Hi there Mealbert,

Are these PC's on a business network? Additionally, let's deal with one PC at a time. Would you mind providing the logs from the programs you have already run?

Also, please review the Prework link in my signature. This will prepare your PC for the disinfection process. If there are indeed multiple PC's with this issue we'll go through them one at a time.

The computers are on a personal network and it is only ONE computer that is affected. I will try the prework and post the results as well as the results off the scans.

I have attached the RootRepeal report to this post. I will run the DDS next.
I look forward to any insight you have on this issue.

Thanks again,
Mark

Here are the DDS results: (Note SecurityCheck results are at the bottom)

DDS.txt


DDS (Ver_09-09-29.01) - NTFSx86
Run by mark at 15:51:54.37 on Fri 10/23/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2304 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windo ws\system32\drivers\smss.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ter8m] RUNDLL32.EXE c:\windows\system32\msxm192z.dll,w
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\www
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {E0396C95-D525-4A08-BA22-0A6799D4AE8C} = 68.87.69.150
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles \dfgk3dgq.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\compone nts\xpavgtbapi.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\ avgrkx86.sys [2009-10-3 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-22 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-3 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-3 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-3 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-10-3 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-3 297752]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 34816]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1170768]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxco ms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-5-15 935208]
S1 fc4a862;fc4a862;c:\windows\system32\drivers\fc4a86 2.sys [2009-10-3 0]
S2 fastnetsrv;fastnetsrv Service;c:\windows\system32\fastnetsrv.exe --> c:\windows\system32\FastNetSrv.exe [?]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectServ ice;c:\windows\system32\spool\drivers\w32x86\3\lxd xserv.exe [2009-10-23 98984]
S3 isasdk;isasdk;c:\windows\system32\isasdk.sys [2008-4-14 2304]
UnknownUnknown rootrepeal;rootrepeal; [x]

=============== Created Last 30 ================

2009-10-23 15:01 569,344 a------- c:\windows\system32\tmp9E.tmp
2009-10-23 15:00 40,960 a------- c:\windows\system32\lxdxvs.dll
2009-10-23 15:00 360,448 a------- c:\windows\system32\lxdxcoin.dll
2009-10-23 15:00 60,996 a------- c:\windows\system32\lxdxprpr.chm
2009-10-23 14:59 <DIR> --d----- c:\program files\Lexmark 3600-4600 Series
2009-10-23 10:38 15,688 a------- c:\windows\system32\lsdelete.exe
2009-10-23 00:01 15,793 a------- c:\windows\system32\t1p0_137616269215.b1k
2009-10-22 20:52 64,288 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-22 20:48 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-22 20:46 <DIR> --d----- c:\program files\Lavasoft
2009-10-22 20:46 61,810 a------- c:\windows\regedit.exe.bpa
2009-10-22 20:25 149 a------- c:\windows\wininit.ini
2009-10-22 19:51 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-22 19:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-22 19:43 <DIR> --d----- c:\program files\Microsoft Web Designer Tools
2009-10-22 19:41 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2009-10-22 19:41 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-10-22 19:41 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-10-22 19:41 <DIR> --d----- c:\program files\Microsoft Expression
2009-10-22 19:41 <DIR> --d----- c:\program files\Microsoft Device Emulator
2009-10-22 19:41 <DIR> --d----- c:\program files\Easy Undelete
2009-10-22 19:41 <DIR> --d----- c:\program files\DDR
2009-10-22 19:40 <DIR> --d----- c:\program files\Collectorz.com
2009-10-22 19:40 <DIR> --d----- c:\program files\Canon
2009-10-22 19:40 <DIR> --d----- c:\program files\Skype
2009-10-22 19:40 <DIR> --d----- c:\program files\Nvu
2009-10-22 19:36 <DIR> --d----- C:\tomcat
2009-10-22 19:36 <DIR> --d----- c:\temp\3marestore
2009-10-22 19:36 <DIR> --d----- c:\temp\Lost Files
2009-10-22 19:36 <DIR> --d----- C:\temp
2009-10-22 19:36 <DIR> --d----- C:\MySQL Server 5.0
2009-10-22 19:36 <DIR> --d----- C:\jre1.5.0_10
2009-10-22 19:35 <DIR> --d----- C:\jdk1.5.0_10
2009-10-22 19:35 <DIR> --d----- C:\eclipse
2009-10-22 19:35 <DIR> --d----- C:\TOMCAT1
2009-10-21 19:06 237,568 a------- c:\windows\system32\5335459.exe
2009-10-21 19:06 828 a------- c:\windows\system32\8986018.exe
2009-10-21 19:05 0 a------- c:\windows\ativpsrm.bin
2009-10-17 16:49 <DIR> --d----- c:\program files\Steam
2009-10-17 08:04 614,400 -------- c:\windows\system32\ati2sgag.exe
2009-10-17 08:03 <DIR> --d----- C:\ATI
2009-10-17 07:50 <DIR> --d----- c:\windows\system32\xlive
2009-10-17 07:50 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-10-17 07:47 <DIR> --d----- c:\windows\Logs
2009-10-12 11:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lexmark 3600-4600 Series
2009-10-12 11:12 <DIR> --d----- c:\documents and settings\all users\lx_cats
2009-10-12 11:11 <DIR> --d----- C:\logs
2009-10-12 11:10 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-10-12 11:10 87,040 a------- c:\windows\system32\wiafbdrv.dll
2009-10-12 11:09 <DIR> --d----- c:\program files\Lexmark Toolbar
2009-10-12 11:08 <DIR> --d----- C:\drivers
2009-10-10 08:57 <DIR> --d----- c:\docume~1\mark\applic~1\Malwarebytes
2009-10-10 08:57 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-10 08:57 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-10 08:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-09 20:47 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-10-07 15:27 151,040 a------- c:\windows\sv3.exe
2009-10-07 15:25 89,600 a------- c:\windows\system32\29E.tmp
2009-10-07 15:25 48 a------- c:\windows\system32\29D.tmp
2009-10-04 11:08 14,048 -------- c:\windows\system32\spmsg2.dll
2009-10-04 09:52 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-10-03 11:05 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-03 11:05 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-10-03 11:05 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-03 11:05 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-03 11:05 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-03 11:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-10-03 11:05 <DIR> --d----- c:\program files\AVG
2009-10-03 11:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-10-03 10:54 376 a------- c:\windows\ODBC.INI
2009-10-03 10:47 <DIR> --d----- c:\windows\ShellNew
2009-10-03 10:28 <DIR> --d----- c:\docume~1\mark\applic~1\AVG8
2009-10-03 09:56 0 a------- c:\windows\system32\drivers\fc4a862.sys
2009-10-03 09:55 883,712 a------- c:\windows\isvchost.exe
2009-10-03 09:55 0 a------- c:\windows\system32\1EA.tmp
2009-10-03 09:55 89,600 a------- c:\windows\system32\1E9.tmp
2009-10-03 09:55 52 a------- c:\windows\system32\1E8.tmp
2009-10-03 09:55 0 a------- c:\windows\SC.INS
2009-10-03 01:57 69 a------- c:\windows\NeroDigital.ini
2009-10-03 01:55 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-03 01:47 4,767 a------- c:\windows\Irremote.ini
2009-10-03 01:34 <DIR> --d----- c:\program files\Nero
2009-10-03 01:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-10-03 01:07 <DIR> --d----- c:\program files\Super_DVD_Creator_9.8
2009-10-03 01:07 <DIR> --d----- c:\windows\system32\appmgmt
2009-10-03 00:54 <DIR> --d----- c:\docume~1\mark\applic~1\Leawo
2009-10-03 00:42 <DIR> --d----- c:\docume~1\mark\applic~1\DVD Flick
2009-10-03 00:42 1,081,616 a------- c:\windows\system32\mscomctl.ocx
2009-10-03 00:42 662,288 a------- c:\windows\system32\mscomct2.ocx
2009-10-03 00:42 212,240 a------- c:\windows\system32\richtx32.ocx
2009-10-03 00:42 81,920 a------- c:\windows\system32\mbmouse.ocx
2009-10-03 00:42 36,864 a------- c:\windows\system32\trayicon.ocx
2009-09-30 03:10 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-29 03:03 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-09-29 03:03 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-09-29 03:01 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-09-29 03:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-09-29 03:00 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-09-29 03:00 <DIR> --d-h--- c:\windows\$hf_mig$
2009-09-28 17:44 <DIR> --d----- c:\docume~1\mark\applic~1\ICAClient
2009-09-28 17:44 <DIR> --d----- c:\program files\Citrix
2009-09-28 17:42 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-09-28 17:40 <DIR> --d----- c:\program files\ATI Technologies
2009-09-28 17:36 5 a------- c:\windows\system32\drivers\DELL_DIM_8400.MRK
2009-09-28 17:36 5 a------- c:\windows\system32\drivers\1028_DELL_DIM_8400.MRK
2009-09-28 17:33 <DIR> --d----- c:\program files\Analog Devices
2009-09-28 17:32 260,352 a------- c:\windows\system32\drivers\smwdm.sys
2009-09-28 17:32 765,952 a------- c:\windows\system\crlds3d.dll
2009-09-28 17:32 732,928 a------- c:\windows\system32\drivers\senfilt.sys
2009-09-28 17:32 311,296 a------- c:\windows\system32\Edcrypt.dll
2009-09-28 17:32 23,040 a------- c:\windows\system32\PostProc.dll
2009-09-28 17:29 <DIR> --ds---- c:\documents and settings\mark\UserData
2009-09-28 17:26 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-09-28 17:26 <DIR> --d----- c:\program files\Broadcom
2009-09-28 17:24 <DIR> --d----- C:\Dell
2009-09-24 19:19 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-09-24 19:19 499,712 a------- c:\windows\system32\msvcp71.dll
2009-09-24 19:19 348,160 a------- c:\windows\system32\msvcr71.dll

==================== Find3M ====================

2009-10-09 20:47 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-09-17 21:24 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-17 20:03 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 21:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 21:37 81,920 a------- c:\windows\system32\fontsub.dll

============= FINISH: 15:53:23.96 ===============



And here is the SecurityCheck results:
Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 8.5
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Out of date HijackThis installed!
Spybot - Search & Destroy
HijackThis 1.99.1
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Hi Mealbert,

I see some issues in the DDS log so, let's investigate further



Please download Malwarebytes' Anti-Malware from one of these places:

https://www.cleverbridge.com/342/coo...%3ddl-10804572

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, navigate to the Update tab and click Check For Updates. It will then download the latest updates for you
* Now navigate back to the Scan tab
* Select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Ok, here is the malwarebytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/23/2009 4:55:45 PM
mbam-log-2009-10-23 (16-55-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 307128
Time elapsed: 34 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 8
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\ter8m (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstIn stallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateN ew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\syste m32\drivers\smss.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QNUF6QJA\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\t1p0_137616269215.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.