Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Downloader.gen.a Trojan


  • This topic is locked This topic is locked
41 replies to this topic

#1 CharlsFarls

CharlsFarls

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oop North
  • Local time:05:51 AM

Posted 11 May 2008 - 05:04 AM

Hi to all you computer experts, I would be so grateful for any help to solve this major P.I.T.A, without actually having to restore my system back to factory settings!

At least once daily and usually up to five times, Mcafee displays the message -

'Mcafee has detected and removed a trojan - downloader.gen.a from your computer
File C:\Users\Charli\setup.exe
Process C:\Users\Charli\svchost.exe
Process description C:\Users\Charli\svchost.exe

Also my computer went reaaaally slow just yesterday - its usually pretty fast, and when I checked in the performance monitor thingy-ma-bob it said CPU usage 100%.

Im really worried that something or someone is accessing my computer! In this report that I will post in just a minute - it will say windows internal firewall is disabled, but I have just gone and sorted this out and re-enabled it (my mcafee firewall was on in any case though). I also tried to delete the svchost.exe file but then i read somewhere that i might need it and so have given up trying to do this!

Many thanks in advance for any help or support that you can give me on this.



Deckard's System Scanner v20071014.68
Run by Charli on 2008-05-11 10:26:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-05-10 14:13:18 UTC - RP339 - Windows Update
1: 2008-05-10 02:59:36 UTC - RP338 - Windows Vista Service Pack 1


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Charli.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:27, on 11/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Windows\System32\atwtusb.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Users\Charli\svchost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\System32\TBLMOUSE.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\limewire\limewire.exe
C:\Users\Charli\Desktop\dss.exe
c:\program files\mcafee\mpf\mc\mpfalert.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Charli.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=2070730
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Host Process] C:\Users\Charli\svchost.exe
O4 - HKCU\..\RunOnce: [x64setup] cmd.exe /c "If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG ADD HKCU\Software\GNU\ffdshow\default /v isSubtitles /t REG_DWORD /d 1 /f&&REG ADD HKCU\Software\GNU\ffdshow_audio /v ac3 /t REG_DWORD /d 15 /f&&regsvr32.exe /s "%programfiles%\VistaCodecPack\filters\MatroskaSplitter.ax""
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3785349236-216697870-3742186525-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Charli\AppData\Local\Temp\~DFEBEF.tmp C:\Users\Charli\AppData\Local\Temp\~DFEBD8.tmp C:\Users\Charli\AppData\Local\Temp\~DFEBB5.tmp C:\Users\Charli\AppData\Local\Temp\~DFEB77.tmp C:\Users\Charli\AppData\Local\Temp\~DFEAE1.tmp C:\Users\Charli\AppData\Local\Temp\~DFEAB3.tmp C:\Users\Charli\AppData\Local\Temp\~DFE2D0.tmp C:\Users\Charli\AppData\Local\Temp\~DFE28D.tmp C:\Users\Charli\AppData\Local\Temp\~DFE218.tmp C:\Users\Charli\AppData\Local\Temp\~DFE1DE.tmp C:\Users\Charli\AppData\Local\Temp\~DFE0F9.tmp C:\Users\Charli\AppData\Local\Temp\~DFE0EE.tmp C:\Users\Charli\AppData\Local\Temp\~DFDD36.tmp C:\Users\Charli\AppData\Local\Temp\~DFDD17.tmp C:\Users\Charli\AppData\Local\Temp\~DFDCA2.tmp C:\Users\Charli\AppData\Local\Temp\~DFDC3A.tmp C:\Users\Charli\AppData\Local\Temp\~DFDBB2.tmp C:\Users\Charli\AppData\Local\Temp\~DFDB37.tmp C:\Users\Charli\AppData\Local\Temp\~DFD83F.tmp C:\Users\Charli\AppData\Local\Temp\~DFD
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Charli\AppData\Local\Temp\~DFEBEF.tmp C:\Users\Charli\AppData\Local\Temp\~DFEBD8.tmp C:\Users\Charli\AppData\Local\Temp\~DFEBB5.tmp C:\Users\Charli\AppData\Local\Temp\~DFEB77.tmp C:\Users\Charli\AppData\Local\Temp\~DFEAE1.tmp C:\Users\Charli\AppData\Local\Temp\~DFEAB3.tmp C:\Users\Charli\AppData\Local\Temp\~DFE2D0.tmp C:\Users\Charli\AppData\Local\Temp\~DFE28D.tmp C:\Users\Charli\AppData\Local\Temp\~DFE218.tmp C:\Users\Charli\AppData\Local\Temp\~DFE1DE.tmp C:\Users\Charli\AppData\Local\Temp\~DFE0F9.tmp C:\Users\Charli\AppData\Local\Temp\~DFE0EE.tmp C:\Users\Charli\AppData\Local\Temp\~DFDD36.tmp C:\Users\Charli\AppData\Local\Temp\~DFDD17.tmp C:\Users\Charli\AppData\Local\Temp\~DFDCA2.tmp C:\Users\Charli\AppData\Local\Temp\~DFDC3A.tmp C:\Users\Charli\AppData\Local\Temp\~DFDBB2.tmp C:\Users\Charli\AppData\Local\Temp\~DFDB37.tmp C:\Users\Charli\AppData\Local\Temp\~DFD83F.tmp C:\Users\Charli\AppData\Local\Temp\~DFD
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm021MXGB
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://scrapzo.blogspot.com
O15 - Trusted Zone: http://www.ilovehotoffthepress.co.uk
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Winferno Subscription Service - Capital Intellect Inc - C:\Program Files\Common Files\Winferno\WSS\WSS.exe

--
End of file - 17915 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 DQLWinService - "c:\program files\common files\intel\inteldh\nms\adpplugins\dqlwinservice.exe" <Not Verified; ; DQLWinSe Application>
R2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe <Not Verified; MyWebSearch.com; My Web Search Bar>
R2 Winferno Subscription Service - "c:\program files\common files\winferno\wss\wss.exe" <Not Verified; Capital Intellect Inc; WSS2007>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (SSTP)
Device ID: ROOT\MS_SSTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (SSTP)
PNP Device ID: ROOT\MS_SSTPMINIPORT\0000
Service: RasSstp


-- Scheduled Tasks -------------------------------------------------------------

2008-05-11 09:45:08 400 --a------ C:\Windows\Tasks\WSSHelper.job
2008-05-10 23:59:24 424 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{38E27E70-2AE3-48B1-9733-1968F26FE145}.job
2008-05-10 14:37:00 256 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2008-05-05 11:36:18 434 --a------ C:\Windows\Tasks\RegPowerClean.job
2007-07-30 11:46:30 368 --a------ C:\Windows\Tasks\McQcTask.job
2007-07-30 11:46:30 366 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-11 10:03:29 0 d-------- C:\Program Files\Trend Micro
2008-05-11 00:01:44 0 d--hs---- C:\Users\Charli\'
2008-05-05 15:26:02 0 d-------- C:\Users\All Users\Intel
2008-05-05 15:26:01 0 d-------- C:\Users\All Users\Gtek
2008-05-05 15:25:59 0 d-------- C:\Program Files\Common Files\Intel
2008-05-05 14:45:25 0 d--hs---- C:\Users\IUSR_NMPR\Templates
2008-05-05 14:45:25 0 d--hs---- C:\Users\IUSR_NMPR\Start Menu
2008-05-05 14:45:25 0 d--hs---- C:\Users\IUSR_NMPR\SendTo
2008-05-05 14:45:25 0 d--hs---- C:\Users\IUSR_NMPR\Recent
2008-05-05 14:45:25 0 d--hs---- C:\Users\IUSR_NMPR\PrintHood
2008-05-05 14:45:25 0 d--hs---- C:\Users\IUSR_NMPR\NetHood
2008-05-05 14:45:25 0 d--hs---- C:\Users\IUSR_NMPR\My Documents
2008-05-05 14:45:25 0 d--hs---- C:\Users\IUSR_NMPR\Local Settings
2008-05-05 14:45:25 0 d--hs---- C:\Users\IUSR_NMPR\Cookies
2008-05-05 14:45:25 0 d--hs---- C:\Users\IUSR_NMPR\Application Data
2008-05-05 14:45:24 0 dr------- C:\Users\IUSR_NMPR\Videos
2008-05-05 14:45:24 0 d-------- C:\Users\IUSR_NMPR\Saved Games
2008-05-05 14:45:24 0 dr------- C:\Users\IUSR_NMPR\Pictures
2008-05-05 14:45:24 262144 --ahs---- C:\Users\IUSR_NMPR\NTUSER.DAT
2008-05-05 14:45:24 0 dr------- C:\Users\IUSR_NMPR\Music
2008-05-05 14:45:24 0 dr------- C:\Users\IUSR_NMPR\Links
2008-05-05 14:45:24 0 dr------- C:\Users\IUSR_NMPR\Favorites
2008-05-05 14:45:24 0 dr------- C:\Users\IUSR_NMPR\Downloads
2008-05-05 14:45:24 0 dr------- C:\Users\IUSR_NMPR\Documents
2008-05-05 14:45:24 0 dr------- C:\Users\IUSR_NMPR\Desktop
2008-05-05 14:45:24 0 d--h----- C:\Users\IUSR_NMPR\AppData
2008-05-04 20:57:58 0 d-------- C:\Users\All Users\Winferno
2008-05-04 20:57:58 0 d-------- C:\Program Files\Common Files\Winferno
2008-05-04 20:57:43 495616 --a------ C:\Windows\system32\WINUTIL5.DLL <Not Verified; Capital Intellect Inc; WINUTIL5>
2008-05-04 20:57:43 393216 --a------ C:\Windows\system32\WINLCTL5.DLL <Not Verified; Capital Intellect Inc; WINLCTL5>
2008-05-04 20:57:42 0 d-------- C:\Program Files\Winferno
2008-05-03 12:40:47 0 d-------- C:\Users\Charli\Adobe Fills and patterns
2008-04-28 23:40:12 0 d-------- C:\Program Files\LimeWire
2008-04-27 18:52:40 0 d-------- C:\Users\All Users\ALM
2008-04-26 01:06:37 0 d-------- C:\Program Files\MagicISO
2008-04-26 00:49:52 147456 --a------ C:\Users\Charli\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-04-26 00:46:39 0 d-------- C:\Users\All Users\FLEXnet
2008-04-25 23:12:58 0 d-------- C:\Program Files\Bonjour
2008-04-25 23:08:11 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-21 22:55:35 0 d-------- C:\Program Files\Apple Software Update
2008-04-20 13:23:13 0 d-------- C:\Users\All Users\ZoomBrowser
2008-04-19 20:31:02 0 d-------- C:\Program Files\Canon
2008-04-19 20:30:04 0 d-------- C:\Program Files\Common Files\Canon
2008-04-16 09:11:25 0 d-------- C:\Program Files\PhotomatixPro3


-- Find3M Report ---------------------------------------------------------------

2008-05-11 09:50:59 0 d-------- C:\Users\Charli\AppData\Roaming\LimeWire
2008-05-11 00:02:07 12 --a------ C:\Windows\bthservsdp.dat
2008-05-10 23:52:20 0 d-------- C:\Program Files\Windows Mail
2008-05-10 04:50:58 174 --ahs---- C:\Program Files\desktop.ini
2008-05-10 04:41:52 0 d-------- C:\Program Files\Windows Sidebar
2008-05-10 04:41:52 0 d-------- C:\Program Files\Windows Calendar
2008-05-10 04:41:52 0 d-------- C:\Program Files\Movie Maker
2008-05-10 04:41:49 0 d-------- C:\Program Files\Windows Collaboration
2008-05-10 04:41:48 0 d-------- C:\Program Files\Windows Journal
2008-05-10 04:41:47 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-10 04:41:38 0 d-------- C:\Program Files\Windows Defender
2008-05-10 04:35:35 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-10 04:35:35 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-09 18:24:49 0 d-------- C:\Program Files\uTorrent
2008-05-09 18:15:14 0 d-------- C:\Program Files\Google
2008-05-08 16:59:44 0 d-------- C:\Program Files\McAfee
2008-05-07 17:32:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-05 15:25:59 0 d-------- C:\Program Files\Common Files
2008-05-05 14:43:57 0 d-------- C:\Program Files\Intel
2008-05-05 14:14:38 0 d-------- C:\Users\Charli\AppData\Roaming\Adobe
2008-04-27 22:22:31 0 d-------- C:\Users\Charli\AppData\Roaming\uTorrent
2008-04-25 23:12:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-21 23:01:35 0 d-------- C:\Program Files\Safari
2008-04-20 12:47:27 0 d-------- C:\Users\Charli\AppData\Roaming\WinRAR
2008-04-15 21:17:24 0 d-------- C:\Users\Charli\AppData\Roaming\Nokia Multimedia Player
2008-04-15 21:12:44 18637 --a------ C:\Users\Charli\AppData\Roaming\NMM-MetaData.db
2008-04-07 12:02:06 0 d-------- C:\Program Files\iTunes
2008-04-07 12:02:01 0 d-------- C:\Program Files\iPod
2008-04-07 12:01:08 0 d-------- C:\Program Files\QuickTime
2008-04-05 18:29:30 0 d-------- C:\Users\Charli\AppData\Roaming\Real
2008-03-26 19:49:13 0 d-------- C:\Users\Charli\AppData\Roaming\Apple Computer


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [30/07/2007 19:09]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [30/07/2007 11:28]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [21/03/2007 13:00]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [06/12/2006 18:10]
"UpdReg"="C:\Windows\UpdReg.EXE" [11/05/2000 01:00]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [17/01/2007 17:30]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [16/03/2007 11:50]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [14/09/2006 07:55]
"atwtusb"="atwtusb.exe" [15/05/2007 16:21 C:\Windows\System32\atwtusb.exe]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 10:24]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [06/10/2007 11:47]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/01/2008 22:18]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [27/06/2007 10:14]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [27/06/2007 10:18]
"CTxfiHlp"="CTXFIHLP.EXE" [15/01/2008 05:55 C:\Windows\System32\Ctxfihlp.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [17/09/2007 09:07]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [17/09/2007 09:07]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [17/09/2007 09:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 12:09]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 14:37]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:34]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 10:23]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
"Host Process"="C:\Users\Charli\svchost.exe" [01/10/2007 12:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"x64setup"=cmd.exe /c "If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG ADD HKCU\Software\GNU\ffdshow\default /v isSubtitles /t REG_DWORD /d 1 /f&&REG ADD HKCU\Software\GNU\ffdshow_audio /v ac3 /t REG_DWORD /d 15 /f&&regsvr32.exe /s "%programfiles%\VistaCodecPack\filters\MatroskaSplitter.ax""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Charli\AppData\Local\Temp\~DFEBEF.tmp C:\Users\Charli\AppData\Local\Temp\~DFEBD8.tmp C:\Users\Charli\AppData\Local\Temp\~DFEBB5.tmp C:\Users\Charli\AppData\Local\Temp\~DFEB77.tmp C:\Users\Charli\AppData\Local\Temp\~DFEAE1.tmp C:\Users\Charli\AppData\Local\Temp\~DFEAB3.tmp C:\Users\Charli\AppData\Local\Temp\~DFE2D0.tmp C:\Users\Charli\AppData\Local\Temp\~DFE28D.tmp C:\Users\Charli\AppData\Local\Temp\~DFE218.tmp C:\Users\Charli\AppData\Local\Temp\~DFE1DE.tmp C:\Users\Charli\AppData\Local\Temp\~DFE0F9.tmp C:\Users\Charli\AppData\Local\Temp\~DFE0EE.tmp C:\Users\Charli\AppData\Local\Temp\~DFDD36.tmp C:\Users\Charli\AppData\Local\Temp\~DFDD17.tmp C:\Users\Charli\AppData\Local\Temp\~DFDCA2.tmp C:\Users\Charli\AppData\Local\Temp\~DFDC3A.tmp C:\Users\Charli\AppData\Local\Temp\~DFDBB2.tmp C:\Users\Charli\AppData\Local\Temp\~DFDB37.tmp C:\Users\Charli\AppData\Local\Temp\~DFD83F.tmp C:\Users\Charli\AppData\Local\Temp\~DFD825.tmp C:\Users\Charli\AppData\Local\Temp\~DFD7FC.tmp C:\Users\Charli\AppData\Local\Temp\~DFD7DE.tmp C:\Users\Charli\AppData\Local\Temp\~DFC365.tmp C:\Users\Charli\AppData\Local\Temp\~DFC34B.tmp C:\Users\Charli\AppData\Local\Temp\~DFB498.tmp C:\Users\Charli\AppData\Local\Temp\~DFAEE9.tmp C:\Users\Charli\AppData\Local\Temp\~DF3D4E.tmp C:\Users\Charli\AppData\Local\Temp\~DF3013.tmp C:\Users\Charli\AppData\Local\Temp\Low\~DFAF5A.tmp C:\Users\Charli\AppData\Local\Temp\Low\~DFAF4B.tmp C:\Users\Charli\AppData\Local\Temp\Low\~DF8823.tmp C:\Users\Charli\AppData\Local\Temp\Low\~DF8811.tmp C:\Users\Charli\AppData\Local\Temp\Low\~DF4D13.tmp C:\Users\Charli\AppData\Local\Temp\Low\~DF4CEA.tmp C:\Users\Charli\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\Charli\AppData\Local\Temp\HSPERF~1.SH! C:\Users\Charli\AppData\Local\Temp\CITRIX~1\GOTOAS~1\480\logA60F.tmp\GOTOAS~1.SH! C:\Users\Charli\AppData\Local\Temp\CITRIX~1\GOTOAS~1\480\logA60F.SH! C:\Users\Charli\AppData\Local\Temp\CITRIX~1\GOTOAS~1\480.SH! C:\Users\Charli\AppData\Local\Temp\CITRIX~1\GOTOAS~1.SH! C:\Users\Charli\AppData\Local\Temp\CITRIX~1.SH! C:\Users\Charli\AppData\Local\Temp\~DFE343.tmp C:\Users\Charli\AppData\Local\Temp\~DFE31D.tmp C:\Users\Charli\AppData\Local\Temp\~DFAA70.tmp C:\Users\Charli\AppData\Local\Temp\~DFAA60.tmp C:\Users\Charli\AppData\Local\Temp\~DF8652.tmp C:\Users\Charli\AppData\Local\Temp\~DF8648.tmp C:\Users\Charli\AppData\Local\Temp\~DF6F70.tmp C:\Users\Charli\AppData\Local\Temp\~DF6F66.tmp C:\Users\Charli\AppData\Local\Temp\~DF6F04.tmp C:\Users\Charli\AppData\Local\Temp\~DF6EE0.tmp C:\Users\Charli\AppData\Local\Temp\~DF6EC5.tmp C:\Users\Charli\AppData\Local\Temp\~DF6EBB.tmp C:\Users\Charli\AppData\Local\Temp\~DF672E.tmp C:\Users\Charli\AppData\Local\Temp\~DF671C.tmp C:\Users\Charli\AppData\Local\Temp\~DF3FBD.tmp C:\Users\Charli\AppData\Local\Temp\~DF3F72.tmp C:\Users\Charli\AppData\Local\Temp\~DF3EC8.tmp C:\Users\Charli\AppData\Local\Temp\~DF380A.tmp C:\Users\Charli\AppData\Local\Temp\~DF2DC.tmp C:\Users\Charli\AppData\Local\Temp\~DF2CF.tmp C:\Users\Charli\AppData\Local\Temp\~DF2C2D.tmp C:\Users\Charli\AppData\Local\Temp\~DF2C11.tmp C:\Users\Charli\AppData\Local\Temp\~DF27F.tmp C:\Users\Charli\AppData\Local\Temp\~DF271.tmp C:\Users\Charli\AppData\Local\Temp\~DF1F77.tmp C:\Users\Charli\AppData\Local\Temp\~DF1F4F.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll 09/05/2008 19:18 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
bthsvcs BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-11 10:38:22 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6700 @ 2.66GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 3069.14 MiB / 1585.24 MiB
Pagefile Memory (total/avail): 7550.84 MiB / 5888.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1877.02 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 921.46 GiB total, 836.89 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.19 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ARRAY - 931.51 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 921.46 GiB - C:

\\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device

\\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device

\\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device

\\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Charli\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHARLI-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Charli
LOCALAPPDATA=C:\Users\Charli\AppData\Local
LOGONSERVER=\\CHARLI-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Charli\AppData\Local\Temp
TMP=C:\Users\Charli\AppData\Local\Temp
USERDOMAIN=Charli-PC
USERNAME=Charli
USERPROFILE=C:\Users\Charli
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Charli
IUSR_NMPR


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9605AE52-2172-448F-BE56-B2086F932412}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9605AE52-2172-448F-BE56-B2086F932412}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAAE8EC2-2340-4D6E-A74D-07814046A11B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAAE8EC2-2340-4D6E-A74D-07814046A11B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCCC08BD-FC52-4AEB-ACF8-6A5C06550468}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCCC08BD-FC52-4AEB-ACF8-6A5C06550468}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
1200-V2 WIRELESS SCROLL TABLET --> Rmtablet KNL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Business Contact Manager for Outlook 2007 SP1 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon RAW Codec --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\RAWCodec120\CRCUnInstall.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Digital Photo Professional 2.2 --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe" -l0x9 /remove
Cutting Plotter Controller --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10FD4A86-EE87-4352-AAFE-EC9E4BAFA811}\setup.exe" -l0x9 -uninst -removeonly
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellConnect --> MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
EPSON Printer Software --> C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
GoToAssist 8.0.0.514 --> C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImTOO DVD to iPod Converter --> C:\Program Files\ImTOO\DVD to iPod Converter 4\Uninstall.exe
ImTOO iPod Computer Transfer --> C:\Program Files\ImTOO\iPod Computer Transfer\Uninstall.exe
ImTOO iPod Movie Converter --> C:\Program Files\ImTOO\iPod Movie Converter 3\Uninstall.exe
Inkscape 0.45.1 --> "C:\Program Files\Inkscape\uninst.exe"
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
Intel® Viiv™ Software --> MsiExec.exe /X{A7472CEE-6E85-4D43-9C71-BDFC0D471F70} /qb!
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LimeWire PRO 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech QuickCam --> MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
My Web Search (Webfetti) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver --> MsiExec.exe /I{0E94871C-623C-464F-A117-B8474BFF84E1}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia Software Launcher --> MsiExec.exe /I{5CCABD37-479D-4304-B1A5-67952C25F8F2}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\OALInst.exe" /U
Orange Preload --> MsiExec.exe /I{38496EC2-78B7-412A-9398-FC6B7DB8E182}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photomatix Pro version 3.0.1 --> "C:\Program Files\PhotomatixPro3\unins000.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Quote Reference Book 3 --> MsiExec.exe /I{2414E8B2-4962-45C8-B204-EF849AD3D9D0}
Quote Reference Book 4 --> MsiExec.exe /I{E47FA496-1642-4813-BECD-7B33C8503548}
ROBO Master-Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C6F917C-F108-40A4-8C21-89276BA0F163}\setup.exe" -l0x9 -uninst -removeonly
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sound Blaster X-Fi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\setup.exe" -l0x9 /remove
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Tiscali Internet --> MsiExec.exe /I{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Mobile Device Center Driver Update --> MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Winferno Registry Power Cleaner --> "C:\Program Files\Winferno\RegistryPowerCleaner\unins000.exe"
ZyGoVideo 2.0 --> C:\Windows\unvise32.exe C:\Program Files\uninstal.log


-- Application Event Log -------------------------------------------------------

Event Record #/Type114616 / Success
Event Submitted/Written: 05/11/2008 09:45:33 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type114601 / Error
Event Submitted/Written: 05/11/2008 09:44:37 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application WSSHelper.exe, version 2008.4.0.0, time stamp 0x47b5bfc2, faulting module WINUTIL5.DLL, version 2006.5.0.23, time stamp 0x449b122b, exception code 0xc0000005, fault offset 0x0005d18c,
process id 0x1224, application start time 0xWSSHelper.exe0.

Event Record #/Type114592 / Error
Event Submitted/Written: 05/11/2008 09:42:01 AM
Event ID/Source: 5007 / WerSvc
Event Description:
The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Event Record #/Type114583 / Success
Event Submitted/Written: 05/11/2008 09:41:41 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type114581 / Success
Event Submitted/Written: 05/11/2008 09:41:40 AM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type162257 / Warning
Event Submitted/Written: 05/11/2008 10:36:40 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Charli-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Charli-PC27 can't undo changes that you allow.

For more information please see the following:
%Charli-PC275

Scan ID: {6218D8A6-F189-445C-94E2-50D09789EC56}

User: Charli-PC\Charli

Name: %Charli-PC271

ID: %Charli-PC272

Severity ID: %Charli-PC273

Category ID: %Charli-PC274

Path Found: %Charli-PC276

Alert Type: %Charli-PC278

Detection Type: 1.1.1505.02

Event Record #/Type162256 / Warning
Event Submitted/Written: 05/11/2008 10:36:40 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Charli-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Charli-PC27 can't undo changes that you allow.

For more information please see the following:
%Charli-PC275

Scan ID: {C27CD685-DF98-4800-BDED-B91C5BEA8749}

User: Charli-PC\Charli

Name: %Charli-PC271

ID: %Charli-PC272

Severity ID: %Charli-PC273

Category ID: %Charli-PC274

Path Found: %Charli-PC276

Alert Type: %Charli-PC278

Detection Type: 1.1.1505.02

Event Record #/Type162255 / Warning
Event Submitted/Written: 05/11/2008 10:36:40 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Charli-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Charli-PC27 can't undo changes that you allow.

For more information please see the following:
%Charli-PC275

Scan ID: {36E77B6B-8DDC-4349-AC91-0262087C54CE}

User: Charli-PC\Charli

Name: %Charli-PC271

ID: %Charli-PC272

Severity ID: %Charli-PC273

Category ID: %Charli-PC274

Path Found: %Charli-PC276

Alert Type: %Charli-PC278

Detection Type: 1.1.1505.02

Event Record #/Type162254 / Warning
Event Submitted/Written: 05/11/2008 10:36:40 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Charli-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Charli-PC27 can't undo changes that you allow.

For more information please see the following:
%Charli-PC275

Scan ID: {01A5FC00-3E24-401B-89A5-F73472227D48}

User: Charli-PC\Charli

Name: %Charli-PC271

ID: %Charli-PC272

Severity ID: %Charli-PC273

Category ID: %Charli-PC274

Path Found: %Charli-PC276

Alert Type: %Charli-PC278

Detection Type: 1.1.1505.02

Event Record #/Type162253 / Warning
Event Submitted/Written: 05/11/2008 10:36:39 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Charli-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Charli-PC27 can't undo changes that you allow.

For more information please see the following:
%Charli-PC275

Scan ID: {DC00D270-C4FA-4426-A01C-942F6C4D7421}

User: Charli-PC\Charli

Name: %Charli-PC271

ID: %Charli-PC272

Severity ID: %Charli-PC273

Category ID: %Charli-PC274

Path Found: %Charli-PC276

Alert Type: %Charli-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-05-11 10:38:22 ------------

BC AdBot (Login to Remove)

 


#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 12 May 2008 - 01:39 PM

Hi

If you have McAfee Personal Firewall enabled (& you have) then the windows firewall should be disabled (which it is) so no problem there, McAfee has taken responsibility from the windows firewall & will probably disable it again anyway if you try to enable it... but don't ... just leave one firewall on (2 firewalls will conflict and neither work correctly)

This is malware :-

C:\Users\Charli\svchost.exe

The svchost.exe in this location needs to be deleted (the legit one which you should leave alone is in the system32 folder)

Don't try to delete it yourself ... we're going to run some programs to clean your computer for you...

first

1. Download SDFix and save it to your Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

2. Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

3. Reboot into Safe Mode`:-

Reboot into >>>safe mode

4. Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.

It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.

Then run & post a new hijackthis log.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 CharlsFarls

CharlsFarls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oop North
  • Local time:05:51 AM

Posted 12 May 2008 - 03:14 PM

Hello there! Thank you so much for replying so quickly to my post!

I have done everything you suggested in the above post and get as far as trying to double click on the RunThis.bat - the command prompt flashes up for a brief moment (about a second) then goes off :thumbsup: ! It wont let me type a Y in anywhere. I have tried right clicking and running it as administrator and still nothing.

Any further help would be most appreciated!

Thanks in advance
Charli

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 12 May 2008 - 04:10 PM

Hi

please go to Start Menu > Run > and copy/paste the following line:-

%systemdrive%\SDFix\apps\FixPath.exe /Q

Reboot and then try to run SDFix again.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 CharlsFarls

CharlsFarls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oop North
  • Local time:05:51 AM

Posted 13 May 2008 - 02:07 AM

Oh dear. It seems I am to be the problem customer! I have copied and pasted the above line into the run box and it still does the same thing :) !

Aaaaaaaaaaaaargh :thumbsup: !

(please help lol)

#6 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 13 May 2008 - 02:54 PM

HI

Sorry if this is a silly question ...

But after you pasted that line into the run box ... you did click OK to run the line before rebooting didn't you ?

If SDFix still does not run, please check the %comspec% variable.

1. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.

%SystemRoot%\system32\cmd.exe

That's the lower box "System variables" the top line should say ComSpec C:\Windows\System32\cmd.exe

steam

Edited by steamwiz, 13 May 2008 - 02:54 PM.

MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#7 CharlsFarls

CharlsFarls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oop North
  • Local time:05:51 AM

Posted 13 May 2008 - 05:30 PM

Oh dear - I really am a pain in the butt! Not a silly question at all - I did click ok after pasting the info into the run box - but it still just flickered up briefly, then went off! Have just tried to do it again to make sure it isnt just me being gormless, and it still doesnt work :thumbsup:

I have also checked the comspec thingy (all these things on my puter and didnt even know they were there!!) and everything is as you say it should be except that the top line just says ComSpec and doesnt say the C:Windows\System32\cmd.exe... bit that you have put there?

I dont know what the heck I am doing wrong! Sound like a stuck record, I know, but thanks so much for your assistance!

#8 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 14 May 2008 - 02:10 PM

Hi

You're no pain, if everything went according to plan, it wouldn't be fun would it ?

If your %comspec% variable doesn't point to C:Windows\System32\cmd.exe

Then we need to make sure it does ...

Right-click My Computer > click Properties > Advanced > Environment Variables

In the lower box under "System variables" click on ComSpec to highlight it ...

Now click the Edit button underneath ...

The box which pops up will have 2 boxes to fill in ...

The top box says ComSpec

Now of I'm correct with what you say, the bottom box will be empty ?

Paste this into it %SystemRoot%\system32\cmd.exe

Click > OK > OK > OK

Now try SDfix again ...

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#9 CharlsFarls

CharlsFarls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oop North
  • Local time:05:51 AM

Posted 14 May 2008 - 02:18 PM

Sorry, its my rubbish explaining!! The top box just says comspec and the bottom box says what it should say! I thought the top box should include this bit from your post the other night:

That's the lower box "System variables" the top line should say ComSpec C:\Windows\System32\cmd.exe

I wish i understood all this caper! I dont know how you do it - how you remember all this stuff!!

Hope Im not beyond help! Lol

Fank yoo once again!

#10 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 14 May 2008 - 02:49 PM

Hi

Big apology coming .... I didn't notice you had Vista, & SDFix isn't compatible with vista ... that's why we weren't getting anywhere ... sorry

I'm on an XP computer at the moment, I'm just going to fire up a Vista computer ...

I want you to run some different programs and provide some logs for me ... these ARE Vista compatible

Please run a Kaspersky Online Scan

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

Click Accept

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan: Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Once finished, save the log to your Desktop as filename KAV.txt
THEN ...

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#11 CharlsFarls

CharlsFarls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oop North
  • Local time:05:51 AM

Posted 15 May 2008 - 03:46 AM

Yaaaaaaaaaaaaaay! I think I (you, that is lol) have done it :thumbsup: !! Here is the MBAM log - I couldnt put the Kav file in because it was too big and it wouldnt let me post it! I'll go and run combofix and post the log, and then maybe, just maybe, it might be sorted!!

Back soon!




Malwarebytes' Anti-Malware 1.12
Database version: 751

Scan type: Quick Scan
Objects scanned: 41825
Time elapsed: 10 minute(s), 28 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 1
Registry Keys Infected: 131
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 15
Files Infected: 65

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Unloaded process successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Unloaded process successfully.
C:\Users\Charli\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\ci.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\Charli\svchost.exe (Worm.IRCBot) -> Quarantined and deleted successfully.

#12 CharlsFarls

CharlsFarls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oop North
  • Local time:05:51 AM

Posted 15 May 2008 - 03:54 AM

Sorry to be a pain, can I just ask - if I run this combofix (crikey, it sure seems complicated!!) will I lose the programmes on my computer that I have downloaded online or any files/photos?

Thanks!

#13 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 15 May 2008 - 01:31 PM

HI

Combofix will not delete any of your personal files/photos or any programs you have downloaded, unless unknown to you they were malware, in which case they would be causing you problems & you wouldn't want them anyway...

Combofix may look complicated to run, but read the instructions one line at a time, & you'll find it's really quite simple... the log will show me lot's of information in possible malware in your computer ...

The last entry in the Malwarebytes' Anti-Malware log is the one which is causing the most concern for me ...

C:\Users\Charli\svchost.exe (Worm.IRCBot) -> Quarantined and deleted successfully.

The file itself may now have been deleted, but I'm sure there is still more of it on your computer ....

RE: "the Kav file" just how big is it ? can you split it into 2 or 3 posts & post it ? or attach it ?

near the top of the file you will see something like this :-

Scan Statistics
Total number of scanned objects 78660
Number of viruses found 4
Number of infected objects 8
Number of suspicious objects 0

Duration of the scan process 01:04:17

Can you at least post this part ...

steam

Edited by steamwiz, 15 May 2008 - 01:32 PM.

MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#14 CharlsFarls

CharlsFarls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oop North
  • Local time:05:51 AM

Posted 15 May 2008 - 04:27 PM

Hey!

I will split it into two or three parts for you, no problem!! Its you doing the donkey work - im just pressing keys and stuff! I was thinking of attaching it but its 2.05mb and the limit here is 500kb i think! I will get on the case with this combofix - i really must invest in a separate hard drive!

Oh BTW - when I switched my comp on before it said - your computer was unable to startup - windows is attempting to repair it.....i was all scared and thought it had died!! But it came back on eventually!

Off to do the combo fix.....



PS - everything that was logged in the following report said the same thing - object is locked - skipped, over and over and over! All the way to the end! The following is not even a fifth of the information contained in the report, more like a tenth at most! Really hope this is helpful to you - if you need more please let me know and i will get on the case ASAP.

Charli


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 15, 2008 7:07:00 AM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/05/2008
Kaspersky Anti-Virus database records: 773829
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
M:\

Scan Statistics:
Total number of scanned objects: 193194
Number of viruses found: 13
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 01:51:51

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10071.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10072.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10073.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10074.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10075.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10076.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10077.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10078.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10079.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1007a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1007b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1007c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1007d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1007e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1007f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10080.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10081.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10082.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10083.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10084.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10085.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10086.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10087.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10088.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10089.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1008a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1008b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1008c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1008d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1008e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1008f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10090.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10091.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10092.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10093.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10094.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10095.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10096.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10097.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10098.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10099.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1009a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1009b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1009c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1009d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1009e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1009f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100a0.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100a1.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100a2.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100a3.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100a4.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100a5.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100a6.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100a7.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100a8.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100a9.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100aa.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100ab.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100ac.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100ad.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100ae.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100af.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100b0.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100b1.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100b2.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100b3.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100b4.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100b5.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100b6.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100b7.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100b8.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100b9.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100ba.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100bb.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100bc.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100bd.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100be.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100bf.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\100c0.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101b9.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101ba.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101bb.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101bc.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101bd.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101be.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101bf.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101c0.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101c1.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101c2.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101c3.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101c4.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101c5.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101c6.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101c7.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101c8.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101c9.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101ca.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101cb.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101cc.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101cd.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101ce.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101cf.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101d0.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101d1.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101d2.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101d3.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101d4.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101d5.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101d6.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101d7.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101d8.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101d9.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101da.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101db.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101dc.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101dd.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101de.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101df.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\101e0.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10245.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10246.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10247.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10248.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10249.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1024a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1024b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1024c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1024d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1024e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1024f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10250.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10251.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10252.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10253.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10254.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10255.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10256.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10257.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10258.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10259.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1025a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1025b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1025c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1025d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1025e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1025f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10260.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10261.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10262.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10263.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10264.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10265.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10266.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10267.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10268.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10269.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1026a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1026b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1026c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102e1.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102e2.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102e3.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102e4.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102e5.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102e6.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102e7.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102e8.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102e9.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102ea.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102eb.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102ec.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102ed.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102ee.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102ef.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102f0.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102f1.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102f2.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102f3.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102f4.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102f5.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102f6.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102f7.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102f8.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102f9.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102fa.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102fb.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102fc.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102fd.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102fe.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\102ff.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10300.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10301.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10302.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10303.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10304.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10305.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10306.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10307.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10308.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1033f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10340.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10341.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10342.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10343.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10344.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10345.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10346.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10347.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10348.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10349.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1034a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1034b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1034c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1034d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1034e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1034f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10350.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10351.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10352.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10353.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10354.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10355.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10356.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10357.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10358.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10359.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1035a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1035b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1035c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1035d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1035e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1035f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10360.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10361.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10362.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10363.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10364.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10365.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10366.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10407.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10408.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10409.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1040a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1040b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1040c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1040d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1040e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1040f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10410.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10411.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10412.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10413.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10414.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10415.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10416.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10417.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10418.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10419.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1041a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1041b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1041c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1041d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1041e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1041f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10420.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10421.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10422.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10423.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10424.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10425.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10426.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10427.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10428.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10522.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10523.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10524.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10525.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10526.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10527.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10528.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10529.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1052a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1052b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1052c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1052d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1052e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1052f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10530.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10531.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10532.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10533.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10534.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10535.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10536.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10537.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10538.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10539.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1053a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1053b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1053c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1053d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1053e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1053f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10540.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10541.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10542.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10543.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10544.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10545.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10546.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10547.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10548.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10549.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1060c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1060d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1060e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1060f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10610.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10611.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10612.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10613.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10614.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10615.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10616.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10617.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10618.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10619.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1061a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1061b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1061c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1061d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1061e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1061f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10620.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10621.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10622.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10623.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10624.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10625.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10626.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10627.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10628.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10629.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1062a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1062b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1062c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1062d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1062e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1062f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10630.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10631.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10632.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10633.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10634.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10635.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10636.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10637.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10638.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10639.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1063a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1063b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1063c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1063d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1063e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1063f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10640.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10641.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10642.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10643.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10644.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10645.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10646.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10647.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10648.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10649.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1064a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1064b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1064c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1064d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1064e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1064f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10650.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10651.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10652.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10653.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10654.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10655.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10656.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10657.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10658.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10659.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1065a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1065b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1065c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1065d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1065e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1065f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10660.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10661.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10662.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10663.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10664.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10665.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10666.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10667.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10668.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10669.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1066a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1066b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1066c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1066d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1066e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1066f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10670.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10671.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10672.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10673.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10674.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10675.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10676.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10677.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10678.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10679.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1067a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1067b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1067c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1067d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1067e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1067f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10680.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10681.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10682.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10683.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10684.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10685.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10686.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10687.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10688.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10689.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1068a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1068b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1068c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1068d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1068e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1068f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10690.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10691.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10692.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10693.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10694.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10695.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10696.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10697.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10698.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10699.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1069a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1069b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1069c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1069d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1069e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1069f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106a0.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106a1.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106a2.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106a3.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106a4.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106a5.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106a6.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106a7.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106a8.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106a9.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106aa.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106ab.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106bc.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106bd.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106be.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106bf.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106c0.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106c1.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106c2.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106c3.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106c4.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106c5.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106c6.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106c7.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106c8.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106c9.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106ca.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106cb.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106cc.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106cd.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106ce.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106cf.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106d0.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106d1.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106d2.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106d3.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106d4.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106d5.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106d6.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106d7.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106d8.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106d9.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106da.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106db.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106dc.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106dd.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106de.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106df.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106e0.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106e1.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106e2.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106e3.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106e4.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106e5.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106e6.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106e7.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106e8.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106e9.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106ea.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106eb.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106ec.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106ed.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106ee.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106ef.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106f0.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106f1.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106f2.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106f3.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106f4.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106f5.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106f6.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106f7.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106f8.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106f9.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106fa.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106fb.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106fc.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106fd.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106fe.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\106ff.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10700.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10701.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10702.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10703.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10704.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10705.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10706.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10707.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10708.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10709.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1070a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1070b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10773.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10774.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10775.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10776.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10777.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10778.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10779.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1077a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1077b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1077c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1077d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1077e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1077f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10780.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10781.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10782.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10783.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10784.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10785.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10786.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10787.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10788.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10789.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1078a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1078b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1078c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1078d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1078e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1078f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10790.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10791.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10792.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10793.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10794.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10795.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10796.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10797.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10798.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10799.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1079a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1081f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10820.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10821.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10822.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10823.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10824.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10825.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10826.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10827.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10828.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10829.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1082a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1082b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1082c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1082d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1082e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1082f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10830.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10831.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10832.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10833.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10834.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10835.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10836.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10837.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10838.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10839.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1083a.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1083b.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1083c.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1083d.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1083e.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\1083f.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10840.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10841.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10842.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10843.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10844.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10845.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\10846.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\108ea.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\108eb.mst Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\108ec.mst Object is locked skipped

#15 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 16 May 2008 - 03:06 AM

Hi Charli

RE: KASPERSKY ONLINE SCANNER REPORT

Scan Statistics:
Total number of scanned objects: 193194
Number of viruses found: 13
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 01:51:51

There are just 18 lines in the report that I need to see ...

Number of infected objects: 18

All the lines which say Object is locked skipped are OK

Go to the report you saved & in the menu at the very top, click > edit > find > in the box, type infected then click find next & it will find the first line with infected in it ...

save the line, starting from the C:\ (or another letter if it's a different line) then click find next again, & so on until you have all 18 ... then post them for me.

Oh BTW - when I switched my comp on before it said - your computer was unable to startup - windows is attempting to repair it.....i was all scared and thought it had died!! But it came back on eventually!


Has it done this before ?

It could have been a result of Malwarebytes' Anti-Malware removing the worm ...

C:\Users\Charli\svchost.exe (Worm.IRCBot) -> Quarantined and deleted successfully.

Hope you're not having problems running Combofix ...

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users