Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan?


  • Please log in to reply
8 replies to this topic

#1 theleggetts

theleggetts

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 21 February 2008 - 01:12 AM

We're having problems with our family computer. We keep receiving pop-ups telling us we are infected with a Trojan and that we should download various anti-spyware/virus protection programs. However, the pop-ups also redirect the user to the same product site and I don't think that it is any form of recognized computer protection. Below is my HijackThis logfile. Any and all help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:11 PM, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scm.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\NetProject\sbsm.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Cleaning Files\SpywareGuard\SpywareGuard\sgmain.exe
C:\Program Files\Cleaning Files\SpywareGuard\SpywareGuard\sgbhp.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ANNAPO~1\LOCALS~1\Temp\Rar$EX00.235\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Cleaning Files\SpywareGuard\SpywareGuard\dlprotect.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Documents and Settings\David Porter Leggett\My Documents\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Cleaning Files\SpywareGuard\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...127/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by113fd.bay113.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: arborize - {d9f6ce57-0718-4bd1-916f-5fb1f86911c2} - C:\WINDOWS\system32\txdkfh.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

--
End of file - 11372 bytes

Thanks in advance,

theleggetts

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 23 February 2008 - 07:58 AM

Hi theleggetts and Welcome to the forums. :thumbsup:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#3 theleggetts

theleggetts
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 23 February 2008 - 10:24 PM

Thank you so much for replying to our post. Below I've put the MBAM logfile, followed by the HijackThis log.

MBAM:

Malwarebytes' Anti-Malware 1.05
Database version: 400

Scan type: Quick Scan
Objects scanned: 33481
Time elapsed: 25 minute(s), 50 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 2
Registry Keys Infected: 19
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 88
Files Infected: 163

Memory Processes Infected:
c:\program files\netproject\scit.exe (Trojan.Zlob) -> Unloaded process successfully.
c:\program files\netproject\sbmntr.exe (Trojan.Zlob) -> Unloaded process successfully.
c:\program files\netproject\scm.exe (Trojan.Zlob) -> Unloaded process successfully.
c:\program files\netproject\sbsm.exe (Trojan.Zlob) -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\SYSTEM32\txdkfh.dll (Trojan.Zlob) -> Unloaded module successfully.
c:\program files\netproject\sbmdl.dll (Trojan.Zlob) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d9f6ce57-0718-4bd1-916f-5fb1f86911c2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\multimedia software (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88418aa3-16f5-4fc2-a9d8-90b1266df841} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6c51f7e9-8542-4f25-a30f-2060157752e1} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9d573d0e-663c-435f-bf31-2c4497373c41} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Starware325 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d9f6ce57-0718-4bd1-916f-5fb1f86911c2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\NetProject (Trojan.Zlob) -> Delete on reboot.
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\p2pnetworks (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\NewsSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\NewsSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\NewsSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\SYSTEM32\txdkfh.dll (Trojan.Zlob) -> Delete on reboot.
c:\program files\netproject\scit.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\netproject\sbmntr.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\netproject\scm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\netproject\sbsm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\netproject\sbmdl.dll (Trojan.Zlob) -> Delete on reboot.
C:\Program Files\NetProject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\sbun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\scu.exe (Trojan.Zlob) -> Delete on reboot.
C:\Program Files\NetProject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\uninst.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\wamdl.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\waun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\p2pnetworks\install.log (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\p2pnetworks\sp2p.cache (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\newssearchicon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\newssearchiconxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\newssearchiconxp_over.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\newssearchicon_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware325\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\NewsSearch\NewsSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\NewsSearch\NewsSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Leggett\Application Data\Starware325\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\NewsSearch\NewsSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\NewsSearch\NewsSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paula Porter Leggett\Application Data\Starware325\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\NewsSearch\NewsSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\NewsSearch\NewsSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Application Data\Starware325\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna Porter Leggett\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:37 PM, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Cleaning Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Cleaning Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.vroomsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vroomsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.vroomsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.vroomsearch.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Cleaning Files\SpywareGuard\SpywareGuard\dlprotect.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Documents and Settings\David Porter Leggett\My Documents\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...127/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by113fd.bay113.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

--
End of file - 10847 bytes

Thanks again!

theleggetts

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 February 2008 - 01:52 PM

That looks alot better now,lets run a few scans and be sure nothing has been missed.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


#5 theleggetts

theleggetts
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 24 February 2008 - 05:50 PM

Here are the two texts you asked for from DSS:

extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.20GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 766.48 MiB / 354.5 MiB
Pagefile Memory (total/avail): 1223.65 MiB / 716.16 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.59 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 55.84 GiB total, 21.42 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD600BB-75CAA0 - 55.87 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 55.84 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntivirusOverride is set.
FirewallOverride is set.

FW: AVG Firewall 7.5.500 v7.5.500 (@Company_Name)
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Documents and Settings\\David Porter Leggett\\FreeSpace II\\fs2_open_3_6.exe"="C:\\Documents and Settings\\David Porter Leggett\\FreeSpace II\\fs2_open_3_6.exe:*:Disabled:FreeSpace"
"C:\\Program Files\\Games\\Steam\\SteamApps\\su47berkut@hotmail.com\\day of defeat\\hl.exe"="C:\\Program Files\\Games\\Steam\\SteamApps\\su47berkut@hotmail.com\\day of defeat\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Documents and Settings\\David Porter Leggett\\Steam\\SteamApps\\su47berkut@hotmail.com\\day of defeat\\hl.exe"="C:\\Documents and Settings\\David Porter Leggett\\Steam\\SteamApps\\su47berkut@hotmail.com\\day of defeat\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Palm\\HOTSYNC.EXE"="C:\\Program Files\\Palm\\HOTSYNC.EXE:*:Disabled:HotSync® Manager Application"
"C:\\Documents and Settings\\David Porter Leggett\\My Documents\\LeechFTP\\Leechftp.exe"="C:\\Documents and Settings\\David Porter Leggett\\My Documents\\LeechFTP\\Leechftp.exe:*:Disabled:Leechftp.exe"
"C:\\Program Files\\Games\\Steel Panthers\\MECH.EXE"="C:\\Program Files\\Games\\Steel Panthers\\MECH.EXE:*:Disabled:MECH"
"C:\\Program Files\\Games\\Close Combat III\\CC3.exe"="C:\\Program Files\\Games\\Close Combat III\\CC3.exe:*:Disabled:Microsoft® Close Combat™III: The Russian Front"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Games\\Starcraft\\starcraft.exe"="C:\\Program Files\\Games\\Starcraft\\starcraft.exe:*:Disabled:Starcraft"
"C:\\Program Files\\Games\\Steam\\Steam.exe"="C:\\Program Files\\Games\\Steam\\Steam.exe:*:Disabled:Steam"
"C:\\Documents and Settings\\David Porter Leggett\\Steam\\Steam.exe"="C:\\Documents and Settings\\David Porter Leggett\\Steam\\Steam.exe:*:Disabled:Steam"
"C:\\Program Files\\Games\\Warcraft III\\war3.exe"="C:\\Program Files\\Games\\Warcraft III\\war3.exe:*:Disabled:Warcraft III"
"C:\\Program Files\\Games\\Empire Earth\\Empire Earth.exe"="C:\\Program Files\\Games\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"="C:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe:*:Enabled:Rio Music Manager"
"C:\\Program Files\\Games\\Empire Earth - Art of Conquest\\EE-AOC.exe"="C:\\Program Files\\Games\\Empire Earth - Art of Conquest\\EE-AOC.exe:*:Enabled:EE-AOC"
"C:\\Program Files\\p2pnetworks\\p2pnetworks.exe"="C:\\Program Files\\p2pnetworks\\p2pnetworks.exe:*:Enabled:P2PNetworks"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Anna Porter Leggett\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL2003
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Anna Porter Leggett
LOGONSERVER=\\DELL2003
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Documents and Settings\David Porter Leggett\VDMSound;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANNAPO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANNAPO~1\LOCALS~1\Temp
USERDOMAIN=DELL2003
USERNAME=Anna Porter Leggett
USERPROFILE=C:\Documents and Settings\Anna Porter Leggett
VDMSPath=C:\Documents and Settings\David Porter Leggett\VDMSound
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Richard Leggett (admin)
Paula Porter Leggett (admin)
David Porter Leggett (admin)
Anna Porter Leggett (admin)
Owen Porter Leggett (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\TELUSE~1\Uninstall.exe TELUS
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE" -l0x9 -uninst -y -a -f"b2003ce.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
123 Free Solitaire --> C:\PROGRA~1\123FRE~1\UNWISE.EXE C:\PROGRA~1\123FRE~1\INSTALL.LOG
ACD PhotoStitcher --> MsiExec.exe /I{306F0DE6-CB05-4D35-A71A-1F30AF009FE4}
ACDSee 3.1 (SR-1) --> MsiExec.exe /I{047882CA-975E-41FC-BE02-6D6396106C4E}
AddOn Hagelsturm - D Day --> C:\Program Files\Games\Blitzkrieg\run\mods\Hagelsturm\data\Uninstal.exe
AddOn Hagelsturm - Overlord --> C:\Program Files\Games\Blitzkrieg\run\mods\Hagelsturm\data\Uninstal.exe
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe PageMaker 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0\Uninst.dll"
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AFM Mod --> "C:\Program Files\Games\Blitzkrieg\Run\Mods\AFM\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
BitTorrent 3.2.1 --> "C:\Program Files\BitTorrent\uninstall.exe"
Blitzkrieg --> C:\PROGRA~1\Games\BLITZK~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\Games\BLITZK~1\UNINST~1\INSTALL.LOG
Britannica Ready Reference --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE" -l0x9 -uninst
Broadcom Advanced Control Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Butterfly SpiritTheme --> C:\Documents and Settings\Anna Porter Leggett\My Documents\My TopThemes\My Themes\UninstTheme.exe "C:\Documents and Settings\Anna Porter Leggett\My Documents\My TopThemes\My Themes\Butterfly Spirit.theme"
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}
Cataclysm --> C:\PROGRA~1\Games\HOMEWO~1\CATACL~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\Games\HOMEWO~1\CATACL~1\UNINST~1\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Civilization III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\setup.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
CloneCD --> "C:\Documents and Settings\David Porter Leggett\My Documents\CloneCD\ccd-uninst.exe" /D="C:\Documents and Settings\David Porter Leggett\My Documents\CloneCD"
Close Combat IV --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Games\Close Combat IV\Uninst.isu"
Close Combat Mod 2 (CCM 1.28) --> C:\Program Files\Games\Blitzkrieg\Run\mods\Close Combat\Data\Uninstal.exe
Command & Conquer Red Alert 2 --> C:\Program Files\Games\Red Alert 2\Uninstll.EXE
Command & Conquer Tiberian Sun --> C:\Program Files\Games\Tiberian Sun\Uninstll.EXE
Command & Conquer Windows 95 --> C:\WINDOWS\UNINSTCC.EXE C:\WINDOWS\UNINST.EXE -fC:\WESTWOOD\C&C95\DeIsL1.isu
Command && Conquer Red Alert 2 - Yuri's Revenge --> C:\Program Files\Games\Red Alert 2\Uninstll.EXE
Commando --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Games\Commandos\DeIsL1.isu"
Commandos 2: Men of Courage --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}\setup.exe"
Commandos 3 - Destination Berlin --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C270BC04-1540-4673-960F-A546B2C860CD}\SETUP.EXE"
Commandos, Beyond the Call of Duty --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Games\Commandos BTCOD\DeIsL1.isu"
CS Brigade 1.3 --> c:\Program Files\Games\Blitzkrieg\Run\mods\CSB\data\Uninstal.exe
CS Brigade 1.3 Music --> C:\Program Files\Games\Blitzkrieg\Run\data\music\Uninstal.exe
Cuban Missile Crisis --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{653378B5-26CF-4839-86BB-04783648B01C}
DC++ (remove only) --> "C:\Documents and Settings\David Porter Leggett\My Documents\DC++\uninstall.exe"
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX --> C:\Documents and Settings\David Porter Leggett\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Documents and Settings\David Porter Leggett\DivX\DivXPlayerUninstall.exe /PLAYER
Documents To Go --> MsiExec.exe /X{BB47C139-F2A7-4AD5-9C66-71D07381FFA6}
Downloader Pro v1.2 --> C:\Program Files\BreezeSys\Downloader Pro\UnGins.exe "C:\Program Files\BreezeSys\Downloader Pro\install.log"
DownloadManager --> "C:\Program Files\DownloadManager\uninst.exe"
DriveFit --> C:\Program Files\Uninstall\DriveFit.exe DriveFit
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{91746221-0B6A-4572-BEE3-A4D587FF98EA}
ebgcSDK --> MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
EditPlus 2 --> C:\Program Files\EditPlus 2\remove.exe
Empire Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
Empire Earth - The Art of Conquest --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49C924C-A651-4378-94F6-5D9BF44A959F}\Setup.exe" -l0x9
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FinalAlert 2 Yuri's Revenge --> C:\Program Files\Games\Red Alert 2\Final Alert 2\FinalAlert 2 Yuri's Revenge\SMUninstall.exe
FlashGet(JetCar) --> C:\DOCUME~1\DAVIDP~1\MYDOCU~1\FlashGet\UNWISE.EXE C:\DOCUME~1\DAVIDP~1\MYDOCU~1\FlashGet\INSTALL.LOG
Fraps (remove only) --> "C:\Documents and Settings\David Porter Leggett\Fraps\uninstall.exe"
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Ground Control --> C:\PROGRA~1\Games\GROUND~1\UNWISE.EXE C:\PROGRA~1\Games\GROUND~1\INSTALL.LOG
Hagelsturm v2 Ostfront --> C:\Program FIles\Games\Blitzkrieg\run\mods\Hagelsturm\data\Uninstal.exe
HagelsturmAddOn - Ostfront --> C:\Program Files\Games\Blitzkrieg\run\mods\Hagelsturm\data\Uninstal.exe
Hamachi 1.0.2.5 --> C:\Documents and Settings\Owen Porter Leggett\Desktop\New Folder\Hamachi\uninstall.exe
Hearts of Iron 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98786147-80E3-41A5-A80C-1F3C028558CF}\setup.exe" -l0x9
Heimatfront --> C:\Program Files\Games\Blitzkrieg\Run\mods\Heimatfront\Data\Uninstal.exe
HentaII3D-017.004 --> "C:\Documents and Settings\Owen Porter Leggett\Desktop\stuff\games\Gamboy Games\New Folder\Binaries\Uninstall-HentaII3D-017.004.exe"
Heroes of Might and Magic --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Games\Heroes\DeIsL1.isu"
Hidden and Dangerous Deluxe --> "C:\Program Files\Games\Hidden and Dangerous\Bin\IIUninst.exe" C:\Program Files\Games\Hidden and Dangerous\Bin\install.log
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\DOCUME~1\ANNAPO~1\LOCALS~1\Temp\Rar$EX00.235\HijackThis.exe" /uninstall
Hitman - Codename 47 --> "c:\documents and settings\david porter leggett\Hitman\uninstall.exe" C:\WINDOWS\ISUNINST.EXE -y -f"c:\documents and settings\david porter leggett\Hitman\uninstall.isu"
Hitman 2: Silent Assassin --> C:\DOCUME~1\DAVIDP~1\HITMAN~1\uninstall.exe
Homeworld --> C:\PROGRA~1\Games\HOMEWO~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\Games\HOMEWO~1\UNINST~1\INSTALL.LOG
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Ink Monitor --> C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe -U
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IrfanView (remove only) --> C:\Documents and Settings\David Porter Leggett\IfranView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LeechFTP --> C:\WINDOWS\eraser.exe KILL "C:\Documents and Settings\David Porter Leggett\My Documents\LeechFTP\uninstall.uif"
Malwarebytes' Anti-Malware --> "C:\Program Files\Cleaning Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Age of Empires II --> "C:\Program Files\Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Close Combat III --> "C:\Program Files\Games\Close Combat III\UNINSTAL.EXE" /runtemp
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Rise Of Nations --> "C:\Program Files\Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Word 2000 SR-1 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MUSICMATCH Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
Myth II --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Games\Myth II\Uninst.isu"
Myth The Fallen Lords --> C:\WINDOWS\unvise32.exe C:\Program Files\Games\Myth\uninstal.log
Myth Total Codex --> C:\WINDOWS\unvise32.exe c:\program files\games\total codex\uninstal.log
North Korea - The Aggression --> C:\Program Files\Games\Blitzkrieg\run\mods\ROK\data\Uninstal.exe
Operation Hagelsturm - BaseMod incl. TigerDivision --> C:\Program Files\Games\Blitzkrieg\run\mods\Hagelsturm\data\Uninstal.exe
Operation Hagelsturm v2 - Musik --> C:\Program Files\Games\Blitzkrieg\run\data\music\Uninstal.exe
Operation Hagelsturm v2 - TigerDivision Eisner --> C:\Program Files\Games\Blitzkrieg\run\data\music\Uninstal.exe
p2pnetworks --> "C:\Program Files\p2pnetworks\uninst.exe"
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Palm Desktop --> MsiExec.exe /X{F9126934-A42B-4C3F-9FA6-3B308D739375}
PENTAX USB DISK Device --> MsiExec.exe /X{AEE9ABDF-CFFD-4CC2-8519-E8ECEB5A2AAF}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quicken 2002 New User Edition --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"
