I am helping a friend fix her computer, she had some malware issues. I have CA Internet Suite on the computer because she doesn't believe in virus protection and I am the one who ends up dealing with the issues. The Computer is a Dell Inspiron 600m with Windows XP Pro. I have been through the pre-thread virus scans and Hi-jack this scans. Just when I thought I had everything cleaned up the computer starts going to a blue screen with the Kernal_Data_Inpage Error. I will include the entire dialogue follow this paragraph. I am unsure of what to do at this point. So I will include the Kernal dialogue and the requested scan logs and thank you in advance for any assistance.
KERNAL_DATA_INPAGE_ERROR
Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.
If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advances Startup Options, and then select Safe Mode.
Technical information:
Stop: 0x0000007a (0XC03E12A8, 0XC000000E, 0XF84AAE52, 0X1AE12860)
Atapi.sys – Address F84AAe52 base at F849B000, DateStamp 4802539d
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:53 PM, on 6/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCACA Internet Security SuiteCA Anti-VirusISafe.exe
C:Program FilesCASharedComponentsPPRTbinITMRTSVC.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32svchost.exe
C:Program FilesApointApoint.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesCACA Internet Security SuiteCA Anti-VirusVetMsg.exe
C:Program FilesCyberLinkPowerDVDDVDLauncher.exe
C:Program FilesDellMedia ExperienceDMXLauncher.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesCACA Internet Security Suitecctraycctray.exe
C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe
C:Program FilesCACA Internet Security SuiteCA Anti-SpamQSP-6.0.1.33QOELoader.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesDellSupportDSAgnt.exe
C:Program FilesApointApntex.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1MI3AA1~1wcescomm.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesCACA Internet Security SuiteCA Anti-SpywareCAPPActiveProtection.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:Program FilesCACA Internet Security SuiteCA Anti-SpywarePPCtlPriv.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesCACA Internet Security Suiteccprovsp.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url]http://www.yahoo.com/?fr=fp-yie8[/url]
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.yahoo.com/?fr=fp-yie8[/url]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = ftp=ftp:21;http=localhost:80;https=https:443
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [Apoint] C:Program FilesApointApoint.exe
O4 - HKLM..Run: [UpdateManager] "C:Program FilesCommon FilesSonicUpdate Managersgtray.exe" /r
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [DVDLauncher] "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [DMXLauncher] C:Program FilesDellMedia ExperienceDMXLauncher.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [cctray] "C:Program FilesCACA Internet Security Suitecctraycctray.exe"
O4 - HKLM..Run: [CAVRID] "C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe"
O4 - HKLM..Run: [QOELOADER] "C:Program FilesCACA Internet Security SuiteCA Anti-SpamQSP-6.0.1.33QOELoader.exe"
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKCU..Run: [DellSupport] "C:Program FilesDellSupportDSAgnt.exe" /startup
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [H/PC Connection Agent] "C:PROGRA~1MI3AA1~1wcescomm.exe"
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:WINDOWSsystem32GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre6binjp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre6binjp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [url]http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab[/url]
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - [url]http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[/url]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [url]http://lads.myspace.com/upload/MySpaceUploader1006.cab[/url]
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - [url]http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab[/url]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [url]https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[/url]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [url]http://download.eset.com/special/eos/OnlineScanner.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O17 - HKLMSystemCCSServicesTcpip..{7C979DE7-379F-4D27-9FD1-9233D65164F6}: NameServer = 213.174.139.72,192.168.0.1
O17 - HKLMSystemCCSServicesTcpip..{84EF8394-4ACD-421E-9D11-646B19CB4762}: NameServer = 213.174.139.72,192.168.0.1
O17 - HKLMSystemCCSServicesTcpip..{EC411397-605B-4F28-8FFD-AE047F932DA6}: NameServer = 213.174.139.72,192.168.0.1
O20 - Winlogon Notify: iifddbb - C:WINDOWS
