The anti virus i have been using (ESET Nod32) had detected olmarik trojan saying its unable to clean it then later i started getting virtual memory too low messages and soon after the memory warning message used to pop up just a few seconds after that i used to get a system shut down message saying "Windows must now restart because the DCOM Server Process Launcher Service terminated unexpectedly."and just after 50 seconds i guess my pc used to restart..i searched for a similar problem on google and some of them advised disabling the timer through run(shutdown -a)..it worked..then disabled it in one more way by typing services.msc in run and later disabling dcom and changing all failures to take no action..now the timer thingy has gone..but my pc speed is same as before(slow)..the xp theme automatically changes to classic..mozilla browser crashes suddenly and i'm quite sure these strange things are happening due to trojan..any pc guRu out there..please guide me..i'll be really thankful

Hi Princess,

Welcome to PCHF. I'm Crush the PCHF Security Team Leader and I'll be helping you to remove your Malware. Before we begin there aree some things that you should know:

1. We are all volunteer staff here at PCHF so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Please do not run any tools or fixes unless asked to do so by myself or a member of the Security Team

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous. PCHF does not assume any responsibility for users that decide to do so

6. If you have any questions or issues please stop and ask! We are all here to help.

With that out of the way:

Please review the Prework link in my signature. This will guide you through the tried and tested method for Malware Removal devised here at PCHF. Once you have read the thread, and all the threads linked from it please download and run the requested programs and post the generated logfiles back here for review

el0 again chriS

I have a 32-bit Operating system and Here are the DDS and Security Check logs along with the Rootrepeal and attach.txt attachments.


DDS (Ver_09-10-13.01) - NTFSx86
Run by simz at 15:45:08.34 on Tue 10/13/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_01
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============


============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*Yahoo!
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*Yahoo!
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: XBTBPos00 Class: {bbbe1c1a-89f7-4af6-abd1-f8fbcfa47408} - c:\progra~1\rediff~2\tbu23\REDIFF~1.DLL
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: {12F02779-6D88-4958-8AD3-83C12D86ADC7} - No File
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [NWEReboot]
mRun: [hpfsched] c:\windows\hpfsched.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\run goo~1.lnk - c:\program files\google\web accelerator\GoogleWebAccWarden.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\win dow~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hell\start menu\programs\imvu\Run IMVU.lnk
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: {2F9AE863-22DC-43E9-A166-9611145E5458} = 192.168.254.254
AppInit_DLLs: ,c:\docume~1\hell\locals~1\temp\53137kou.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\simz\applic~1\mozilla\firefox\profiles \l9si54vn.default\
FF - prefs.js: network.proxy.http - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\real\realplayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera7\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera7\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera7\program\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\opera7\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera7\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera7\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\opera7\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\opera7\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


============== File Associations ===============

scrfile="%1" /S "%3"

=============== Created Last 30 ================

2009-10-13 02:56 190 a------- c:\windows\PCHF_sysSpec.INI
2009-10-12 17:09 <DIR> --d----- c:\documents and settings\simz
2009-10-07 05:23 <DIR> --d----- c:\program files\common files\Stardock
2009-10-07 05:23 <DIR> --d----- c:\program files\Stardock
2009-10-07 03:35 <DIR> --d----- c:\program files\common files\SWF Studio
2009-09-23 03:29 <DIR> --d----- c:\windows\system32\XPSViewer
2009-09-23 03:26 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-09-23 03:26 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2009-09-23 03:26 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-23 03:26 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2009-09-23 03:26 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-09-23 03:26 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-09-23 03:26 117,760 -------- c:\windows\system32\prntvpt.dll
2009-09-23 03:13 <DIR> --d----- c:\program files\MSXML 6.0
2009-09-22 18:16 <DIR> --d----- c:\program files\ESET
2009-09-22 08:36 208,744 a------- c:\windows\system32\muweb.dll
2009-09-22 08:36 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-09-22 08:36 268,648 a------- c:\windows\system32\mucltui.dll
2009-09-21 10:12 54,752 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-09-21 09:48 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-09-21 09:48 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-09-21 09:42 <DIR> --d----- c:\program files\Microsoft
2009-09-21 09:42 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-09-21 09:01 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-08-13 00:54 499,712 a------- c:\windows\system32\msvcp71.dll
2009-08-13 00:54 348,160 a------- c:\windows\system32\msvcr71.dll
2009-08-05 13:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-17 22:55 58,880 a------- c:\windows\system32\atl.dll
2006-09-01 20:13 32 a----r-- c:\documents and settings\all users\hash.dat

============= FINISH: 15:47:15.28 ===============


Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
ESET NOD32 Antivirus
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 10
Adobe Reader 8.1.1
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

Hi Princess,

Is this PC connected to the internet? Are you running the scans in Normal Mode?

The reason I ask is because I see no running processes in the DDS log which is odd.

In any event, We need to update your version of Adobe Reader. Older versions are susceptible to attack.

Please go here and get the latest version
=========================


Please download Malwarebytes' Anti-Malware from one of these places:

https://www.cleverbridge.com/342/coo...%3ddl-10804572

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, navigate to the Update tab and click Check For Updates. It will then download the latest updates for you
* Now navigate back to the Scan tab
* Select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

yupz the internet was connected(the speed was quite normal) and i was running the scans in normal mode..i ran securitycheck again and the scan result was same..as for the adobe reader i visited the link you posted..selected the download option and then when an another page appeared for downloading..there was a pop up which wasnt allowing firefox to install adobe reader but there was an option to allow so i allowed..it started downloading and when i guess it was almost done and adobe download manager came up..while it was installing got a "getplus operating system error"(without quotes) so it dint get fully installed right?(though the ad0be updated thingy appeared as 1 new add on saying it will restart firefox for it to take effect)..next i wasnt sure if its installed..tried removing adobe download manager through add / remove programs but it couldnt be removed..left that and went on to the adobe download page again and this time tried installing it through "Thank you. Your download will start automatically.
If it does not start,click here to download."..so now the final thing had almost got fully installed when windows installer opened up and gave a message something like "The Windows Installer Service could not be accessed. This can occur if you
are running Windows in safe mode, or if the Windows installer is not
correctly installed. Contact your support personnel for assistance." so the adobe reader installation wasnt successful even this time:o( and cuz this step cudnt be a success as you said 0lder versions are susceptible to attack dint feel like moving on to the Malwarebytes step..sh0uld i pr0ceed with the malwarebytes step or do i need to properly install updated adobe reader first?

Princess,

Yes. Please move on to MBAM and then try going back and reinstalling Adobe.

hea is the MBAM rep0rT

Malwarebytes' Anti-Malware 1.41
Database version: 2962
Windows 5.1.2600 Service Pack 2

10/15/2009 12:28:08 AM
mbam-log-2009-10-15 (00-28-08).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 145986
Time elapsed: 58 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 199