QuickTax 2002 Standard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0933AFF4-3376-4C44-8569-BD7534B4B4E8}\setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Red Alert Themes --> C:\WINDOWS\uninst.exe -f"C:\WESTWOOD\REDALERT\Red Alert\DeIsL1.isu"
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Rio Internet Update --> MsiExec.exe /X{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA}
Rio Music Manager --> MsiExec.exe /X{282EF7E3-AE54-48AE-A11D-27F512F23AB3}
Rio Taxi --> MsiExec.exe /X{434C733C-27FA-423E-8CDC-F72B55631BA5}
Rise of Nations Thrones and Patriots --> "C:\Program Files\Games\Rise of Nations\UNINSTLX.EXE" /runtemp /uninstall
Rise of Nations Thrones and Patriots Trial Version --> "C:\Program Files\Games\Rise of Nations\Thrones and Patriots Trial Version\UNINSTLX.EXE" /runtemp /uninstall
ROK 1950 --> C:\Program Files\Games\Blitzkrieg\Run\Mods\ROK\Uninstal.exe
Sacrifice --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6231FDA0-7E6F-11D4-A671-006008D09831}\Setup.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shtrafbat --> C:\Program Files\Games\Blitzkrieg\Run\mods\Shtrafbat\data\Uninstal.exe
Sid Meier's Alpha Centauri --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Games\Alpha Centauri\Uninst.isu"
SimCity 3000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Games\SimCity 3000\Uninst.isu"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Spanish Civil War Mod 2.0 --> "C:\Program Files\Games\Blitzkrieg\Run\mods\SCW\data\unins000.exe"
Spanish Civil War Mod Music --> "C:\Program Files\Games\Blitzkrieg\Run\data\music\unins000.exe"
SpywareBlaster v3.3 --> "C:\Program Files\Cleaning Files\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\Cleaning Files\SpywareGuard\SpywareGuard\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Starware News Toolbar --> C:\Program Files\Starware325\Starware325Uninstall.exe
Steel Panthers World At War v7.1 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Games\irunin.ini"
Steel Panthers World At War v8.20 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Games\Steel Panthers\irunin.ini"
Stronghold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}\setup.exe" -l0x9
Stronghold Crusader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe" -l0x9
Sudden Strike --> C:\WINDOWS\SudUS\UNWISE.EXE C:\WINDOWS\SudUS\INSTALL.LOG
Sudden Strike - Resource War --> C:\PROGRA~1\Games\SUDDEN~1\SUDDEN~3\UNINST~1\UNWISE.EXE C:\PROGRA~1\Games\SUDDEN~1\SUDDEN~3\UNINST~1\INSTALL.LOG
Sudden Strike II --> C:\PROGRA~1\Games\SUDDEN~1\SUDDEN~2\UNINST~1\UNWISE.EXE C:\PROGRA~1\Games\SUDDEN~1\SUDDEN~2\UNINST~1\INSTALL.LOG
Sudden Strike II - Hidden Stroke APRM --> C:\PROGRA~1\Games\SUDDEN~1\SUDDEN~2\UNINST~2\UNWISE.EXE C:\PROGRA~1\Games\SUDDEN~1\SUDDEN~2\UNINST~2\INSTALL.LOG
TeamSpeak 2 RC2 --> "C:\Documents and Settings\Owen Porter Leggett\Desktop\New Folder\Teamspeak2_RC2\unins000.exe"
TELUS eCare --> C:\WINDOWS\Motive\TELUS\MCCUninst.exe
VDMSound --> C:\Documents and Settings\David Porter Leggett\VDMSound\uninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Warcraft II BNE --> C:\WINDOWS\W2BNEUnin.exe C:\WINDOWS\W2BNEUnin.dat
Westwood Online --> C:\WESTWOOD\WWONLINE\UNINSTWC.EXE C:\WINDOWS\UNINST.EXE -fC:\WESTWOOD\WWONLINE\DeIsL1.isu
Winamp (remove only) --> "C:\Documents and Settings\David Porter Leggett\My Documents\Winamp\UninstWA.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordPerfect Office 2002 --> C:\WINDOWS\Corel\Uninst32.exe
WordPerfect Office 2002 --> C:\WINDOWS\Corel\uninst32.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type19358 / Success
Event Submitted/Written: 02/19/2008 09:12:48 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type19345 / Success
Event Submitted/Written: 02/19/2008 06:31:09 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type19335 / Error
Event Submitted/Written: 02/18/2008 08:09:04 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type19332 / Success
Event Submitted/Written: 02/18/2008 07:06:07 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type19309 / Success
Event Submitted/Written: 02/17/2008 06:47:52 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type73454 / Error
Event Submitted/Written: 02/24/2008 02:34:29 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The McAfee.com McShield service failed to start due to the following error:
%%3

Event Record #/Type73453 / Error
Event Submitted/Written: 02/24/2008 02:34:28 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The McAfee Network Agent service failed to start due to the following error:
%%3

Event Record #/Type73424 / Error
Event Submitted/Written: 02/23/2008 07:14:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The McAfee.com McShield service failed to start due to the following error:
%%3

Event Record #/Type73423 / Error
Event Submitted/Written: 02/23/2008 07:14:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The McAfee Network Agent service failed to start due to the following error:
%%3

Event Record #/Type73398 / Error
Event Submitted/Written: 02/23/2008 06:16:37 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The McAfee.com McShield service failed to start due to the following error:
%%3



-- End of Deckard's System Scanner: finished at 2008-02-24 14:46:20 ------------

main.txt:

Deckard's System Scanner v20071014.68
Run by Anna Porter Leggett on 2008-02-24 14:42:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
70: 2008-02-24 22:42:55 UTC - RP924 - Deckard's System Scanner Restore Point
69: 2008-02-17 19:49:33 UTC - RP923 - System Checkpoint
68: 2008-02-16 19:42:28 UTC - RP922 - System Checkpoint
67: 2008-02-15 06:53:47 UTC - RP921 - System Checkpoint
66: 2008-02-14 06:29:50 UTC - RP920 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-11-20 03:38:06 UTC - RP855 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Anna Porter Leggett.exe) ---------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:01 PM, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Cleaning Files\SpywareGuard\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cleaning Files\SpywareGuard\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Anna Porter Leggett\Desktop\dss.exe
C:\PROGRA~1\CLEANI~1\HIJACK~1\Anna Porter Leggett.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Cleaning Files\SpywareGuard\SpywareGuard\dlprotect.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Documents and Settings\David Porter Leggett\My Documents\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Cleaning Files\SpywareGuard\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...127/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by113fd.bay113.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

