Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

A sad tale of a kids computer!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby John B. » February 25th, 2007, 12:14 pm

Hi,

Looks like the rootkit is unarmed :) You did great! Now the adware stuff...

Step 1: Disable Windows Defender
Please disable Windows Defender Real Time Protection as it may interfere with the fix. To disable Windows Defender:
  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • Close Windows Defender
Once your log is clean you can re-enable Windows Defender Real Time Protection.

Step 2: Stop some process with Task Manager
Press Control+Alt+Del to enter the Task Manager.
Click on the Processes tab and end the following process (if present):

IM-svr.EXE

Exit the Task Manager when finished.

Step 3: Delete bad program
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present). It could be that it has a space or something between it, but it has to look like it:

    MyWebSearch
Step 4: Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Messaging] C:\Program Files\Instant Messenger Names\IM-svr.EXE
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [rvaeimqtxb] c:\windows\system32\rvaeimqtxb.exe rvaeimqtxb
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
Step 5: Delete bad folders
Use Explorer to navigate to and delete the following folders (if present):

C:\Program Files\IM Names
C:\Program Files\Instant Messenger Names
C:\Program Files\MyWebSearch

Now just exit Explorer.

Step 6: Update Adobe Reader
It looks like your version of Adobe Reader is out of date and you're vulnarable for infections.
Please download the newest version here:
http://www.adobe.com/uk/products/reader/

Install it, then go to Add Remove Programs and remove any older versions that may remain.

Step 7: Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java(TM) SE Runtime Environment 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Step 8: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Step 9: Run Kaspersky Online Scan
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.

Step 10: Post logs
* Kaspersky log
* Fresh HijackThis log
* Tell me about any problems/questions

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Advertisement
Register to Remove

Unread postby Nicky17 » February 25th, 2007, 12:44 pm

I am sorry to ask you this but there is no myweb.... of any sort - the only thing similar is SurfNavigator or AutomatedSurfer
Nicky17
Regular Member
 
Posts: 36
Joined: February 19th, 2007, 12:44 pm

Unread postby John B. » February 25th, 2007, 12:56 pm

Hi,

Nicky17 wrote:I am sorry to ask you this but there is no myweb.... of any sort - the only thing similar is SurfNavigator or AutomatedSurfer

You can move on with the next step :)

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby Nicky17 » February 25th, 2007, 3:43 pm

Ok

step5 - couldn't locate any of those folders
step8 - Ad blocked here by KPF come up - googled to find home page and still couldn't download

Logfile of HijackThis v1.99.1
Scan saved at 19:35:15, on 25/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\SurferClient.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe
O4 - HKLM\..\Run: [SurfNavigator] C:\WINDOWS\system32\SurferClient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe
O4 - HKCU\..\Run: [SurfNavigator] C:\WINDOWS\system32\SurferClient.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm801LDGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 25, 2007 7:33:55 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 25/02/2007
Kaspersky Anti-Virus database records: 273288
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 46281
Number of viruses found: 17
Number of infected objects: 103 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:57:57

Infected Object Name / Virus Name / Last Action
C:\!KillBox\rvaeimqtxb.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.ad skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-02202007-174209.log Object is locked skipped
C:\Documents and Settings\Hannah\.housecall6.6\Quarantine\riched20.dll.bac_a04044 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Hannah\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Hannah\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Hannah\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Hannah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Hannah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Hannah\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Hannah\Local Settings\History\History.IE5\MSHist012007022520070226\index.dat Object is locked skipped
C:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Hannah\ntuser.dat Object is locked skipped
C:\Documents and Settings\Hannah\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012007022520070226\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\RECYCLER\S-1-5-21-2680023586-2361968474-3266648935-1007\Dc192.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.NaviPromo.ao skipped
C:\RECYCLER\S-1-5-21-2680023586-2361968474-3266648935-1007\Dc192.exe/stream Infected: not-a-virus:AdWare.Win32.NaviPromo.ao skipped
C:\RECYCLER\S-1-5-21-2680023586-2361968474-3266648935-1007\Dc192.exe NSIS: infected - 2 skipped
C:\RECYCLER\S-1-5-21-2680023586-2361968474-3266648935-1007\Dc269\uninst.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.NaviPromo.ao skipped
C:\RECYCLER\S-1-5-21-2680023586-2361968474-3266648935-1007\Dc269\uninst.exe/stream Infected: not-a-virus:AdWare.Win32.NaviPromo.ao skipped
C:\RECYCLER\S-1-5-21-2680023586-2361968474-3266648935-1007\Dc269\uninst.exe NSIS: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP27\A0003505.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003576.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003577.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003578.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003581.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003582.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003583.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003584.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003585.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003586.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003587.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003588.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003589.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003590.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003591.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003593.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003595.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003597.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003598.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003599.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003601.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003602.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP28\A0003603.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP29\A0003608.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP29\A0003611.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP29\A0003622.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP29\snapshot\MFEX-1.DAT Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP29\snapshot\MFEX-2.DAT Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0004906.exe Infected: not-a-virus:AdWare.Win32.2Search.h skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0004907.exe Infected: not-a-virus:AdWare.Win32.2Search.i skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0004990.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0004991.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0004992.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0004993.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0004994.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0004995.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0004996.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0004997.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005000.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005001.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005002.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005003.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005004.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005005.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005006.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005007.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005008.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005009.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005010.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005012.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005013.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005015.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005017.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005019.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005029.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005033.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005035.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005036.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP34\A0005057.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008319.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008322.exe Infected: not-a-virus:AdWare.Win32.2Search.h skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008323.exe Infected: not-a-virus:AdWare.Win32.2Search.i skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008324.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008325.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008326.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008327.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008328.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008329.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008330.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008331.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008334.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008335.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008336.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008337.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008338.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008339.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008340.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008341.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008342.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008343.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008344.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008346.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008347.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008349.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008351.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008353.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008462.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008463.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0008464.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP38\A0009615.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.ad skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP42\change.log Object is locked skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP9\A0002911.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3FCC2F6F-1A1D-4C99-BC2D-6AB7A894DB7A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe/webcontrol/btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.g skipped
C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe CAB: infected - 1 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6c4.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\Temp\~DFA65C.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
Nicky17
Regular Member
 
Posts: 36
Joined: February 19th, 2007, 12:44 pm

Unread postby John B. » February 26th, 2007, 2:25 am

Hi,

This is my normal post for when you are clear - which you now are - or seem to be.
Please advise of any problems you still have. If you think you're clean please give one more reply so that I can archive this topic.

Please empty your Recycle Bin because there's some malware in there.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    Turn off System Restore.
    On the Desktop, right-click My Computer
    Click Properties
    Click the System Restore tab
    Check Turn off System Restore
    Click Apply, and then click OK

    Reboot.

    Turn on System Restore.
    On the Desktop, right-click My Computer
    Click Properties
    Click the System Restore tab
    Uncheck Turn off System Restore
    Click Apply, and then click OK
    NOTE: only do this ONCE, NOT on a regular basis!
  • Re hide your system files. To do so, please follow the steps below:
    • Double-click My Computer.
    • Click the Tools menu, and then click Folder Options.
    • Click the View tab.
    • Put a check by "Hide file extensions for known file types."
    • Under the "Hidden files" folder, select "Do not show hidden files and folders."
    • Check "Hide protected operating system files."
    • Click Apply, and then click OK.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you have to be registered to post after registering just find your country room and register your complaint.
The infections you had were Navipromo (can be posted in topic for unlisted infections) and LOP

>> Here << you can see how you can help us.

May your God go with you..

John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby Nicky17 » February 26th, 2007, 5:24 am

Thank you John for all your help - hopefully the advice i have recieved will help prevent me being re-infected in the future
I have followed the final steps
All the best
Nicky17
Regular Member
 
Posts: 36
Joined: February 19th, 2007, 12:44 pm

Unread postby random/random » March 11th, 2007, 8:42 am

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. See Nellie2's blog here or post in our dedicated forum here
The infection you had was ......
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware