Here are the logs:
-----------------Spybot Search and Destroy 1.6.2.46 Log----------------
--- Report generated: 2011-06-23 23:32 ---
CouponBar: [SBI $EFE6495E] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
CouponBar: [SBI $CB95FB49] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
CouponBar: [SBI $51FE8B2E] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1
CouponBar: [SBI $51FE8B2E] Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
CouponBar: [SBI $7A5ACBCB] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}
CouponBar: [SBI $7B15781E] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}
CouponBar: [SBI $E3788A7B] Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}
Fraud.AntiMalwares: [SBI $C1242A60] Autorun settings (braviax) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax
Fraud.DefenseCenter: [SBI $8B9C68F8] Settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Fraud.DefenseCenter: [SBI $8B9C68F8] Settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Fraud.DefenseCenter: [SBI $400D394B] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Fraud.InternetSecurity2011: [SBI $F7DAA6B2] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command\
Fraud.PCAntispyware2010: [SBI $8674B16C] Program directory (Directory, fixed)
C:\Program Files\PC_Antispyware2010\
Fraud.PCAntispyware2010: [SBI $1CBFAD7B] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010
Fraud.PCAntispyware2010: [SBI $607F92D2] Data (File, fixed)
C:\Program Files\PC_Antispyware2010\htmlayout.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.PCAntispyware2010: [SBI $807C453F] Data (File, fixed)
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.PCAntispyware2010: [SBI $CDE3A67C] Data (File, fixed)
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.PCAntispyware2010: [SBI $25714D3B] Program directory (Directory, fixed)
C:\Program Files\PC_Antispyware2010\data\
Fraud.PCAntispyware2010: [SBI $0F76B3F2] Data (File, fixed)
C:\Program Files\PC_Antispyware2010\data\daily.cvd
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.InternetSecurity2011: [SBI $C021A337] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Firefox.EXE\shell\open\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\boi.exe" -a...
Fraud.InternetSecurity2011: [SBI $3F1FA92F] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Firefox.EXE\shell\safemode\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\boi.exe" -a...
Fraud.InternetSecurity2011: [SBI $2A617167] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\boi.exe" -a...
Fraud.InternetSecurity2011: [SBI $E57DC831] User settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Classes\.exe\shell\open\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\bdf.exe" -a "%1" %*...
Fraud.InternetSecurity2011: [SBI $E57DC831] User settings (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Classes\.exe\shell\open\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\bdf.exe" -a "%1" %*...
Fraud.InternetSecurity2011: [SBI $8D38ECE3] User settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Classes\exefile\shell\open\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\bdf.exe" -a "%1" %*...
Fraud.InternetSecurity2011: [SBI $8D38ECE3] User settings (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Classes\exefile\shell\open\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\bdf.exe" -a "%1" %*...
Fraud.InternetSecurity2011: [SBI $9CCE589D] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Classes\.exe\shell\open\command\
Fraud.InternetSecurity2011: [SBI $9CCE589D] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Classes\.exe\shell\open\command\
Fraud.InternetSecurity2011: [SBI $F153D38E] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Classes\exefile\shell\open\command\
Fraud.InternetSecurity2011: [SBI $F153D38E] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Classes\exefile\shell\open\command\
Fraud.InternetSecurity2011: [SBI $92D135B6] User settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
Fraud.InternetSecurity2011: [SBI $8D9E5DA2] User settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
Fraud.InternetSecurity2011: [SBI $5AEDDF0A] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $758FB1E3] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions
Fraud.InternetSecurity2011: [SBI $CDC1B6A2] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $76913945] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $5814B995] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $7776D77C] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions
Fraud.InternetSecurity2011: [SBI $D802F795] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $24996904] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $F16F6CE5] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $DE0D020C] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions
Fraud.InternetSecurity2011: [SBI $6D4031BB] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $FD1F9FD2] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $378CD8D9] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
Fraud.InternetSecurity2011: [SBI $9EDDC71B] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
Fraud.InternetSecurity2011: [SBI $BF76AFF0] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
Fraud.InternetSecurity2011: [SBI $EE344D69] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride
Fraud.InternetSecurity2011: [SBI $7D8AC3AB] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
Fraud.InternetSecurity2011: [SBI $07CC9A4D] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $953CC77A] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $61C84F7D] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $04E0038B] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $F5EC9C27] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $7DE0D860] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $75AFFB3E] Executable (File, fixed)
C:\Documents and Settings\NetworkService\Local Settings\Application Data\adv.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.WindowsRecovery: [SBI $2B978A00] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper
Fraud.WindowsRecovery: [SBI $2B978A00] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper
Fraud.WindowsRecovery: [SBI $12304834] User settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes=.../{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:...
Fraud.WindowsRecovery: [SBI $12304834] User settings (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes=.../{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:...
Fraud.WindowsRecovery: [SBI $D041D1D8] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop
Fraud.WindowsRecovery: [SBI $D041D1D8] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop
Fraud.WindowsRecovery: [SBI $472FA608] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
Fraud.WindowsRecovery: [SBI $472FA608] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
Fraud.WindowsRecovery: [SBI $84E25D2B] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-500\Software\Microsoft\Internet Explorer\Main\Check_Associations
Fraud.WindowsRecovery: [SBI $9C28881C] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
Fraud.WindowsRecovery: [SBI $9C28881C] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
Fraud.WindowsRecovery: [SBI $9C28881C] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
Fraud.WindowsRecovery: [SBI $422DAA64] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
Fraud.WindowsRecovery: [SBI $422DAA64] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
Fraud.WindowsRecovery: [SBI $99A8C3F7] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr
Fraud.WindowsRecovery: [SBI $30953CB0] Autorun settings (MIEVkbROiwOsxhm) (Registry value, fixed)
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MIEVkbROiwOsxhm
Fraud.WindowsRecovery: [SBI $30953CB0] Program file (File, fixed)
C:\Documents and Settings\All Users\Application Data\MIEVkbROiwOsxhm.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.WindowsRecovery: [SBI $30953CB0] Autorun settings (MIEVkbROiwOsxhm) (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MIEVkbROiwOsxhm
Fraud.WindowsRecovery: [SBI $3FB6B9E5] Executable (File, fixed)
C:\Documents and Settings\All Users\Application Data\17751844.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.WindowsRecovery: [SBI $03AC88CD] Data (File, fixed)
C:\Documents and Settings\All Users\Application Data\~17751844
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.WindowsRecovery: [SBI $FEF5094A] Data (File, fixed)
C:\Documents and Settings\All Users\Application Data\~17751844r
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.WindowsRecovery: [SBI $752F7006] Data (File, fixed)
C:\Documents and Settings\All Users\Application Data\17751844
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.WindowsRecovery: [SBI $9C8FE954] Settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\75fa38b7-8b94-4995-ad32-52e938867954
Fraud.WindowsRecovery: [SBI $9C8FE954] Settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\Software\75fa38b7-8b94-4995-ad32-52e938867954
Fraud.WindowsRecovery: [SBI $597FC39E] Settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\BD
Fraud.WindowsRecovery: [SBI $597FC39E] Settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\Software\BD
Win32.Muollo: [SBI $CA7F4F5E] Autorun settings ({F0CDBEBB-8C50-3DE4-5A89-98D993722185}) (Registry value, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F0CDBEBB-8C50-3DE4-5A89-98D993722185}
Win32.Muollo: [SBI $CA7F4F5E] Autorun settings ({F0CDBEBB-8C50-3DE4-63CA-7E55AA31C709}) (Registry value, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F0CDBEBB-8C50-3DE4-63CA-7E55AA31C709}
Win32.Muollo: [SBI $CA7F4F5E] Autorun settings ({F0CDBEBB-8C50-3DE4-06AD-C2EDCF567BB1}) (Registry value, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F0CDBEBB-8C50-3DE4-06AD-C2EDCF567BB1}
Win32.Muollo: [SBI $CA7F4F5E] Autorun settings ({F0CDBEBB-8C50-3DE4-CFEA-B8E5061101B9}) (Registry value, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F0CDBEBB-8C50-3DE4-CFEA-B8E5061101B9}
Win32.Muollo: [SBI $CA7F4F5E] Program file (File, fixed)
C:\Documents and Settings\Mishayla Hawkins\Application Data\Yzlel\orre.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.Muollo: [SBI $CA7F4F5E] Autorun settings ({AE74ADF8-B252-164C-AF1C-D20C68FC2CA2}) (Registry value, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{AE74ADF8-B252-164C-AF1C-D20C68FC2CA2}
Win32.Muollo: [SBI $CA7F4F5E] Program file (File, fixed)
C:\Documents and Settings\Mishayla Hawkins\Application Data\Irohah\tyek.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.Muollo: [SBI $51A4B09C] Program directory (Directory, fixed)
C:\Documents and Settings\Mishayla Hawkins\Application Data\Irohah\
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-06-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-06-21 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-06-22 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-06-20 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-06-20 Includes\TrojansC-04.sbi (*)
2011-06-21 Includes\TrojansC-05.sbi (*)
2011-06-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
-----------------MBAM log, initial scan.------------------
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6705
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18372
6/25/2011 1:20:29 PM
mbam-log-2011-06-25 (13-20-29).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 329371
Time elapsed: 2 hour(s), 31 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 46
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC_Antispyware2010 (Rogue.PCAntispyware2010) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\documents and settings\Owner\start menu\Programs\pc_antispyware2010 (Rogue.PCAntispyware2010) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\administrator.your-8f49424569\start menu\Programs\Startup\azbua.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator.your-8f49424569\start menu\Programs\Startup\pauc.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\default user\start menu\Programs\Startup\pauc.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\guest.your-8f49424569\my documents\downloads\video(2).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\guest.your-8f49424569\my documents\downloads\video.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\3uc0woaj.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\igjrx8bw.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\l9kljrc6.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\mqtxz4e1.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\o0qsue+b.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\okorvoqq.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\p7ufopqm.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\rxcmhkaj.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\zqhuhbl4.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\start menu\Programs\Startup\zameo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Timeless\start menu\Programs\Startup\pauc.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP640\A0275387.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP640\A0275408.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP640\A0279408.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP640\A0279418.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP641\A0282431.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP641\A0282435.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP647\A0324562.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP648\A0328569.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP648\A0328570.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP648\A0329569.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP649\A0331574.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397567.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397747.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397755.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397756.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397757.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397758.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397759.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0397794.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0397795.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0397796.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\8C.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache2704934489226644016.tmp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache2855927186862743232.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache5838048637473941343.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache7709483439375593844.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache8146231466414622232.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache8735218653255109572.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache8859558935543392131.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\0.2293010354332108.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
--------MBAM secondary Scan------------
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6949
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18372
6/26/2011 5:47:58 PM
mbam-log-2011-06-26 (17-47-58).txt
Scan type: Full scan (C:\|)
Objects scanned: 330390
Time elapsed: 5 hour(s), 28 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cK10600IcFlG10600 (Trojan.FakeAlert) -> Value: cK10600IcFlG10600 -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\all users\application data\ck10600icflg10600\ck10600icflg10600.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\0.9845039334786351.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\application data\Sun\Java\deployment\cache\6.0\29\6591739d-39ee5e0d (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0396563.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0400790.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0400791.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0400792.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0400793.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0400794.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache8998206600556023454.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
----OTL Log-----------
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs