After running the scans the first time, I deleted all my System Restore Points and scanned again.
Results for my scans are as follows:
AVG Anti-Spyware:
No reports available. I followed the configuration instructions carefully, but AVG Anti-Spyware would not give me a report for both of the scans I ran.
The first scan found some items and removed them.
The Quarentine Tab under Infections shows the following:
Origin: C:\RECYCLER\NPROTECT\01323838.EXE Infected with: Not-A-Virus.Adware.Comet Risk: Low
Origin: C:\Program Files\Screensavers.com\SSSUninst.exe Infected with: Adware.Generic Risk: Medium
Origin: C:\Program Files\Screensavers.com\ActiveDesktop\bin\ActiveDEsketopExe.exe Infected with: Adware.Generic Risk: Medium
Origin: C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll Infected with: Adware.Minibug Risk: Medium
Origin: C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll Infected with: Adware.Aws Risk Medium
The second scan only found some tracking cookies.
SUPERAntiSpyware Home Edition:
First Scan Results are as follows:
SUPERAntiSpyware Scan Log
Generated 02/01/2008 at 12:29 PM
Application Version : 3.6.1000
Core Rules Database Version : 3393
Trace Rules Database Version: 1385
Scan type : Complete Scan
Total Scan Time : 02:08:25
Memory items scanned : 539
Memory threats detected : 1
Registry items scanned : 7394
Registry threats detected : 56
File items scanned : 100462
File threats detected : 6
Adware.MyWebSearch
C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\4.BIN\MWSSRCAS.DLL
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\TypeLib
C:\PROGRAM FILES\MYWEBSEARCH\BAR\4.BIN\MWSBAR.DLL
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR
HKU\S-1-5-21-2403649493-745764551-3667710827-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-2403649493-745764551-3667710827-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-2403649493-745764551-3667710827-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\4.BIN\MWSOEMON.EXE
C:\WINDOWS\Prefetch\MWSOEMON.EXE-1A0FAB54.pf
Registry Cleaner Trial
HKCR\.03
HKCR\03_auto_file
HKCR\03_auto_file\shell
HKCR\03_auto_file\shell\edit
HKCR\03_auto_file\shell\edit\command
Trojan.Spyware Stormer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}#SystemComponent
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}#Installer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\Contains
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\Contains\Files
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\Contains\Files#C:\WINDOWS\Downloaded Program Files\Install.dll
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\DownloadInformation
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\DownloadInformation#CODEBASE
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\DownloadInformation#INF
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\InstalledVersion
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\InstalledVersion#LastModified
The results for the second scan are as follows:
SUPERAntiSpyware Scan Log
Generated 02/02/2008 at 01:16 AM
Application Version : 3.6.1000
Core Rules Database Version : 3394
Trace Rules Database Version: 1386
Scan type : Complete Scan
Total Scan Time : 01:39:51
Memory items scanned : 364
Memory threats detected : 0
Registry items scanned : 6663
Registry threats detected : 0
File items scanned : 92824
File threats detected : 0
Online - Panda Activescan
The log for the first Scan is as follows:
Incident Status Location
Potentially unwanted tool:Application/ViewPoint Not disinfected C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\zj2b8vj3.default\cookies.txt[.atdmt.com/]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
Virus:Generic Malware Disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3SHLLVW.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
Virus:Generic Malware Disinfected C:\Program Files\WildTangent\Components\wtPropertyBag0200.dll
The results for the second scan are as follows:
Incident Status Location
Potentially unwanted tool:Application/ViewPoint Not disinfected C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3SHLLVW.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
This PC previously had a version of Norton Online Security provided by our ISP.
I read that ESET NOD32 Antivirus used less system resources than Norton so I uninstalled Norton.
After installing ESET NOD32 Antivirus I ran a scan.
