My HJK log - Post MBAM & HiJackThis (no PandaActive)

[pshquitz]

My laptop seems clean so far since the scans, but any additional input would be appreciated.

Tx all.

MBAM Log

Malwarebytes' Anti-Malware 1.11

Database version: 704

Scan type: Full Scan (C:\|)

Objects scanned: 144093

Time elapsed: 2 hour(s), 36 minute(s), 36 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 4

Registry Keys Infected: 61

Registry Values Infected: 10

Registry Data Items Infected: 0

Folders Infected: 19

Files Infected: 100

Memory Processes Infected:

c:\program files\virusisolator\virusisolator.exe (Rogue

.Installer) -> Unloaded process successfully.

C:\Documents and Settings\All Users\Application Data\podcryjk\detmxmtg.exe (Trojan.FakeAlert) -> Unloaded process successfully.

C:\WINDOWS\xbaqktfv.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:

C:\WINDOWS\bdkpfxqw.dll (Trojan.Zlob) -> Unloaded module successfully.

C:\WINDOWS\Resources\WinRom.dll (Trojan.Clicker) -> Unloaded module successfully.

C:\WINDOWS\wxdbpfvo.dll (Trojan.FakeAlert) -> Unloaded module successfully.

C:\WINDOWS\qadovnel.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:

HKEY_CURRENT_USER\Software\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f0a035ec-c865-4e47-bf73-b17741dd5232} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c0b21b29-1dc8-4904-b87b-5943f576a39c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ed5c544d-1c59-4641-af0b-8d42d518e17e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{ce669866-e323-407c-a700-1b648fd8ab8f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{59453922-3233-4465-9ed7-b8390e32b6da} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{1d367724-2d6f-4874-9cd5-e487d5503fe7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e24f1a3c-ee8e-4b17-92be-097926b81a4c} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{86ddb424-7577-4d0a-95a9-9e837b863170} (Trojan.Clicker) -> Delete on reboot.

HKEY_CURRENT_USER\Software\AntiSpywareMaster (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\services (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\VirusIsolator (Rogue.VirusIsolator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cf99fdd9-209d-460e-afad-e780ffca314d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{79065845-0325-49a9-97eb-3973d71379d7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\wxdbpfvo.blom (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VirusIsolator.exe (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpywareMaster (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\UKfLgVSUTg (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\bdkpfxqw (Trojan.Zlob) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WinRom (Trojan.Clicker) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{cf99fdd9-209d-460e-afad-e780ffca314d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qadovnel (Trojan.FakeAlert) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

C:\Program Files\VirusIsolator (Rogue.VirusIsolator) -> Quarantined and deleted successfully.

C:\Program Files\VirusIsolator\Infected (Rogue.VirusIsolator) -> Quarantined and deleted successfully.

C:\Program Files\VirusIsolator\Suspicious (Rogue.VirusIsolator) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\382077 (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

C:\Documents and Settings\Michael J. Giuffrida\Start Menu\Programs\VirusIsolator (Rogue.VirusIsolator) -> Quarantined and deleted successfully.

Files Infected:

c:\program files\virusisolator\virusisolator.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareMaster\asm.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\podcryjk\detmxmtg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\my name\Local Settings\Tempmjiwep0.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Documents and Settings\my name\Local Settings\Temp\EXPLOR~1.EXE.bak (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\my name\Local Settings\Temp\MWSSETUP.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

C:\Documents and Settings\my name\Local Settings\Temp\MWSSRCSP.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP259\A0058441.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP260\A0059413.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0059893.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\WINDOWS\bdkpfxqw.dll (Trojan.Zlob) -> Delete on reboot.

C:\WINDOWS\xbaqktfv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Resources\WinRom.dll (Trojan.Clicker) -> Delete on reboot.

C:\WINDOWS\system32\cbXQihEU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nwrgtopw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnOIywT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wvUoMcde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\VirusIsolator\vscan.tsi (Rogue.VirusIsolator) -> Quarantined and deleted successfully.

C:\Program Files\VirusIsolator\zlib.dll (Rogue.VirusIsolator) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

C:\Documents and Settings\my name\Start Menu\Programs\VirusIsolator\VirusIsolator.lnk (Rogue.VirusIsolator) -> Quarantined and deleted successfully.

C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\wxdbpfvo.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\spwoqbmv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\qadovnel.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\my name\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusIsolator.lnk (Rogue.VirusIsolator) -> Quarantined and deleted successfully.

C:\Documents and Settings\my name\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\my name\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\my name\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\my name\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\my name\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\my name\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\my name\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

PandaActive Scan

I had a problem with the PandaActive Scan link, so it was not done and therefore no log is posted.

HiJack This Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:40:10 AM, on 5/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\system32\FreezeScreenSaver.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TPHDEXLG.EXE

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe

C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe

C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nytimes.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 127.0.1.16 pochacco

O1 - Hosts: 127.0.1.15 kitty.tch.harvard.edu

O1 - Hosts: 127.0.1.11 eeyore.tch.harvard.edu

O1 - Hosts: 127.0.1.10 eeyore

O1 - Hosts: 127.0.1.14 kitty

O1 - Hosts: 127.0.1.17 pochacco.tch.harvard.edu

O1 - Hosts: 127.0.1.13 chwebapps.tch.harvard.edu

O1 - Hosts: 127.0.1.12 chwebapps

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: DVA Gate - {E88995DC-CB69-4460-B14E-71F2B44D1998} - C:\WINDOWS\gndarmblxbt.dll (file missing)

O2 - BHO: (no name) - {FED19EA9-5A79-4CCF-A84C-D644EF4D63C3} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [suScheduler] "C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe" /SCHEDULER

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"

O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k

O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9

O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

O4 - HKLM\..\Policies\Explorer\Run: [software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\%s] C:\Program Files\Video ActiveX Object\isamonitor.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [JAVA_IBM] Java (IBM)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CHBOSTON.ORG

O17 - HKLM\Software\..\Telephony: DomainName = CHBOSTON.ORG

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CHBOSTON.ORG

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tch.harvard.edu,chboston.org

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tch.harvard.edu,chboston.org

O20 - Winlogon Notify: awttuUKB - awttuUKB.dll (file missing)

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe

O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 14377 bytes

[/code

[AdvancedSetup]

Please follow the instructions here.

Pre- HJT Post Instructions

If the Panda or NOD32 scan won't run then we need to look and see why not.

Yes the order matters and I've added another step to remove temporary files that can hide malware

You have the Spybot Search & Destroy - TEA TIMER running. That needs to be disabled.

STEP 1

1. Download Spybot Search & Destroy - UPDATE the files from the Intenet

2. Be sure to use the immunize feature

3. Do NOT enable the Tea Timer

4. Scan your hard drive and then remove any items it finds.

5. Post that log here.

STEP 2

• Follow these instructions carefully.
• Download ATF-Cleaner from Snapfiles.com to remove un-needed temporary files from your computer that may contain malware.
  
• You can also download it from Majorgeeks.com
  
• When you run ATF-Cleaner, check the items as shown below for Main.
  
• For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox
  
• NOTE: If you don't have FireFox or Opera installed then they will be grayed out and can be ignored
  
• Then click on "Empty Selected".
  

.

STEP 3

1. Click on the UPDATE tab in the Malwarebytes program and get the UPDATES Very Important

2. Perform a Quick Scan

3. Clean any items found and reboot if requested

4. Post that log here

STEP 4

1. Either Run the PANDA or the NOD32 Online Scanner

• Run an online scan with ESET from Free Virus Scan: Use ESET's Online Antivirus Scanner
  
  • You must use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
    
  • Accept the terms and click "Start".
    
  • Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
    
  • Click "Start" to begin the scan.
    
  • When completed restart your computer
    

STEP 5

1. Run TrendMicro

[JeanInMontana]

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.