--
End of file - 10219 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD>
R3 Eplpdx02 - c:\windows\system32\drivers\eplpdx02.sys <Not Verified; MK Systems CO., LTD.; MK Systems LPT I/O Driver for Windows2000>

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 jswmidin - c:\docume~1\davidp~1\locals~1\temp\jswmidin.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 RioMSC (Rio MSC Manager) - c:\windows\system32\riomsc.exe <Not Verified; Digital Networks North America, Inc.; Rio Mass Storage Class Device Manager>

S2 McNASvc (McAfee Network Agent) - "c:\program files\common files\mcafee\mna\mcnasvc.exe" (file missing)
S2 McShield (McAfee.com McShield) - c:\progra~1\mcafee.com\vso\mcshield.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-23 18:52:00 282 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-02-14 12:15:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2003-05-26 17:00:00 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job
2003-05-24 17:00:10 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job
2003-05-24 17:00:10 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2008-01-24 and 2008-02-24 -----------------------------

2008-02-23 19:14:06 0 d-------- C:\Documents and Settings\Richard Leggett\Application Data\Malwarebytes
2008-02-23 18:37:40 0 d-------- C:\Documents and Settings\Paula Porter Leggett\Application Data\Malwarebytes
2008-02-23 18:37:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-20 20:49:06 0 dr-h----- C:\Documents and Settings\Anna Porter Leggett\Recent
2008-02-07 18:01:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-07 12:59:49 0 d-------- C:\Documents and Settings\Paula Porter Leggett\Application Data\Google
2008-02-07 10:56:25 0 d-------- C:\Program Files\iPod
2008-01-29 10:58:02 0 d-------- C:\Program Files\Windows Live Toolbar
2008-01-29 10:57:57 0 d-------- C:\Program Files\Windows Live Favorites
2008-01-29 10:54:37 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-29 10:54:22 0 d-------- C:\Program Files\Windows Live
2008-01-29 10:53:48 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-24 20:46:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Google


-- Find3M Report ---------------------------------------------------------------

2008-02-24 14:33:45 0 d-------- C:\Documents and Settings\Anna Porter Leggett\Application Data\AVG7
2008-02-23 19:04:12 0 d-------- C:\Program Files\Common Files
2008-02-23 18:37:22 0 d-------- C:\Program Files\Cleaning Files
2008-02-07 12:56:04 0 d-------- C:\Program Files\Google
2008-02-07 12:55:48 0 d-------- C:\Program Files\Common Files\Real
2008-02-07 10:56:37 0 d-------- C:\Program Files\iTunes
2008-02-07 10:54:40 0 d-------- C:\Program Files\QuickTime
2008-01-24 20:45:55 0 d-------- C:\Program Files\Java
2007-12-21 15:48:41 43520 --a----c- C:\WINDOWS\system32\CmdLineExt03.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [19/10/2005 07:59 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [19/10/2005 07:59 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [19/12/2007 04:27 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 10:09 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"Motive SmartBridge"="C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [16/12/2003 04:00 PM]
"MediaPipe P2P Loader"="C:\Program Files\p2pnetworks\mpp2pl.exe" []
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [02/10/2001 01:27 AM]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [14/08/2002 03:22 PM]
"DNS7reminder"="C:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" []
"CloneCDTray"="C:\Documents and Settings\David Porter Leggett\My Documents\CloneCD\CloneCDTray.exe" []
"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [09/12/2002 02:35 PM]
"BCMSMMSG"="BCMSMMSG.exe" [29/08/2003 03:59 AM C:\WINDOWS\BCMSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [17/12/2002 09:28 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 11:13 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/02/2008 02:18 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 11:56 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

C:\Documents and Settings\Anna Porter Leggett\Start Menu\Programs\Startup\
DESKTOP.INI [03/09/2002 6:00:00 AM]
SpywareGuard.lnk - C:\Program Files\Cleaning Files\SpywareGuard\SpywareGuard\sgmain.exe [29/08/2003 6:05:35 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 22/10/2007 10:46 AM 9216 C:\WINDOWS\SYSTEM32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-02-24 14:46:20 ------------

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 27 February 2008 - 07:13 AM