O20 - Winlogon Notify: pmdsxner - C:WINDOWS
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:Program FilesCACA Internet Security Suiteccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-VirusISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:Program FilesCASharedComponentsPPRTbinITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-SpywarePPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-VirusVetMsg.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 10949 bytes
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Banctec Service Agreement
Bonjour
Broadcom Management Programs 2
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Pest Patrol Realtime Protection
CCScore
Conexant D480 MDC V.9x Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
DellSupport
EPSON Printer Software
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2200 series
hp psc 2200 series
hp psc 2200 series
ImageMixer for Sony DVD Handycam
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
LG USB Drivers
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft ActiveSync
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
MobileMe Control Panel
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
netbrdg
Notifier
OfotoXMI
OpenOffice.org Installer 1.0
Photo Click
Photo Story 3 for Windows
Picasa 3
PowerDVD 5.3
QuickTime
Safari
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SFR
SHASTA
skin0001
SKINXSDK
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Sony DVD Handycam USB Driver
Spybot - Search & Destroy
staticcr
tooltips
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VPRINTOL
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Mobile® Device Handbook
Windows XP Service Pack 3
WIRELESS
Yahoo! Messenger
Malwarebytes' Anti-Malware 1.37
Database version: 2216
Windows 5.1.2600 Service Pack 3
6/2/2009 8:42:54 PM
mbam-log-2009-06-02 (20-39-57).txt
Scan type: Full Scan (C:|)
Objects scanned: 99849
Time elapsed: 27 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{e64f0381-0053-4842-b3e5-08f6c4a0aeb6} (Malware.Unknown) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{8b27cc68-110c-46a9-80d3-f3107de6eb98} (Trojan.Adware) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{b7672baf-e9a3-49b6-86b2-c81719a18a4c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREugac (Rogue.PCSecureSystem) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunsysdll (Worm.Autorun) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:WINDOWSsystem32iDlo01 (Trojan.Downloader) -> No action taken.
c:documents and settingsAll UsersApplication DataSalesMon (Rogue.Multiple) -> No action taken.
c:documents and settingsall usersapplication dataSalesMonData (Rogue.Multiple) -> No action taken.
C:Program FilesTemporary (Trojan.Agent) -> No action taken.
C:Program Fileswebsrvx (Trojan.Downloader) -> No action taken.
Files Infected:
c:WINDOWSsystem32pmdsxner.dllbox (Trojan.Vundo.H) -> No action taken.
c:program fileswebsrvxwebsrvx.exe (Trojan.Downloader) -> No action taken.
C:WINDOWSmsmark2.dat (Worm.KoobFace) -> No action taken.
C:WINDOWScookies.ini (Malware.Trace) -> No action taken.
c:documents and settingsadministratorDesktopHelp and Support Center.lnk (Rogue.Link) -> No action taken.
C:WINDOWSTasksMalwareRemovalBot Scheduled Scan.job (Rogue.MalwareRemovalBot) -> No action taken.
c:WINDOWSmstre19.exe (Worm.KoobFace) -> No action taken.
C:WINDOWSf23567.dat (Worm.KoobFace) -> No action taken.
C:WINDOWShim2.dat (Worm.KoobFace) -> No action taken.
c:WINDOWSsonce122688.dat (Worm.KoobFace) -> No action taken.
c:WINDOWSsonce122712.dat (Worm.KoobFace) -> No action taken.
c:WINDOWSsonce122717.dat (Worm.KoobFace) -> No action taken.
c:WINDOWSsonce122739.dat (Worm.KoobFace) -> No action taken.
c:WINDOWSsonce123198.dat (Worm.KoobFace) -> No action taken.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16827 (vista_gdr.090226-1506)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=068be279647cd14b80fe98558aefa00a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-06-03 02:37:37
# local_time=2009-06-02 10:37:37 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=4865 21 83 100 107223188112
# scanned=93378
# found=7
# cleaned=7
# scan_time=4978
C:i386GTDownDE_87.ocx probably a variant of Win32/Adware.Agent application (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:WINDOWSdafdar.exe probably a variant of Win32/TrojanProxy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:WINDOWSsystem32fbosuupd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:WINDOWSsystem32fgggh.bak2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:WINDOWSsystem32fgggh.tmp Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:WINDOWSsystem32noppo.bak2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:WINDOWSsystem32noppo.tmp Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000