clfmon.exe wasn't in either of the folders suggested.
DrWeb ran perfectly on Safe Mode. 5+ hours later I get the report I've attached.
Quote:
|
Originally Posted by DrWeb
regLocal.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups;Probably SCRIPT.Virus;;
RegUBP2b-Owner.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots;Trojan.StartPage.1505;;
Process.exe;C:\HJT\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\HJT\SmitfraudFix;Tool.ShutDown.11;;
A0062174.reg;C:\System Volume Information\_restore{F8A424DD-51E1-4693-ACA2-781625F98C1D}\RP362;Trojan.StartPage.1505;;
A0084299.exe;C:\System Volume Information\_restore{F8A424DD-51E1-4693-ACA2-781625F98C1D}\RP380;Adware.SaveNow;;
A0084300.exe;C:\System Volume Information\_restore{F8A424DD-51E1-4693-ACA2-781625F98C1D}\RP380;Adware.SaveNow;;
A0084301.exe;C:\System Volume Information\_restore{F8A424DD-51E1-4693-ACA2-781625F98C1D}\RP380;Adware.SaveNow;;
A0084302.exe;C:\System Volume Information\_restore{F8A424DD-51E1-4693-ACA2-781625F98C1D}\RP380;Adware.SaveNow;;
A0084303.EXE;C:\System Volume Information\_restore{F8A424DD-51E1-4693-ACA2-781625F98C1D}\RP380;Adware.NewDotNet;;
A0084304.EXE;C:\System Volume Information\_restore{F8A424DD-51E1-4693-ACA2-781625F98C1D}\RP380;Adware.NewDotNet;;
|
Surprisingly nothing in the Windows folders...