ================

.

2011-11-16 20:23:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-06 04:17:33 -------- d-----w- c:\documents and settings\owner\application data\Process Hacker 2

2011-10-28 18:21:31 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-10-28 18:00:54 -------- d-----w- c:\documents and settings\owner\application data\GetRightToGo

2011-10-27 03:55:06 -------- d-----w- c:\program files\common files\Symantec Shared

2011-10-27 03:54:56 -------- d-----w- c:\documents and settings\all users\application data\Norton

2011-10-27 03:54:53 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

2011-10-27 03:52:54 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll

2011-10-27 03:52:38 -------- d-----w- c:\program files\common files\xing shared

2011-10-27 03:52:31 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll

2011-10-27 03:52:26 107008 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll

2011-10-27 03:50:57 -------- d-----w- c:\documents and settings\owner\local settings\application data\Real

.

==================== Find3M ====================

.

2011-11-23 03:19:34 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-16 01:16:20 90112 ----a-w- c:\windows\DUMP857b.tmp

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-28 21:55:54 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-08-28 21:55:53 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-28 19:52:30 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2005-10-26 03:12:06 105472 -c--a-w- c:\program files\Dalwdm.sys

.

============= FINISH: 22:36:24.37 ===============

attach.zip

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

I'll be honest with you, my big brother had this infection since 2009 and for those past years he's not reported to my

knowledge no problems with anything related to his privacy and he doesn't use a bank account online.

I'm wary about not being able to connect to the internet but I like to hear from you how to remove this infection?

Also we don't have the disc to reformat the computer so that's out of the question.

I'm starting to think there's no way to fix this but I'll take my chances.

Link to post
Share on other sites

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Funny...I downloaded the TDSS the day before you posted the instructions after I looked on what the google redirect virus was

only to find an anti-google redirect virus blog with how to get rid of it. I already used it once but only the google redirect virus.

I feel sorry for wasting your time, but I did a rescan and found the true threat that I think you need to look at, I don't

know what it is but I skipped it.

And here is the log file that I did today from reading your instructions:

18:39:11.0293 3312 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

18:39:11.0371 3312 ============================================================

18:39:11.0371 3312 Current date / time: 2011/11/29 18:39:11.0371

18:39:11.0371 3312 SystemInfo:

18:39:11.0371 3312

18:39:11.0371 3312 OS Version: 5.1.2600 ServicePack: 3.0

18:39:11.0371 3312 Product type: Workstation

18:39:11.0371 3312 ComputerName: YOUR-A284EF7D6F

18:39:11.0371 3312 UserName: Owner

18:39:11.0371 3312 Windows directory: C:\WINDOWS

18:39:11.0371 3312 System windows directory: C:\WINDOWS

18:39:11.0371 3312 Processor architecture: Intel x86

18:39:11.0371 3312 Number of processors: 1

18:39:11.0371 3312 Page size: 0x1000

18:39:11.0371 3312 Boot type: Normal boot

18:39:11.0371 3312 ============================================================

18:39:19.0153 3312 Initialize success

18:39:27.0840 3872 ============================================================

18:39:27.0840 3872 Scan started

18:39:27.0840 3872 Mode: Manual;

18:39:27.0840 3872 ============================================================

18:39:28.0356 3872 16416542 ( Rootkit.Win32.PMax.gen ) - infected

18:39:28.0356 3872 16416542 - detected Rootkit.Win32.PMax.gen (0)

18:39:28.0496 3872 Abiosdsk - ok

18:39:28.0668 3872 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

18:39:28.0668 3872 abp480n5 - ok

18:39:28.0840 3872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:39:28.0856 3872 ACPI - ok

18:39:28.0996 3872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:39:28.0996 3872 ACPIEC - ok

18:39:29.0168 3872 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

18:39:29.0168 3872 adpu160m - ok

18:39:29.0340 3872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:39:29.0356 3872 aec - ok

18:39:29.0543 3872 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

18:39:29.0543 3872 AFD - ok

18:39:29.0731 3872 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

18:39:29.0731 3872 agp440 - ok

18:39:29.0903 3872 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

18:39:29.0903 3872 agpCPQ - ok

18:39:30.0074 3872 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

18:39:30.0074 3872 Aha154x - ok

18:39:30.0231 3872 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

18:39:30.0231 3872 aic78u2 - ok

18:39:30.0418 3872 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

18:39:30.0418 3872 aic78xx - ok

18:39:30.0668 3872 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

18:39:30.0731 3872 ALCXWDM - ok

18:39:30.0934 3872 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

18:39:30.0934 3872 AliIde - ok

18:39:31.0106 3872 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

18:39:31.0106 3872 alim1541 - ok

18:39:31.0278 3872 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

18:39:31.0278 3872 amdagp - ok

18:39:31.0449 3872 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

18:39:31.0449 3872 amsint - ok

18:39:31.0637 3872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:39:31.0637 3872 Arp1394 - ok

18:39:31.0809 3872 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

18:39:31.0809 3872 asc - ok

18:39:31.0981 3872 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

18:39:31.0981 3872 asc3350p - ok

18:39:32.0199 3872 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

18:39:32.0199 3872 asc3550 - ok

18:39:32.0387 3872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:39:32.0387 3872 AsyncMac - ok

18:39:32.0559 3872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:39:32.0559 3872 atapi - ok

18:39:32.0699 3872 Atdisk - ok

18:39:32.0934 3872 ati2mtag (07ac9a98ea70b5a6655a5797174bd282) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

18:39:33.0059 3872 ati2mtag - ok

18:39:33.0246 3872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:39:33.0246 3872 Atmarpc - ok

18:39:33.0434 3872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:39:33.0434 3872 audstub - ok

18:39:33.0621 3872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:39:33.0621 3872 Beep - ok

18:39:33.0840 3872 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

18:39:33.0840 3872 cbidf - ok

18:39:34.0012 3872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:39:34.0012 3872 cbidf2k - ok

18:39:34.0199 3872 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

18:39:34.0199 3872 cd20xrnt - ok

18:39:34.0387 3872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:39:34.0387 3872 Cdaudio - ok

18:39:34.0590 3872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:39:34.0590 3872 Cdfs - ok

18:39:34.0762 3872 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

18:39:34.0762 3872 Cdr4_xp - ok

18:39:34.0934 3872 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) C:\WINDOWS\system32\drivers\Cdralw2k.sys

18:39:34.0934 3872 Cdralw2k - ok

18:39:35.0043 3872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:39:35.0059 3872 Cdrom - ok

18:39:35.0168 3872 Changer - ok

18:39:35.0340 3872 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

18:39:35.0340 3872 CmdIde - ok

18:39:35.0465 3872 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

18:39:35.0465 3872 Cpqarray - ok

18:39:35.0606 3872 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

18:39:35.0621 3872 dac2w2k - ok

18:39:35.0746 3872 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

18:39:35.0746 3872 dac960nt - ok

18:39:35.0887 3872 dalwdmservice (3074ff8ed88d84b3240281702bc796ba) C:\WINDOWS\system32\drivers\dalwdm.sys

18:39:35.0887 3872 dalwdmservice - ok

18:39:36.0043 3872 DigiFilter (81e45f03e4b17f97b264e236e3fad00c) C:\WINDOWS\system32\drivers\DigiFilt.sys

18:39:36.0043 3872 DigiFilter - ok

18:39:36.0184 3872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:39:36.0184 3872 Disk - ok

18:39:36.0356 3872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:39:36.0481 3872 dmboot - ok

18:39:36.0653 3872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:39:36.0653 3872 dmio - ok

18:39:36.0809 3872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:39:36.0809 3872 dmload - ok

18:39:36.0996 3872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:39:36.0996 3872 DMusic - ok

18:39:37.0184 3872 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

18:39:37.0184 3872 dpti2o - ok

18:39:37.0371 3872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:39:37.0371 3872 drmkaud - ok

18:39:37.0590 3872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:39:37.0590 3872 Fastfat - ok

18:39:37.0762 3872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:39:37.0762 3872 Fdc - ok

