Solved Please Analyze Scans for viruses

[Resolved] Please Analyze Scans for viruses

Was downloading today from a "protected" site when a page of **** flashed up in my download. I ran Malwarebytes and it showed 13 infected files which were removed. I ran a DSS scan and a Kaspersky scan that I would like some one to to take a look at. Deckard's System Scanner v20071014.68
Run by Dell on 2008-09-08 15:40:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dell.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:25 PM, on 9/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\MostFun\Bin\MostFun.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Dell\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dell.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://browser.cdn.aol.com/ie7custom/welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {6E9E728B-F36D-4661-B24F-015B153F4038} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE "
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Treasure%20Masters,%20Inc/Images/stg_drm.ocx
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Treasure%20Masters,%20Inc/Images/armhelper.ocx
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9228 bytes

-- Files created between 2008-08-08 and 2008-09-08 -----------------------------

2008-09-08 11:48:34 0 d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-09-08 11:29:30 0 d-------- C:\Program Files\Freeze.com Toolbar
2008-09-08 11:18:47 0 d-------- C:\Program Files\My Downloaded Games
2008-09-08 11:18:47 0 d-------- C:\Program Files\BoontyGames
2008-09-07 10:31:37 0 --a------ C:\Program Files\temp01
2008-09-06 14:42:18 0 d-------- C:\Documents and Settings\Dell\Application Data\Sonic
2008-09-06 14:42:13 0 d-------- C:\Documents and Settings\Dell\Application Data\Leadertech
2008-09-06 12:20:16 0 d-------- C:\Program Files\Escape the Museum
2008-09-06 04:49:16 0 d-------- C:\games
2008-09-05 22:23:25 0 d-------- C:\Documents and Settings\Dell\Saved Games
2008-09-05 22:23:25 0 d-------- C:\Documents and Settings\Dell\Application Data\FloodLightGames
2008-09-05 21:21:23 0 d-------- C:\Program Files\LeeGTs Games
2008-09-05 20:53:38 0 d-------- C:\Documents and Settings\Dell\Application Data\SpinTop
2008-09-05 08:29:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Christmasville
2008-09-04 21:08:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2008-09-04 04:08:22 0 d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
2008-09-03 15:36:42 0 d-------- C:\Documents and Settings\Dell\Application Data\ErrorSmart
2008-08-31 21:52:13 0 d-------- C:\Documents and Settings\Dell\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-08-31 15:22:25 0 d-------- C:\Documents and Settings\Dell\Application Data\cerasus.media
2008-08-31 07:02:10 0 d-------- C:\Documents and Settings\Savannah\Application Data\McAfee
2008-08-31 07:01:59 0 d-------- C:\Documents and Settings\Savannah\Application Data\Real
2008-08-30 20:15:51 0 d-------- C:\Documents and Settings\Dee\Application Data\Real
2008-08-27 17:11:24 0 d-------- C:\Documents and Settings\Teva\Application Data\AOL
2008-08-27 13:30:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Awem
2008-08-26 22:00:07 0 d-------- C:\Documents and Settings\Ted\Application Data\Real
2008-08-26 13:42:52 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-08-26 11:52:11 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-25 13:24:40 0 d-------- C:\Documents and Settings\Dell\Application Data\FlowPlay
2008-08-25 05:31:27 0 d-------- C:\Program Files\Common Files\xing shared
2008-08-25 05:30:57 0 d-------- C:\Documents and Settings\Dell\Application Data\Real
2008-08-24 13:05:52 0 d-------- C:\WINDOWS\Speeditup Free
2008-08-23 04:43:00 0 d-------- C:\Documents and Settings\Dell\Application Data\Friday's games
2008-08-23 03:58:08 0 d-------- C:\Documents and Settings\Dell\Application Data\URSE Games
2008-08-22 21:16:43 0 d-------- C:\Documents and Settings\Amanda\Application Data\AOL
2008-08-22 21:16:35 0 d-------- C:\Documents and Settings\Amanda\Application Data\Macromedia
2008-08-22 21:16:27 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-08-20 15:04:44 0 d---s---- C:\Documents and Settings\Dell\UserData
2008-08-19 06:43:14 0 d-------- C:\WINDOWS\Prefetch
2008-08-19 06:31:53 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-18 21:41:33 0 d-------- C:\Program Files\KraiSoft Games
2008-08-18 03:00:10 68096 --a------ C:\WINDOWS\zip.exe
2008-08-18 03:00:10 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-18 03:00:10 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-18 03:00:10 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-18 03:00:10 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-18 03:00:10 98816 --a------ C:\WINDOWS\sed.exe
2008-08-18 03:00:10 80412 --a------ C:\WINDOWS\grep.exe
2008-08-18 03:00:10 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-18 02:51:02 0 d-------- C:\Documents and Settings\Dell\Application Data\McAfee
2008-08-15 10:15:58 0 d-------- C:\Documents and Settings\Dell\Application Data\Malwarebytes
2008-08-15 10:15:50 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 10:15:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 09:26:55 0 d-------- C:\Documents and Settings\Dell\Application Data\Corel
2008-08-09 07:53:19 0 d-------- C:\Program Files\Conduit
2008-08-09 07:53:18 0 d-------- C:\Program Files\Sample_Resumes


-- Find3M Report ---------------------------------------------------------------

2008-09-08 14:09:57 0 d-------- C:\Program Files\RealArcade
2008-09-08 06:57:21 0 d-------- C:\Program Files\iWin.com
2008-09-08 04:31:04 0 d-------- C:\Documents and Settings\Dell\Application Data\MysteryStudio
2008-09-05 20:36:44 0 d-------- C:\Program Files\MostFun
2008-09-03 10:15:09 0 d-------- C:\Program Files\McAfee
2008-08-31 21:55:22 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-30 20:36:39 0 d-------- C:\Program Files\Jigsaws
2008-08-30 17:12:11 0 d-------- C:\Documents and Settings\Dell\Application Data\Adobe
2008-08-28 17:05:12 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-26 11:52:11 0 d-------- C:\Program Files\Common Files
2008-08-25 05:31:23 0 d-------- C:\Program Files\Common Files\Real
2008-08-25 05:31:03 0 d-------- C:\Program Files\Real
2008-08-19 06:42:44 0 d-------- C:\Program Files\Messenger
2008-08-19 06:35:11 0 d-------- C:\Program Files\Movie Maker
2008-08-19 06:31:34 0 d-------- C:\Program Files\Windows NT
2008-08-15 11:04:14 0 d-------- C:\Documents and Settings\Dell\Application Data\AOL
2008-08-13 12:20:34 0 d-------- C:\Documents and Settings\Dell\Application Data\PlayFirst
2008-08-07 21:49:50 0 d-------- C:\Documents and Settings\Dell\Application Data\iWin
2008-08-06 16:03:03 0 d-------- C:\Documents and Settings\Dell\Application Data\Google
2008-08-06 13:10:10 0 d-------- C:\Documents and Settings\Dell\Application Data\Help
2008-08-05 05:07:40 0 d-------- C:\Program Files\Common Files\AOL
2008-08-05 04:11:34 0 d-------- C:\Program Files\Perfect Uninstaller
2008-08-05 04:10:42 0 d-------- C:\Program Files\VS Revo Group
2008-08-01 06:26:04 0 d-------- C:\Documents and Settings\Dell\Application Data\Macromedia
2008-07-30 20:20:37 0 d-------- C:\Documents and Settings\Dell\Application Data\TheScruffs
2008-07-30 16:04:53 0 d-------- C:\Documents and Settings\Dell\Application Data\KewlBoxPrefs
2008-07-27 13:34:33 0 d-------- C:\Documents and Settings\Dell\Application Data\Legends of pirates
2008-07-27 10:39:04 1031274 --a------ C:\WINDOWS\system32\mi1.exe
2008-07-26 14:11:37 0 d-------- C:\Program Files\SoftwareRevenue.org
2008-07-26 04:11:39 0 d-------- C:\Program Files\inebooks
2008-07-24 18:58:11 0 d-------- C:\Program Files\FlashGet
2008-07-24 14:38:00 61440 --a------ C:\WINDOWS\system32\Big Kahuna Reef 2.scr <Not Verified; Reflexive; Reflexive BKR2Saver>
2008-07-24 10:17:30 0 d-------- C:\Documents and Settings\Dell\Application Data\Sun
2008-07-23 14:49:23 0 d-------- C:\Documents and Settings\Dell\Application Data\CyberLink
2008-07-23 09:08:12 0 d-------- C:\Documents and Settings\Dell\Application Data\GameHouse
2008-07-23 04:09:37 0 d-------- C:\Program Files\Trend Micro
2008-07-22 18:42:00 0 d-------- C:\Documents and Settings\Dell\Application Data\Magic Academy
2008-07-22 18:28:36 0 d-------- C:\Program Files\GameHouse
2008-07-22 17:07:13 0 d-------- C:\Documents and Settings\Dell\Application Data\Mozilla
2008-07-22 16:43:31 0 d-------- C:\Documents and Settings\Dell\Application Data\Eyeblaster
2008-07-22 16:39:20 0 d-------- C:\Documents and Settings\Dell\Application Data\Identities
2008-07-19 05:36:06 0 d-------- C:\Program Files\Zylom Games
2008-07-17 16:51:33 4096 --a------ C:\WINDOWS\d3dx.dat
2008-07-17 12:44:37 0 d-------- C:\Program Files\Trymedia
2008-07-16 17:41:31 0 d-------- C:\Program Files\Java
2008-07-15 21:18:34 0 d-------- C:\Program Files\El Dorado Quest
2008-07-15 15:26:10 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-15 15:25:40 0 d-------- C:\Program Files\McAfee.com
2008-07-15 14:37:56 0 d-------- C:\Program Files\Windows Resource Kits
2008-07-14 11:55:54 2828 --a------ C:\WINDOWS\mozver.dat
2008-07-13 12:35:24 64 --a------ C:\WINDOWS\GPlrLanc.dat
2008-07-13 04:56:24 0 d-------- C:\Program Files\Registry Easy
2008-07-09 02:51:59 0 d-------- C:\Program Files\QuickTime
2008-07-07 15:56:09 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager "= "C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe" [10/08/2007 05:50 PM]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 12:48 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"SigmatelSysTrayApp "= "stsystra.exe" [03/24/2006 05:30 PM C:\WINDOWS\stsystra.exe]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [05/26/2008 11:36 AM]
"QuickFinder Scheduler "= "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [07/05/2006 12:01 AM]
"Persistence "= "C:\WINDOWS\system32\igfxpers.exe" [03/30/2007 07:59 PM]
"mcagent_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [03/30/2007 08:00 PM]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [03/30/2007 08:00 PM]
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 04:19 PM]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [11/01/2005 03:12 AM]
"DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [11/07/2005 05:20 AM]
"Dell QuickSet "= "C:\Program Files\Dell\QuickSet\Quickset.exe" [05/14/2007 02:23 PM]
"Broadcom Wireless Manager UI "= "C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 12:48 PM]
"McAfee Backup "= "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook "= "C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/25/2008 05:30 AM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/07/2008 04:54 AM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 08:12 PM]
"AOL Fast Start "= "C:\Program Files\AOL 9.1\AOL.exe" [03/06/2008 06:12 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]

C:\Documents and Settings\Dell\Start Menu\Programs\Startup\
MostFun.lnk - C:\Program Files\MostFun\Bin\MostFun.exe [8/28/2007 5:47:20 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [6/8/2003 5:48:18 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll 05/28/2008 04:48 PM 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dee^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=C:\Documents and Settings\Dee\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=C:\WINDOWS\pss\AOL Desktop.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - MBAMSWISSARMY



-- End of Deckard's System Scanner: finished at 2008-09-08 15:41:15 ------------

. Thanks so much for your help.

 

The report for the Kaspersky scan, it showed 6 unnamed threaths 21 infected files, 6 suspicious objects. I think this is right I am doing this from memory.

 

Hi deester
I would like to see the MBAM log that shows the infections and I would also like to see the Kaspersky scan log.


Also be advised about this,
Freeze.com Toolbar
Freeze.com_Toolbar - a Softomate Toolbar variant - Softomate customizes toolbars to customers needs. The dll files for their toolbars contain some spyware/adware functionality, although not all of the toolbars use this. Some of the toolbars are fine to have, so every case is different. Your choice.

iWin is also considered adware/spyware.

Please post those logs.

Thanks
Geri

 

Malwarebytes' Anti-Malware 1.24
Database version: 1054
Windows 5.1.2600 Service Pack 3

12:53:18 PM 9/8/2008
mbam-log-9-8-2008 (12-53-18).txt

Scan type: Quick Scan
Objects scanned: 59090
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\tbsb07396.ietoolbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{bb633664-dc9b-44ae-a2b4-ae68399fc7dc} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3bbb7a9a-887b-445b-82e9-156db8c2e952} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d5c12ae-bdb0-4ac3-bae6-ba3f0855435a} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d7adf7c1-14fb-4110-b2df-187884cac12a} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7adf7c1-14fb-4110-b2df-187884cac12a} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07396.ietoolbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07396.tbsb07396 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07396.tbsb07396.3 (Adware.SoftMate) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Freeze.com Toolbar\freeze_us.dll (Adware.SoftMate) -> Quarantined and deleted successfully.

 

The Kaspersky scan please.

 

Will post as soon as scan completes.

 

Kaspersky Online Scanner 7 Your computer is infected
Information
Update
Scan
Critical Areas
My Computer
Folder...
File...

Scan Report
Support
Help
SettingsUpdateNew viruses and other threats appear frequently.
Updating the database keeps your scans up-to-date. Database information

Database publishedWednesday, September 10, 2008 02:07:42

Records in database1205132

Downloading and installing the program(100%)

Update size:1 KB
Transferred size:1 KB
The program components have been downloaded and installed, and the program
has started.
Updating the database(100%)


Update size:836 KB
Transferred size:438 KB
Last start:09/09/2008 22:21:50
Status:complete
Program is starting. Please wait...
Update source selected: http://www.kaspersky.com
Downloading file: packages/kos-extras.jar
Program has started.

Program database is being updated. Please wait...
Update source selected: http://dnl-05.geo.kaspersky.com/
Downloading file: index/master.xml.klz
Downloading file: diffs/bases/five/avc/kavset.xml.pqe
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: diffs/bases/five/avc/fa001.avc.6lx
Downloading file: diffs/bases/five/avc/base073c.avc.ike
Downloading file: bases/five/avc/base073c.avc
Downloading file: diffs/bases/five/avc/base074c.avc.s_2
Downloading file: bases/five/avc/base074c.avc
Downloading file: diffs/bases/five/avc/base373c.avc.qce
Downloading file: bases/five/avc/base374c.avc
Downloading file: diffs/bases/five/avc/dailyc.avc.far
Downloading file: bases/five/avc/dailyc.avc
Downloading file: diffs/bases/five/avc/ext015c.avc.y6h
Downloading file: bases/five/avc/ext015c.avc
Downloading file: diffs/bases/five/avc/ext056c.avc.9nh
Downloading file: diffs/bases/five/avc/daily-ec.avc.dbe
Downloading file: bases/five/avc/daily-ec.avc
Downloading file: diffs/bases/five/avc/base073.avc.nzj
Downloading file: bases/five/avc/base073.avc
Downloading file: diffs/bases/five/avc/base074.avc.6uu
Downloading file: bases/five/avc/base074.avc
Downloading file: diffs/bases/five/avc/base164.avc.j5n
Downloading file: diffs/bases/five/avc/daily.avc.gov
Downloading file: diffs/bases/five/avc/gen005.avc.yww
Downloading file: diffs/bases/five/avc/fa.avc.htv
Downloading file: diffs/bases/five/avc/avp.set.bw1
Downloading file: diffs/bases/five/avc/avp_ext.set.fcr
Downloading file: diffs/bases/five/avc/avp_x.set.fe4
Downloading file: diffs/bases/five/avc/avp.klb.hbd
Downloading file: bases/five/avc/avp.klb
Database is updated. Ready to scan.Scan My ComputerScan statistics

Files scanned91274

Threat names13

Infected objects22

Suspicious objects6

Duration of the scan01:42:25
Start scan
Scan is running (84%)

Click the area that you want to scan in left part of the window. The scan
will start automatically as soon as you select a scan area.

Last start:9/09/2008 22:22:01
Status:complete
Please wait, the scan may take a long time depending on the size of the
selected scan area. You can continue browsing in a new Web browser window.

Now scanning:
Location:
Settings | View scan report | Stop scan
Attention: Kaspersky Online Scanner 7.0 may not run successfully while any other
antivirus program is running. If you have another antivirus program installed,
please turn it off before running Kaspersky Online Scanner 7.0. Scan ReportThe
scan report displays information about threats detected
on your computer. - Infected object - Suspicious object
InformationWelcome to Kaspersky Online Scanner 7.0! Use the program to check
your computer for viruses and other malware for free.
Benefits:

Kaspersky Lab exceptional detection rates and thorough scan
Hourly database updates available
Heuristic analysis to detect unknown malware
One-click installation


Requirements and limitations:

In Microsoft Windows Vista, you must open the Web browser using the Run as
Administrator command.
To begin using the program, you need to download and install the program files
and the database of malware definitions. (The size of the program files
depends on your operating system.) Later, Kaspersky Online Scanner 7.0 checks
for the program and database updates every time you open or update the program
window and, if available, downloads and installs them automatically.
In Linux, Kaspersky Online Scanner 7.0 does not scan RAM, boot sectors and
MBRs, so it cannot detect malicious programs located in these areas.
In Microsoft Windows Vista, if the language you use has a character set and
fonts different from English, make sure that the language selected for your
default system locale and the language to display dates, times, currency, and
measurements (Current format) are the same as the language you use.
Kaspersky Online Scanner 7.0 only detects malicious code that have already
penetrated into your computer, so that you can delete them manually. It
neither protects your computer against malicious code, nor prevents future
infections. We recommend that you install a full-featured antivirus solution
to protect your computer.
SupportIf you have questions, comments, or suggestions related to
Kaspersky Online Scanner 7.0, please contact us. About Kaspersky Online Scanner
7.0

Version7.0.25.0

Database publishedWednesday, September 10, 2008 02:07:42

Operating systemMicrosoft Windows XP Home Edition Service Pack 3 (build
2600)

User Forum
Go to the Kaspersky Lab Forum.
Malware information
Find news and information about viruses and other threats at
Viruslist.com.
View information
Warning

Kaspersky Online Scanner 7.0 is already running in another window.
SettingsDetect malicious programs of the following categories:
Viruses, Worms, Trojan Horses, Rootkits
Spyware, Adware, Dialers, and other potentially dangerous programs

Scan compound files (doesn't apply to the File scan area):
Archives
Mail databases

 

Hi
OK don't know what you got and posted but it is not what I need.

Please follow these instructions.

Please do an online scan with Kaspersky WebScanner

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

I ran Kasperky online just as you in instructed in your post and saved just as you instructed. I followed the directions Dave gave me in another post. I can scan again but I'm going to get the same results Want me to do it anyway.

Dee

 

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, September 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, September 10, 2008 09:02:24
Records in database: 1206433
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 91063
Threat name 13
Infected objects 22
Suspicious objects 6
Duration of the scan 02:07:42

File name Threat name Threats count
C:\Program Files\Internet Explorer\MSIMG32.dll/C:\Program Files\Internet Explorer\MSIMG32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1
C:\My Games\Abundante!\abundante!.exe Suspicious: Type_Win32 1
C:\My Games\Karu\karu.exe Suspicious: Type_Win32 1
C:\My Games\Little Shop of Treasures\LittleShopofTreasures.exe Suspicious: Type_Win32 1
C:\My Games\Profitville\profitville.exe Suspicious: Type_Win32 1
C:\My Games\Sparkle\sparkle.exe Suspicious: Type_Win32 1
C:\My Games\Super Jigsaw Puzzle\Jigsaw.exe Suspicious: Type_Win32 1
C:\Program Files\Escape the Museum\Uninstall.exe Infected: Backdoor.Win32.Small.fny 1
C:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1
C:\Program Files\iWin.com\Amazonia\GameLauncher.exe Infected: Trojan-Dropper.Win32.Irsd.ba 1
C:\Program Files\iWin.com\Can You See What I See\GameLauncher.exe Infected: Trojan-Dropper.Win32.Irsd.ba 1
C:\Program Files\iWin.com\Cradle of Persia\GameLauncher.exe Infected: Trojan-Dropper.Win32.Irsd.u 1
C:\Program Files\iWin.com\Great Secrets Da Vinci\GameLauncher.exe Infected: Trojan-Dropper.Win32.Irsd.ba 1
C:\Program Files\iWin.com\Heroes of Hellas\GLWorker.exe Infected: Trojan-Spy.Win32.SCKeyLog.fo 1
C:\Program Files\iWin.com\Hide and Secret\GameLauncher.exe Infected: Trojan-Dropper.Win32.Irsd.ba 1
C:\Program Files\iWin.com\Jewel Quest II\GameLauncher.exe Infected: Trojan-Dropper.Win32.Irsd.ba 1
C:\Program Files\iWin.com\Magic Academy\GameLauncher.exe Infected: Trojan-Dropper.Win32.Irsd.ba 1
C:\Program Files\iWin.com\Magic Match\MagicMatch.ifn Infected: not-a-virus:FraudTool.Win32.AntiVermins.a 1
C:\Program Files\iWin.com\Magicians Handbook\GameLauncher.exe Infected: Trojan-Dropper.Win32.Irsd.ba 1
C:\Program Files\iWin.com\Natalie Brooks Secrets of Treasure House\GameLauncher.exe Infected: Trojan-Dropper.Win32.Irsd.ba 1
C:\Program Files\iWin.com\Pirateville\GameLauncher.exe Infected: Trojan-Dropper.Win32.Irsd.af 1
C:\Program Files\iWin.com\Polly Pride Pet Detective\GameLauncher.exe Infected: Trojan-Dropper.Win32.Irsd.v 1
C:\Program Files\iWin.com\Season Match\GameLauncher.exe Infected: Trojan-Dropper.Win32.Irsd.bc 1
C:\Program Files\iWin.com\Season Match\GLWorker.exe Infected: Trojan-Spy.Win32.SCKeyLog.cw 1
C:\Program Files\iWin.com\Secrets of Great Art\GLWorker.exe Infected: Trojan-Spy.Win32.SCKeyLog.cu 1
C:\Program Files\iWin.com\Secrets of the Seas\GLWorker.exe Infected: Trojan-Spy.Win32.SCKeyLog.bs 1
C:\Program Files\iWin.com\The Count of Monte Cristo\GameLauncher.exe Infected: Trojan-Dropper.Win32.Irsd.ba 1
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1
The selected area was scanned.

 

Hi

No this one shows the infections, the other one did not.

Please delete these files.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

C:\Program Files\Internet Explorer\MSIMG32.dll
C:\Program Files\Internet Explorer\msimg32.dll


All your iWin games are infected.

C:\Program Files\iWin.com\Amazonia
C:\Program Files\iWin.com\Can You See What I See
C:\Program Files\iWin.com\Cradle of Persia
C:\Program Files\iWin.com\Great Secrets Da Vinci
C:\Program Files\iWin.com\Heroes of Hellas
C:\Program Files\iWin.com\Hide and Secret
C:\Program Files\iWin.com\Jewel Quest II
C:\Program Files\iWin.com\Magic Academy
C:\Program Files\iWin.com\Magic Match
C:\Program Files\iWin.com\Magicians Handbook
C:\Program Files\iWin.com\Natalie Brooks Secrets of Treasure House
C:\Program Files\iWin.com\Pirateville
C:\Program Files\iWin.com\Polly Pride Pet Detective
C:\Program Files\iWin.com\Season Match
C:\Program Files\iWin.com\Secrets of Great Art
C:\Program Files\iWin.com\The Count of Monte Cristo

I recommend removing all of them and anything to do with iWin. and staying away from iWin.com.

Even the others Kaspersky is lising as "Suspicious ".

Please do this.

Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.

Let me know what you plan to do with the games.

Thanks
Geri

 

Geri,

Thanks for your help. I have contacted IWin in the past and the have assured me that these games are safe. I also scanned them with Virus total and they were safe. I don't know what to do, I really enjoy these games and I've had them for a long time with no problems.
Dee

 

Hi

OK, well that is up to you.

As you know that is how iWins makes their money, so yes they are going to tell you they are safe.
I can only make recommendations on my experience and what I know, and then the scans that are produced.
It is your computer. so it is your choice.

Please delete the other two files that I listed above. and do the combofix removal.

Let me know how things are running.

Just so you will have some infromation on what is said about the infections on iWin Games.

Trojan Spy

This family includes a variety of spy programs and key loggers, all of which track and save user activity on the victim machine and then forward this information to the master. Trojan-spies collect a range of information including:

* Keystrokes
* Screenshots
* Logs of active applications
* Other user actions

These Trojans are most often used to steal banking and other financial information to support online fraud.

(Though iWin does not use this to steal your banking info, they do use it to spy on you.)

------------------------------------------------------------------------------------

Trojan-Dropper.Win32.Irsd.ba
Name - Trojan-Dropper.Win32.Irsd.ba
Type - Malware
Type Description - Malware ( "malicious software ") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.
Category - Trojan Downloader
Category Description - A Trojan Downloader is a program typically installed through an exploit or some other deceptive means and that facilitates the download and installation of other malware and unwanted software onto a victim's PC. A Trojan Downloader may download adware, spyware or other malware from multiple servers or sources on the internet.
http://research.sunbelt-software.co...=Trojan-Dropper.Win32.Irsd.ba&threatid=390191

--------------------------------------------------------------------------------------

Backdoor.Win32.Small.fny
http://research.sunbelt-software.co...name=Backdoor.Win32.Small.fny&threatid=387802

Thanks
Geri

 

Geri,
Thank you so much for taking so much time with me, I'm a beginner and use every opportunity to learn. I'm not debating you on this subject but trying to understand why Iwin who has has has sponsors for their games would take such a chance. I don't pay for my games,they are ad sponsored. Am including Iwin's repomse to me.
We understand your concern. Your system may have identified us as a culprit for viruses or adware, or your system may be blocking installation of our software without you knowing why. We would like to assure you that there is no cause for concern. The environment that our games are developed in is "air tight" and we spare no effort to vigorously ensure that our customers get a top notch product - without viruses or any malicious intrusions to your system.

Adware:


Because we have advertising supported games and advertising on our site, we do have software that functions only while you are playing your game or running our iWin Games Manager. This allows our advertising to run smoothly, but not to monitor activity or compromise your privacy. It is both completely safe and non-intrusive by nature. If you are receiving alert messages or experiencing blockages of our games, in order to install and play them you will need to alter your software's settings to allow your iWin download game to install successfully.

Virus:



If you had an existing intrusion to your system, it may have indiscriminately attached itself to our program, thereby giving the impression to your system protection software that our games were the source. More often than not though, what is called out as a "virus" is nothing of the kind. The security software simply does not recognize our software and falsely identifies our product as a threat. If you are receiving such messages, in order to play the game you will need to alter your settings or temporarily disable the software to allow your iWin download game to install successfully. We recommend spending some time to become very familiar with your antivirus software and to be sure that you choose the product you operate on your machine carefully. Some products may do a great job of protecting your machine, but could also be forcing your computer to operate within a bubble, needlessly flagging harmless software besides ours.




Because of the vast number of anti-virus products available, it is simply not feasible for us to have detailed support information for each of them. A couple rules of thumb when it comes to selecting antivirus products: Freeware is often of suboptimal quality. If your antivirus product is falsely flagging iWin.com software, it probaby is preventing access to other desired software as well. While we do not specifically endorse any of the products listed below, they are the most common antivirus software products our customers claim to use

 

Hi Dee
Yeah I know their speech, seen it before.

I can tell you this is a bunch of hooie.
"A couple rules of thumb when it comes to selecting antivirus products: Freeware is often of suboptimal quality. "

There are thousands upon thousands using AVG Free or AVast or a couple other free AV's and they are even recommended by malware fighters throughout the net.

Like I said it is your computer, therefore your choice.

If all is running OK I'll mark this one resolved.

Let me know.

Thanks
Geri

 

I'm having no problems with it running.
Thanks for your help;
Dee

 

Hi Dee
You're welcome.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

Surf Safely
Geri