The ESET NOd32 Scan log file is as follows:
Scan Log
Version of virus signature database: 2845 (20080202)
Date: 2/2/2008 Time: 10:33:18 AM
Scanned disks, folders and files: C:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\wialog.txt » MIME - is OK (internal scanning not performed)
C:\DELL\Drivers\R56484\WinNT\NMSCFG.SYS » CAB - file is not an archive
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\Mary\ntuser.dat - error opening [4]
C:\Documents and Settings\Mary\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {32B06038-7D21-4D41-AD9B-7D95B6A934C7} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {67ABDDA4-0B9F-453F-858E-AE47FAE9C9D1} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {70E2307D-1AEA-48B7-861C-48E6C1E4BC1C} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {964BE0A3-9C91-4566-9329-532F4559015E} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {BAB9ACF6-4B68-4ABE-B063-133ED08567BA} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {D82BFAFA-CBEE-4F6D-94FC-553C8386DBA1} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {DBF48292-D56E-4AD4-8B21-9B78300867F7} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » backup.db - error - password-protected file
C:\Documents and Settings\Mary\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Drafts.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\E Moyle.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\lydia.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{9EB5DE3A-2F54-427C-91FB-F26B5C7124AE}\Message Store\edhelper_learningpage.imm » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{9EB5DE3A-2F54-427C-91FB-F26B5C7124AE}\Message Store\Inbox.imm » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{9EB5DE3A-2F54-427C-91FB-F26B5C7124AE}\Message Store\rdga-z.imm » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\Mary\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\Mary\Local Settings\Temp\LSInstall.log » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\I386\NMSCFG.SYS » CAB - file is not an archive
C:\I386\COMPDATA\MSMQCOMP.TXT » MIME - is OK (internal scanning not performed)
C:\Program Files\Classic PhoneTools\olregist.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Adobe\ESD\uninst.exe » NSIS - error - unknown compression method
C:\Program Files\Common Files\GST\About\Info\ITALY\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\GST\About\Info\PORTUGAL\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiCL0001.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP10000.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP20000.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiPT0000.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSL0001.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSP0000.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiST0000.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiVP0000.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\INDEX.000 - error opening [4]
C:\Program Files\Hewlett-Packard\hp deskjet assistant\bin\chrome\installed-chrome.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\chandir.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\chandir.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\chn.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\chn.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\D0000000.FCS - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\L0000895.FCS - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_die.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_die.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_dnd.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_dnd.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_ext.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_ext.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_rcv.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_rcv.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\storydb.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\storydb.idx - error opening [4]
C:\Program Files\Logitech\Resource Center\installers\google\en\googltbr.exe » Petite v2.2 - unpack error
C:\Program Files\Logitech\Resource Center\installers\google\en_alt\googltbr.exe » Petite v2.2 - unpack error
C:\Program Files\Logitech\Resource Center\installers\wildtangent\blastrb2.exe » NSIS - bad archive
C:\Program Files\McAfee\McAfee VirusScan\Backups\DatBackup\LICENSE.DAT » MIME - is OK (internal scanning not performed)
C:\Program Files\McAfee\McAfee VirusScan\Backups\DatBackup\MESSAGES.DAT » MIME - is OK (internal scanning not performed)
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » agent_lang_helper.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » agentins.ini - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » agntcons.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » agntinst.htm - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » agntinst.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » agntlang.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » default.htm - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » header.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » HtmlUtil.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » images/bg_left_1x314.gif - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » images/icon_info_16x16.gif - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » images/icon_mcafee_61x61.gif - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » images/icon_progress_checked_13x13.gif - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » images/icon_progress_hot_13x13.gif - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » images/icon_progress_unchecked_13x13.gif - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » InstUtil.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » instwiz.css - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » instxp.css - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » lang_agnt.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » mcccom.lpk - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » pbar.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » setcss.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » SubInfoData.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » vssver.scc - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » agntcons.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » agntlang.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » comctl.lpk - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » config.ini - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » pbar.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » UnInsStr.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » uninst.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » uninstall.htm - incorrect CRC checksum, the file may be damaged
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » vssver.scc - error - password-protected file
C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\browser.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST » MIME - is OK (internal scanning not performed)
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST » MIME - is OK (internal scanning not performed)
C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL - Win32/Toolbar.Morpheus application - cleaned by deleting - quarantined [1]
C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL - Win32/Toolbar.MyWebSearch application - cleaned by deleting - quarantined [1]
C:\Program Files\SBC Yahoo!\Connection Manager\uninst.exe » NSIS - bad archive
C:\Program Files\Shutterfly\Studio\Scripts\mm_db_utils.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\promptTest.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\restore_database.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\save_database_copy.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\image_mod_examples\Blur.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\image_mod_examples\Composite.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\image_mod_examples\Equalize.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\image_mod_examples\set_exif_comment.py » MIME - is OK (internal scanning not performed)
C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe » NSIS - bad archive
C:\Program Files\Yahoo!\browser\Content\LaunchOffline.mht » MIME - is OK (internal scanning not performed)
C:\System Volume Information\catalog.wci\CiCL0001.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiP10000.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiP20000.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiPT0000.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiSL0001.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiSP0000.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiST0000.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiVP0000.000 - error opening [4]
C:\System Volume Information\catalog.wci\INDEX.000 - error opening [4]
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000059.DLL - Win32/Toolbar.Morpheus application - cleaned by deleting - quarantined [1]
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000060.DLL - Win32/Toolbar.MyWebSearch application - cleaned by deleting - quarantined [1]
C:\WINDOWS\SoftwareDistribution\EventCache\{C4FB1955-F144-4C95-9706-130D7FED3921}.bin - error opening [4]
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log - error opening [4]
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SAM - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG - error opening [4]
C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS » CAB - file is not an archive
Number of scanned objects: 280860
Number of threats found: 4
Time of completion: 11:17:15 AM Total scanning time: 2637 sec (00:43:57)
Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.
ESET removed some of MyWebSearch, but it still seems that it has not been completely deleted.
Edited by bisan, 03 February 2008 - 02:59 PM.