18:39:37.0965 3872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:39:37.0981 3872 Fips - ok

18:39:38.0168 3872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:39:38.0168 3872 Flpydisk - ok

18:39:38.0356 3872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:39:38.0371 3872 FltMgr - ok

18:39:38.0543 3872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:39:38.0559 3872 Fs_Rec - ok

18:39:38.0731 3872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:39:38.0731 3872 Ftdisk - ok

18:39:38.0871 3872 GEARAspiWDM - ok

18:39:39.0028 3872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:39:39.0028 3872 Gpc - ok

18:39:39.0215 3872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:39:39.0231 3872 HidUsb - ok

18:39:39.0418 3872 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\WINDOWS\system32\drivers\hitmanpro35.sys

18:39:39.0418 3872 hitmanpro35 - ok

18:39:39.0606 3872 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

18:39:39.0606 3872 hpn - ok

18:39:39.0778 3872 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

18:39:39.0793 3872 HSFHWBS2 - ok

18:39:40.0012 3872 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

18:39:40.0121 3872 HSF_DP - ok

18:39:40.0324 3872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:39:40.0340 3872 HTTP - ok

18:39:40.0528 3872 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

18:39:40.0528 3872 i2omgmt - ok

18:39:40.0699 3872 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

18:39:40.0699 3872 i2omp - ok

18:39:40.0887 3872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:39:40.0887 3872 i8042prt - ok

18:39:41.0074 3872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:39:41.0090 3872 Imapi - ok

18:39:41.0278 3872 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

18:39:41.0278 3872 ini910u - ok

18:39:41.0449 3872 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:39:41.0449 3872 IntelIde - ok

18:39:41.0637 3872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:39:41.0637 3872 Ip6Fw - ok

18:39:41.0824 3872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:39:41.0824 3872 IpFilterDriver - ok

18:39:42.0028 3872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:39:42.0028 3872 IpInIp - ok

18:39:42.0371 3872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:39:42.0387 3872 IpNat - ok

18:39:42.0574 3872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:39:42.0574 3872 IPSec - ok

18:39:42.0762 3872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:39:42.0762 3872 IRENUM - ok

18:39:42.0965 3872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:39:42.0965 3872 isapnp - ok

18:39:43.0153 3872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:39:43.0153 3872 Kbdclass - ok

18:39:43.0356 3872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:39:43.0356 3872 kmixer - ok

18:39:43.0543 3872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:39:43.0543 3872 KSecDD - ok

18:39:43.0715 3872 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

18:39:43.0731 3872 L8042Kbd - ok

18:39:44.0074 3872 L8042mou (f0f944e4da9a75dee6a37d4afc7e1bbc) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

18:39:44.0090 3872 L8042mou - ok

18:39:44.0262 3872 LBeepKE (ac3b39817bfde9735f5654468dbf7d49) C:\WINDOWS\system32\Drivers\LBeepKE.sys

18:39:44.0262 3872 LBeepKE - ok

18:39:44.0418 3872 lbrtfdc - ok

18:39:44.0606 3872 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

18:39:44.0606 3872 LHidFilt - ok

18:39:44.0778 3872 LHidKe (dd40c03d85649205ec086722474c8a63) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys

18:39:44.0793 3872 LHidKe - ok

18:39:45.0153 3872 LHidUsbK (9ffc80e9cb4acc844e5b3cf2fa8ce1ec) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys

18:39:45.0153 3872 LHidUsbK - ok

18:39:45.0356 3872 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

18:39:45.0356 3872 LMouFilt - ok

18:39:45.0590 3872 LMouKE (2ebd4c02d259944869630a912ec86bce) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

18:39:45.0590 3872 LMouKE - ok

18:39:45.0809 3872 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

18:39:45.0824 3872 LUsbFilt - ok

18:39:46.0028 3872 MBX2DFU (4c5178db3becd517874ce3a8eff9b123) C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys

18:39:46.0028 3872 MBX2DFU - ok

18:39:46.0215 3872 MBX2MIDK (6af839efcb1ed2994f0c7ac2ab00fc8f) C:\WINDOWS\system32\drivers\mbx2midk.sys

18:39:46.0215 3872 MBX2MIDK - ok

18:39:46.0418 3872 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys

18:39:46.0418 3872 mcdbus - ok

18:39:46.0606 3872 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

18:39:46.0621 3872 mdmxsdk - ok

18:39:46.0824 3872 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

18:39:46.0824 3872 MHNDRV - ok

18:39:47.0012 3872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:39:47.0012 3872 mnmdd - ok

18:39:47.0215 3872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:39:47.0215 3872 Modem - ok

18:39:47.0403 3872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:39:47.0403 3872 Mouclass - ok

18:39:47.0606 3872 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:39:47.0606 3872 mouhid - ok

18:39:47.0809 3872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:39:47.0809 3872 MountMgr - ok

18:39:47.0981 3872 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

18:39:47.0981 3872 mraid35x - ok

18:39:48.0168 3872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:39:48.0168 3872 MRxDAV - ok

18:39:48.0356 3872 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:39:48.0371 3872 MRxSmb - ok

18:39:48.0574 3872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:39:48.0574 3872 Msfs - ok

18:39:48.0793 3872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:39:48.0793 3872 MSKSSRV - ok

18:39:48.0981 3872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:39:48.0981 3872 MSPCLOCK - ok

18:39:49.0184 3872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:39:49.0184 3872 MSPQM - ok

18:39:49.0371 3872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:39:49.0371 3872 mssmbios - ok

18:39:49.0559 3872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:39:49.0559 3872 Mup - ok

18:39:49.0762 3872 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys

18:39:49.0778 3872 MxlW2k - ok

18:39:49.0949 3872 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys

18:39:49.0949 3872 mxnic - ok

18:39:50.0153 3872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:39:50.0153 3872 NDIS - ok

18:39:50.0340 3872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:39:50.0340 3872 NdisTapi - ok

18:39:50.0543 3872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:39:50.0543 3872 Ndisuio - ok

18:39:50.0762 3872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:39:50.0762 3872 NdisWan - ok

18:39:50.0965 3872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:39:50.0965 3872 NDProxy - ok

18:39:51.0153 3872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:39:51.0153 3872 NetBIOS - ok

18:39:51.0449 3872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:39:51.0574 3872 NetBT - ok

18:39:52.0106 3872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:39:52.0137 3872 NIC1394 - ok

18:39:52.0496 3872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:39:52.0496 3872 Npfs - ok

18:39:53.0043 3872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:39:53.0371 3872 Ntfs - ok

18:39:54.0137 3872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:39:54.0137 3872 Null - ok

18:39:54.0809 3872 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:39:55.0793 3872 nv - ok

18:39:56.0074 3872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:39:56.0090 3872 NwlnkFlt - ok

18:39:56.0418 3872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:39:56.0418 3872 NwlnkFwd - ok

18:39:56.0746 3872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:39:56.0746 3872 ohci1394 - ok

18:39:57.0074 3872 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

18:39:57.0090 3872 P3 - ok

18:39:57.0668 3872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

18:39:57.0731 3872 Parport - ok

18:39:58.0153 3872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:39:58.0153 3872 PartMgr - ok

18:39:58.0668 3872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:39:58.0684 3872 ParVdm - ok

18:39:58.0981 3872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:39:58.0981 3872 PCI - ok

18:39:59.0231 3872 PCIDump - ok

18:39:59.0590 3872 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:39:59.0590 3872 PCIIde - ok

18:39:59.0871 3872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:39:59.0887 3872 Pcmcia - ok

18:40:00.0231 3872 Pcouffin (cd2425fd848e5fa09c9a213da56817a9) C:\WINDOWS\system32\Drivers\Pcouffin.sys