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xbtb00001.ietoolbar (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb00001.ietoolbar.1 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\hpfsched (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\budyicon (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\SiMS\Start Menu\Programs\WhenU (Adware.WhenU) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\hpfsched.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxmxtnbpskiq.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxnictoincyu.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxqdsvhviuyp.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxqftimrpype.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxqyehwrmcbb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxrchwenentx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxritvpyxuwo.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxserxtftkbc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxtbvfucbcsn.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxtcmdxbndto.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxvnbkqqpfqj.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxvpeqqoixab.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxwhosqipjxy.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxxaitbvospg.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxybtetbdrip.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxypcycooppe.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxyqdcdtiqom.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxesecvfwxbd.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxevoqhorcio.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxevqafhwmqb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxfmqjinnyvy.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxipufhbaony.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxjwmcrpfqrp.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxkoisvvnfti.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxkseexmxvpf.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\rotscxmaworvbrni.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rotscxmnetdecf.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxqtnklvkb.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxsmbavghx.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\rotscxcyfpylqiee.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxcyxetbdmek.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxdipoqhemca.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxdjbirxdstv.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxdkokpckrqs.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxdmorifaent.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxdnfvrpxtam.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxdnqehvwfdx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxdqmuajvjkg.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxdwxkbcswbv.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxeispiuwivt.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxelvxhaisnb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxeompdcrqid.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxesteisfwkh.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxetnvstcvee.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxevpeimksmc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxfcgoivside.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxftierdwtea.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxfxcdivsivp.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxfxnevgextp.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxfyimxcpmoc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxghmntibchq.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxgjgjpoposp.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxgqfvbvtpds.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxhxuuvxfycj.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxibirpprxou.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxigvbykbexn.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscximiuhaelkx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxisvhiuklra.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxcxfooynsvs.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxitexstinnb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxobqmgibivb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpvnmxvpyfw.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxrptdqlwmiw.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxusvdpouhxr.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpxgtdyvcvs.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpypmkqwdkh.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxqbwtixtbvg.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxqdnprpolnm.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxqfywhokvpe.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxqhradcdbwu.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxqjixvsppof.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxqnohaokocb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxqqcnlqbvpe.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxqvreqpnlto.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxqwqwmlbpxi.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxrebemvrapq.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxrecvriuvrx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxrlrnmspmbh.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxrnsetuijwm.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxodfvtitueq.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxojclnpptjp.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxoqghdunqbt.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxoricwxvnyr.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxoufjwmdtpw.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxoxutijymap.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpdcyarvomx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpdtldpkpkv.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpepccqeege.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpfflophoix.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpfhqfpyrnn.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpfhxfvnsen.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpgaftabefn.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpihksgtrah.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpjyfvnvwqq.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpouftvrpcc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpowqtrebqh.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxppuxqenxbv.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxprpfdxvcpx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpuoyvnfyxa.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxpvbpxfwfdb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxutioettynx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxuypcbhnyln.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxuyyxdqrpuj.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxvbimkcrvpp.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxvihbesevpw.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxvkpyymdexq.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxvliqwecvfu.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxvroldjaqeo.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxvsbccpjwbx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxvsegusspko.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxvtaepyxxcc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxvtpelwhxws.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxvtvspikpmg.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxwbwwoosovc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxwdoeilupab.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxwettgxpnqv.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxwnhkwfnvij.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxwosydwfpfv.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxwxacpiporn.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxxewmehtxno.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxxpbvpesvmb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxxtksmqbvti.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxxvspinlprx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxxxfbdrjqwe.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxxybqpxhclv.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxyjnkltnfeb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxymbcrjqvrv.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxymcqfspeqj.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxyqxoqhekix.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxytvrhpyqtb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxjixdmvrfns.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxjqiksmdqds.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxjyjgmundbt.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxkbcrtycpau.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxkivrdhdivx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxkwhqftmgwk.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxkymcxbqsyq.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxldbkgrsshc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxljmxomeosv.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxlyexnkiniv.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxmcigvhcfxs.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxmdudfkinln.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxmircgttxrn.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxmitcceofry.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxmkdmqafueo.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxmqatvprbsm.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxmqcitrxcyr.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxmulbtuxhvk.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxmyipnuiseb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxnapjrsotcr.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxnftobxphnr.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxnhmfqjdtaq.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxnmspfyfuyc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxnovssrdoqu.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxnqvlpteixf.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxajtsqmhvyl.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxbidmcthbny.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxbmpjiritxq.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxbqpnsrmcqs.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxbutteesvbq.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxbvtkpyrtcb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxbwqluiwenv.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxcboqbduegs.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxcchqoipoxy.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxcepufnlqie.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxcgbqvcivrc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxcikbbqhmpm.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxcsarelobkb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxrwmuvtsdwo.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxrxiiyqxnqp.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxsbmhibahqu.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxsbqyaffiqp.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxsexncberis.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxsmqopujspl.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxstiwqvtkos.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxtapqjxkerd.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxtecbchnmqe.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxtioyicnxdn.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxtrimhipgyb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxtueobvxyln.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxudpfvjcfyg.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxulnsmtxcvu.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rotscxuoxkoncbfm.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\002D22A0.u rr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\010CAAFD.u rr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\budyicon\fwpbuddy.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\SiMS\Start Menu\Programs\WhenU\Customer Support.lnk (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Documents and Settings\SiMS\Start Menu\Programs\WhenU\Learn More About WhenU Save.url (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Documents and Settings\SiMS\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Documents and Settings\SiMS\Start Menu\Programs\WhenU\Uninstall Instructions.lnk (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Documents and Settings\SiMS\Start Menu\Programs\WhenU\WhenU.com Website.url (Adware.WhenU) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rotscxgnxicuse.dat (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxuxnqvppj.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxwrbdhevt.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxxdecriyl.dat (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\rotscxpimfooba.sys (Rootkit.TDSS) -> Delete on reboot.

=========================

and tried installing adobe reader again but the same problem occured which i mentioned before