hello again dan, here are the new logs as requested. Thanks for your excellent clear instructions! Cheers Robyn
SmitFraudFix v2.319
Scan done at 12:34:06.54, Thu 05/01/2008
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0FEC397E-DBD4-48EE-A9BC-A467D03C774F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D35A156E-BAF0-4D9D-B32A-49E3B4AEFADA}: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0FEC397E-DBD4-48EE-A9BC-A467D03C774F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D35A156E-BAF0-4D9D-B32A-49E3B4AEFADA}: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0FEC397E-DBD4-48EE-A9BC-A467D03C774F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D35A156E-BAF0-4D9D-B32A-49E3B4AEFADA}: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Malwarebytes' Anti-Malware 1.11
Database version: 704
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 64755
Time elapsed: 42 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 37
Files Infected: 145
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
HKEY_CURRENT_USER\Software\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Config (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\LA (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Tools (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\AWBase (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\PGBase (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\AWBase\database (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up\Download (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\Common Files\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
C:\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
C:\AntiVirusForAll\AVQuar (Rogue.AntiVirusForAll) -> No action taken.
C:\WINDOWS\system32\892267 (Trojan.BHO) -> No action taken.
C:\Documents and Settings\Owner\Application Data\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\Owner\Application Data\AntiVirusForAll\Logs (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> No action taken.
Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\AntivirusForAll\Activate.exe (Rogue.PCSecureSystem) -> No action taken.
C:\Program Files\AntivirusForAll\sqlite3.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\AntivirusForAll\reload.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\AntivirusForAll\ptask.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\AntivirusForAll\dhlp.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\AntivirusForAll\Up\gup.exe (Rogue.Multiple) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP199\A0017719.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP199\A0017720.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017768.sys (Rogue.PCSecureSystem) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017769.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017770.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017771.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017773.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017774.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017781.exe (Rogue.WinPCDoctor) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017782.exe (Rogue.WinPCDoctor) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP203\A0017806.dll (Rogue.WinPCDoctor) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0016A2CC.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0016A5DA.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0016A899.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0016ACB0.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0002ACE0 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0016DB32.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\AntiVirusForAll\unins000.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\unins000.exe (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\scnkrnl.dll (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\al.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\settings.ini (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\ResErrors.log (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\FWSettings.bin (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\main.log (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\sr.log (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\history.db (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\BkSites.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\incmp.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\index.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\cd.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\pv.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\bnlink.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\Activate.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Config\pgs.xml (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\BORLNDMM.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANADWR.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANBCDR.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANDLDR.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANDOS1.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANEMUL.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANFUNC.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANMCR1.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANOTHR.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANSCR.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANTOOL.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANTROJ.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANWIN1.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNACPU.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNADBX.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\unamscan.dll (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNMIME.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNPACK.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNPACKS.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNPACKS2.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNPEPACK.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\vbpv.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UA27601.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UA27602.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UA27603.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UA27604.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UADAILY.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\AWBase\vbpv.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\AWBase\database\enemies.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\PGBase\vbpv.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\cross.gif (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\ga6p.gif (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\main.ico (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\mini.ico (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\support.ico (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\uninstall.ico (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\Support.url (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\Online.url (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\kb.url (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\rm.url (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up\up.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up\updater.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up\UBupdater.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up\ASupdater.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up\PGupdater.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\LA\License.rtf (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\LA\lapv.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Tools\sbiebho.dll (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Tools\pblock.dll (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\Owner\Application Data\AntiVirusForAll\Logs\threats.log (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\Owner\Application Data\AntiVirusForAll\Logs\update.log (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirusForAll\Contact Customer Support.lnk (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirusForAll\AntivirusForAll.lnk (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirusForAll\Uninstall AntivirusForAll.lnk (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\WinPCDoctor.exe.cer (Rogue.WinPCDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> No action taken.
C:\Documents and Settings\All Users\Desktop\AntivirusForAll.lnk (Rogue.AntiVirusForAll) -> No action taken.
INSTALLED PROGRAMS LIST:
15 Awesome Card & Board Games
Acer eManager for Notebook
Acer ePowerManagement
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player Plugin
Adobe Reader 7.0.8
Adobe SVG Viewer 3.0
Agere Systems AC'97 Modem
Apple Mobile Device Support
Apple Software Update
Arcade 3.0
AVG 7.5
CCleaner (remove only)
Google Photos Screensaver
Google Updater
HijackThis 2.0.2
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP PSC & OfficeJet 4.2
HP Software Update
HP Solution Center 7.0
HPSU306Stub
Intel(R) Extreme Graphics 2 Driver
Internet Service
iTunes
J2SE Runtime Environment 5.0 Update 6
Launch Manager
LimeWire 4.10.9
LiveUpdate BVRP Software
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
mobile PhoneTools
Mozilla Firefox (2.0.0.11)
My Web Search (Smiley Central)
Nokia Connectivity Cable Driver
Nokia PC Suite
NTI Backup NOW! 3
NTI CD & DVD-Maker Gold
OCR Software by I.R.I.S 7.0
Overland
PC Connectivity Solution
Picasa 2
PowerProducer
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Sansa Media Converter
Secure Browsing
Spyware Doctor 5.5
Synaptics Pointing Device Driver
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Installer 3.1 (KB893803)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:19 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbaredi ... xmk571YYAUO8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6072 bytes