18:40:00.0231 3872 Pcouffin - ok

18:40:00.0481 3872 PDCOMP - ok

18:40:00.0778 3872 PDFRAME - ok

18:40:01.0043 3872 PDRELI - ok

18:40:01.0309 3872 PDRFRAME - ok

18:40:01.0637 3872 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

18:40:01.0637 3872 perc2 - ok

18:40:01.0934 3872 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

18:40:01.0934 3872 perc2hib - ok

18:40:02.0293 3872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:40:02.0309 3872 PptpMiniport - ok

18:40:02.0653 3872 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

18:40:02.0668 3872 Processor - ok

18:40:02.0965 3872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:40:02.0965 3872 PSched - ok

18:40:03.0199 3872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:40:03.0199 3872 Ptilink - ok

18:40:03.0528 3872 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:40:03.0528 3872 PxHelp20 - ok

18:40:03.0715 3872 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

18:40:03.0715 3872 ql1080 - ok

18:40:03.0934 3872 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

18:40:03.0934 3872 Ql10wnt - ok

18:40:04.0246 3872 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

18:40:04.0246 3872 ql12160 - ok

18:40:04.0449 3872 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

18:40:04.0449 3872 ql1240 - ok

18:40:04.0715 3872 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

18:40:04.0715 3872 ql1280 - ok

18:40:04.0949 3872 qzmayjxg (ad48d313e56f4cc7c67a6c0dd9047b03) C:\WINDOWS\system32\drivers\qzmayjxg.sys

18:40:04.0965 3872 qzmayjxg - ok

18:40:05.0246 3872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:40:05.0246 3872 RasAcd - ok

18:40:05.0543 3872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:40:05.0559 3872 Rasl2tp - ok

18:40:05.0903 3872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:40:05.0903 3872 RasPppoe - ok

18:40:06.0137 3872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:40:06.0137 3872 Raspti - ok

18:40:06.0496 3872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:40:06.0496 3872 Rdbss - ok

18:40:06.0715 3872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:40:06.0731 3872 RDPCDD - ok

18:40:07.0012 3872 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:40:07.0028 3872 rdpdr - ok

18:40:07.0371 3872 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

18:40:07.0371 3872 RDPWD - ok

18:40:07.0621 3872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:40:07.0637 3872 redbook - ok

18:40:07.0996 3872 RTL8023xp (e9877aa069dc11b03dbd1d33b8b2a3ca) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

18:40:08.0012 3872 RTL8023xp - ok

18:40:08.0121 3872 SANDRA - ok

18:40:08.0356 3872 SASDIFSV - ok

18:40:08.0512 3872 SASKUTIL - ok

18:40:08.0856 3872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:40:08.0856 3872 Secdrv - ok

18:40:09.0090 3872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

18:40:09.0106 3872 Serial - ok

18:40:09.0356 3872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:40:09.0356 3872 Sfloppy - ok

18:40:09.0528 3872 Simbad - ok

18:40:09.0793 3872 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

18:40:09.0793 3872 sisagp - ok

18:40:10.0168 3872 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

18:40:10.0184 3872 Sparrow - ok

18:40:10.0590 3872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:40:10.0621 3872 splitter - ok

18:40:10.0965 3872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:40:10.0981 3872 sr - ok

18:40:11.0637 3872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:40:11.0840 3872 Srv - ok

18:40:12.0621 3872 SSKBFD (2b38da14e1bad3e4227cfcfaeb505239) C:\WINDOWS\system32\Drivers\sskbfd.sys

18:40:12.0653 3872 SSKBFD - ok

18:40:13.0356 3872 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys

18:40:13.0496 3872 SunkFilt - ok

18:40:14.0512 3872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:40:14.0840 3872 swenum - ok

18:40:16.0215 3872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:40:16.0762 3872 swmidi - ok

18:40:18.0153 3872 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

18:40:18.0168 3872 symc810 - ok

18:40:18.0762 3872 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

18:40:18.0762 3872 symc8xx - ok

18:40:19.0246 3872 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

18:40:19.0246 3872 sym_hi - ok

18:40:19.0481 3872 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

18:40:19.0481 3872 sym_u3 - ok

18:40:19.0762 3872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:40:20.0106 3872 sysaudio - ok

18:40:20.0934 3872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:40:21.0309 3872 Tcpip - ok

18:40:21.0871 3872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:40:21.0887 3872 TDPIPE - ok

18:40:22.0340 3872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:40:22.0340 3872 TDTCP - ok

18:40:22.0746 3872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:40:22.0762 3872 TermDD - ok

18:40:23.0199 3872 Tmfilter (7b6a9637905fab070292d5a6ad5cf3af) C:\WINDOWS\system32\drivers\TmXPFlt.sys

18:40:23.0215 3872 Tmfilter - ok

18:40:23.0418 3872 Tmpreflt (ccd8b28c039302c367266bc3f641bc92) C:\WINDOWS\system32\drivers\Tmpreflt.sys

18:40:23.0418 3872 Tmpreflt - ok

18:40:23.0840 3872 tmtdi (113f1d6514b571a6c8527ad8bc79d26b) C:\WINDOWS\System32\Drivers\tmtdi.sys

18:40:23.0856 3872 tmtdi - ok

18:40:24.0199 3872 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

18:40:24.0215 3872 TosIde - ok

18:40:24.0574 3872 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys

18:40:24.0574 3872 TPkd - ok

18:40:24.0903 3872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:40:24.0965 3872 Udfs - ok

18:40:25.0309 3872 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

18:40:25.0309 3872 ultra - ok

18:40:26.0059 3872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:40:26.0465 3872 Update - ok

18:40:27.0012 3872 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

18:40:27.0028 3872 USBAAPL - ok

18:40:27.0512 3872 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

18:40:27.0543 3872 usbaudio - ok

18:40:28.0199 3872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:40:28.0246 3872 usbccgp - ok

18:40:28.0809 3872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:40:28.0824 3872 usbehci - ok

18:40:29.0215 3872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:40:29.0231 3872 usbhub - ok

18:40:29.0903 3872 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

18:40:29.0918 3872 usbohci - ok

18:40:30.0512 3872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:40:30.0543 3872 usbprint - ok

18:40:31.0090 3872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:40:31.0121 3872 usbscan - ok

18:40:31.0434 3872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:40:31.0434 3872 USBSTOR - ok

18:40:31.0856 3872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:40:31.0871 3872 VgaSave - ok

18:40:32.0293 3872 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

18:40:32.0293 3872 viaagp - ok

18:40:32.0934 3872 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

18:40:32.0949 3872 ViaIde - ok

18:40:33.0371 3872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:40:33.0371 3872 VolSnap - ok

18:40:33.0887 3872 Vsapint (059f25954c02f134fe94e135f6b99910) C:\WINDOWS\system32\drivers\Vsapint.sys

18:40:34.0590 3872 Vsapint - ok

18:40:34.0949 3872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:40:34.0949 3872 Wanarp - ok

18:40:35.0278 3872 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

18:40:35.0309 3872 wanatw - ok

18:40:35.0699 3872 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

18:40:35.0856 3872 Wdf01000 - ok

18:40:36.0090 3872 WDICA - ok

18:40:36.0481 3872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:40:36.0528 3872 wdmaud - ok

18:40:37.0434 3872 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

18:40:37.0621 3872 winachsf - ok

18:40:37.0918 3872 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:40:37.0918 3872 WS2IFSL - ok

18:40:37.0981 3872 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0

18:40:37.0981 3872 \Device\Harddisk0\DR0 - ok

18:40:37.0996 3872 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk5\DR7

18:40:37.0996 3872 \Device\Harddisk5\DR7 - ok

18:40:38.0012 3872 Boot (0x1200) (bb25bda0906e53ed67b85de2e1ac8116) \Device\Harddisk0\DR0\Partition0

18:40:38.0012 3872 \Device\Harddisk0\DR0\Partition0 - ok

18:40:38.0028 3872 Boot (0x1200) (030da8323a0203e8e47ae41dbf8c541e) \Device\Harddisk0\DR0\Partition1

18:40:38.0028 3872 \Device\Harddisk0\DR0\Partition1 - ok

18:40:38.0028 3872 Boot (0x1200) (cc60a23aa0b6b4d539573b3a62ba4e0c) \Device\Harddisk5\DR7\Partition0

18:40:38.0043 3872 \Device\Harddisk5\DR7\Partition0 - ok

18:40:38.0043 3872 ============================================================

18:40:38.0043 3872 Scan finished

18:40:38.0043 3872 ============================================================

18:40:38.0059 3352 Detected object count: 1

18:40:38.0059 3352 Actual detected object count: 1

18:42:24.0012 3352 16416542 ( Rootkit.Win32.PMax.gen ) - skipped by user

18:42:24.0012 3352 16416542 ( Rootkit.Win32.PMax.gen ) - User select action: Skip

Link to post
Share on other sites

Lets see if this gets it

ZeroAccess/Max++ rootkit remover to remove ZeroAccess (Sirefef/MAX++) rootkit.

http://deletemalware.blogspot.com/2011/09/zeroaccesssirefefmax-rootkit-removal.html

1. Download the ZeroAccess/Max++ rootkit remover: http://anywhere.webrootcloudav.com/antizeroaccess.exe

2. Double-click on antizeroaccess icon to run it. It will ask you to verify that you want to perform a System scan. Type Y and press Enter.

antizeroaccess.jpg

Once finished, press Enter or any key to continue.

3. If your computer is infected with Zero Access rootkit, you'll see the following warning: Your system is infected!!

mrxsmb_sys.jpg

Infected file: mrxsmb.sys. In your case it might be different. Type Y and press Enter to perform system cleanup.

You should know see the notification that ZeroAccess rootkit has been successfully removed from the system. Press any key to exit the utility and restart your computer.

zeroaccess_cleaned.jpg

4. Run ZeroAccess/Max++ rootkit remover once again to confirm that ZeroAccess/Sirefef/MAX++ rootkit was successfully removed from your computer.

zeroaccess_not_found.jpg

5. Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

I sucessfully clean the computer of that thing and was able to run MBAM!!

Here are the scan results of MBAM!

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8280

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/30/2011 5:31:30 PM

mbam-log-2011-11-30 (17-31-08).txt

Scan type: Quick scan

Objects scanned: 210694

Time elapsed: 32 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 109

Registry Values Infected: 11

Registry Data Items Infected: 4

Folders Infected: 10

Files Infected: 22

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{37B85A20-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{37B85A21-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37B85A21-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37B85A2B-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Adware.Hotbar) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\BarDiscover (Adware.BarDiscover) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2service.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\casecuritycenter.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.EXE (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWin.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32st.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.EXE (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVW32.EXE (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE (Security.Hijack) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BarDiscover (Adware.BarDiscover) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BARDISCOVER_SERVICE (Adware.BarDiscover) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Value: {37B85A29-692B-4205-9CAD-2626E4993404} -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Value: {37B85A29-692B-4205-9CAD-2626E4993404} -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Value: {37B85A29-692B-4205-9CAD-2626E4993404} -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Value: {37B85A29-692B-4205-9CAD-2626E4993404} -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Value: {37B85A29-692B-4205-9CAD-2626E4993404} -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Value: {37B85A29-692B-4205-9CAD-2626E4993404} -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\Debugger (Security.Hijack) -> Value: Debugger -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe\Debugger (Security.Hijack) -> Value: Debugger -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\Debugger (Security.Hijack) -> Value: Debugger -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\Debugger (Security.Hijack) -> Value: Debugger -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790371BC76545A36A196 (Malware.Trace) -> Value: SRS_IT_E8790371BC76545A36A196 -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

c:\documents and settings\all users\application data\20808119 (Rogue.Multiple) -> No action taken.

c:\documents and settings\all users\application data\bardiscover (Adware.BarDiscover) -> No action taken.

c:\program files\bardiscover (Adware.BarDiscover) -> No action taken.

c:\program files\mozilla firefox\extensions\{ac57fcaf-e6fc-4be9-adc0-d00129c4c1e7} (Adware.BarDiscover) -> No action taken.

c:\program files\mozilla firefox\extensions\{ac57fcaf-e6fc-4be9-adc0-d00129c4c1e7}\chrome (Adware.BarDiscover) -> No action taken.

c:\program files\mozilla firefox\extensions\{ac57fcaf-e6fc-4be9-adc0-d00129c4c1e7}\defaults (Adware.BarDiscover) -> No action taken.

c:\program files\mozilla firefox\extensions\{ac57fcaf-e6fc-4be9-adc0-d00129c4c1e7}\defaults\preferences (Adware.BarDiscover) -> No action taken.

c:\program files\total pc defender (Rogue.TotalPCDefender) -> No action taken.

c:\documents and settings\Owner\start menu\total pc defender (Rogue.TotalPCDefender) -> No action taken.

c:\documents and settings\Owner\local settings\application data\mmcbrowse97 (Trojan.Downloader) -> No action taken.

Files Infected:

c:\documents and settings\Owner\my documents\downloads\setup.exe (Adware.Hotbar) -> No action taken.

c:\program files\mozilla firefox\plugins\npclntax_hotbarsa.dll (Adware.Hotbar) -> No action taken.

c:\program files\mozilla firefox\plugins\NPMyGlSh.dll (Adware.MyWebSearch) -> No action taken.

c:\WINDOWS\system32\124.tmp (Trojan.Agent) -> No action taken.

c:\documents and settings\Owner\local settings\application data\113531031.exe (Trojan.Dropper) -> No action taken.

c:\documents and settings\Owner\local settings\application data\113531032.exe (Trojan.Agent.Gen) -> No action taken.

c:\documents and settings\Owner\application data\avdrn.dat (Malware.Trace) -> No action taken.

c:\documents and settings\Owner\application data\MSA\fff.exe (Rogue.MSAntiVirus) -> No action taken.

c:\documents and settings\Owner\application data\MSA\w2_0.exe (Rogue.MSAntiVirus) -> No action taken.

c:\documents and settings\all users\application data\20808119\20808119.exe (Rogue.Multiple) -> No action taken.

c:\documents and settings\all users\application data\bardiscover\bardiscover151.exe (Adware.BarDiscover) -> No action taken.

c:\documents and settings\all users\application data\bardiscover\bardiscover155.exe (Adware.BarDiscover) -> No action taken.

c:\documents and settings\all users\application data\bardiscover\bardiscover159.exe (Adware.BarDiscover) -> No action taken.

c:\documents and settings\all users\application data\bardiscover\bardiscover163.exe (Adware.BarDiscover) -> No action taken.

c:\program files\bardiscover\bardiscover.dll (Adware.BarDiscover) -> No action taken.

c:\program files\bardiscover\bardiscover.exe (Adware.BarDiscover) -> No action taken.

c:\program files\bardiscover\uninstall.exe (Adware.BarDiscover) -> No action taken.

c:\program files\mozilla firefox\extensions\{ac57fcaf-e6fc-4be9-adc0-d00129c4c1e7}\chrome.manifest (Adware.BarDiscover) -> No action taken.

c:\program files\mozilla firefox\extensions\{ac57fcaf-e6fc-4be9-adc0-d00129c4c1e7}\install.rdf (Adware.BarDiscover) -> No action taken.

c:\program files\mozilla firefox\extensions\{ac57fcaf-e6fc-4be9-adc0-d00129c4c1e7}\chrome\bardiscover.jar (Adware.BarDiscover) -> No action taken.

c:\program files\mozilla firefox\extensions\{ac57fcaf-e6fc-4be9-adc0-d00129c4c1e7}\defaults\preferences\prefs.js (Adware.BarDiscover) -> No action taken.

c:\documents and settings\Owner\local settings\application data\mmcbrowse97\mmcbrowse97.dll (Trojan.Downloader) -> No action taken.

Link to post
Share on other sites

Yes, Th ZeroAccess/Max++ rootkit remover found one rootkit and removed it, I did a re-scan and it said the computer was clean.

The computer is working fine plus malwarebytes works as well.

I haven't removed anything yet though just thinking I have to do something else.

Should I remove all of them? If yes I'll do it right away and thanks for helping me.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.