All that looks fine,Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


#7 theleggetts

theleggetts
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 28 February 2008 - 02:17 PM

Here's the report from F-Secure Online Virus Scan:

Scanning Report
Wednesday, February 27, 2008 20:57:02 - 08:34:34
Computer name: DELL2003
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 3 malware found
Agent.ANBL (virus)
C:\PROGRAM FILES\DOWNLOADMANAGER\API.EXE
Backdoor.Win32.Agent.so (virus)
System
Tracking Cookie (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 67848
System: 4409
Not scanned: 41
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 3
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\$NTUNINSTALLKB839645$\FLDRCLNR.DLL
C:\WINDOWS\$NTUNINSTALLKB839645$\SHELL32.DLL
C:\WINDOWS\$NTUNINSTALLKB839645$\SHLWAPI.DLL
C:\WINDOWS\$NTUNINSTALLKB839645$\SXS.DLL
C:\WINDOWS\$NTUNINSTALLKB839645$\XPSP2RES.DLL
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC10.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC11.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC12.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC13.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC14.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC15.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC16.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC17.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC18.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC19.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC2.JPG
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC20.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC21.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC22.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC23.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC24.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC27.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC28.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC32.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC33.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC34.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC35.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC36.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC37.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC38.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC42.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC7.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC8.DOC
C:\RECYCLER\S-1-5-21-1822772659-527299705-3401206436-1008\DC9.DOC

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.20.0
F-Secure Hydra: 2.6.7470, 2008-02-28
F-Secure AVP: 7.0.171, 2008-02-28
F-Secure Pegasus: 1.20.0, 2008-01-25
F-Secure Blacklight: 1.0.64
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 01 March 2008 - 04:12 AM

Delete this please--> C:\PROGRAM FILES\DOWNLOADMANAGER\API.EXE

Empty the recycle bin once its deleted.

Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report


#9 theleggetts

theleggetts
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 01 March 2008 - 10:00 PM

Here is the TotalScan Report:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-03-01 18:59:08
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.516 7.5.516 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00001888 adware/dyfuca Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer
00013869 adware/cydoor Adware No 0 Yes No c:\windows\cache277
00013869 adware/cydoor Adware No 0 Yes No c:\windows\system32\cd_clint.dll
00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}
00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{7BED0340-176B-44bc-915E-C21C1DD6F617}
00119488 Application/MediaPipe HackTools No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP927\A0146118.dll
00119488 Application/MediaPipe HackTools No 0 Yes No C:\Program Files\MediaPipe\register.dll
00136069 adware/commandertoolbar Adware No 0 Yes No hkey_local_machine\software\vones.net\commander ie toolbar
00220923 application/errorsafe HackTools No 0 Yes No hkey_classes_root\rlmtcs.momo.1
00220923 application/errorsafe HackTools No 0 Yes No hkey_classes_root\rlmtcs.ohb
00220923 application/errorsafe HackTools No 0 Yes No hkey_classes_root\rlmtcs.ohb.1
00220923 application/errorsafe HackTools No 0 Yes No hkey_classes_root\rlmtcs.amo.1
00220923 application/errorsafe HackTools No 0 Yes No hkey_classes_root\rlmtcs.amo
00220923 application/errorsafe HackTools No 0 Yes No hkey_classes_root\rlmtcs.iiittt
00220923 application/errorsafe HackTools No 0 Yes No hkey_classes_root\rlmtcs.iiittt.1
00220923 application/errorsafe HackTools No 0 Yes No hkey_classes_root\rlmtcs.momo
00273082 Application/MediaPipe HackTools No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP927\A0146120.exe
00273084 Application/MediaPipe HackTools No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP927\A0146116.exe
00273085 Adware/Weirdontheweb Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP926\A0146082.exe
00284696 Application/MediaPipe HackTools No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP927\A0146119.exe
01326624 Application/MediaPipe HackTools No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP927\A0146115.exe
02899253 Cookie/AntiSpyKit TrackingCookie No 0 Yes No C:\Documents and Settings\Anna Porter Leggett\Cookies\anna_porter_leggett@antispykit[1].txt
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users