Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Your Privacy Is In Danger Keeps Returning


  • This topic is locked This topic is locked
4 replies to this topic

#1 simeytwin

simeytwin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 11 May 2008 - 02:06 PM

Hi

My desktop keeps reverting to Red "you privacy is in danger" and explorer open takes its self to system-defender.com

I have tride Adaware Plus, Spybot S&D and Smitfraudfix but it keeps coming back.

Am bit of a beginner when it comes to restore points etc.

Deckard's System Scanner v20071014.68
Run by Simon Thompson on 2008-05-11 19:18:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
87: 2008-05-11 18:18:28 UTC - RP1543 - Deckard's System Scanner Restore Point
86: 2008-05-11 08:32:35 UTC - RP1542 - System Checkpoint
85: 2008-05-10 06:53:13 UTC - RP1541 - Installed Ad-Aware 2007
84: 2008-05-08 21:28:09 UTC - RP1540 - System Checkpoint
83: 2008-05-07 19:41:21 UTC - RP1539 - System Checkpoint


-- First Restore Point --
1: 2008-02-11 22:21:02 UTC - RP1457 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Simon Thompson.exe) --------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-11 19:24:37
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\backWeb-7681197.exe
C:\WINDOWS\SYSTEM32\cisvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Firefly Media Server\firefly.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.exe
C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.exe
C:\Program Files\F-Secure\Anti-Virus\FSAV32.exe
C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Firefly Media Server\FireflyShell.exe
C:\Program Files\MonkeyLicense\sbPopper\sbPopper.exe
C:\Documents and Settings\Simon Thompson\Local Settings\Application Data\FolderShare\FolderShare.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Simon Thompson\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Simon Thompson.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O1 - Hosts: 10.0.10.207 s007
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\WINDOWS\GoogleToolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: QXK Rhythm - {B139642C-0F49-4630-812B-37B559803458} - C:\WINDOWS\fvowketqftn.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\GoogleToolbar5.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: pvnsmfor - {59EC7E90-81DE-40EC-B1EB-93E3CA3AD395} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [FireflyShell] "C:\Program Files\Firefly Media Server\FireflyShell.exe" -q
O4 - HKCU\..\Run: [sbPopper] C:\Program Files\MonkeyLicense\sbPopper\sbPopper.exe
O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Simon Thompson\Local Settings\Application Data\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Bridge () - http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/i263_32.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169494683875
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} () - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.blueyonder.co.uk/html/software...tivePreQual.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/html - - (no file)
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: mpfanvqg - {792B7B3C-5C62-48A5-B3BF-9BF14895DA2A} - C:\WINDOWS\mpfanvqg.dll
O21 - SSODL: vbksrofa - {2B242D0F-E231-4682-A453-3C2BC91E52CA} - C:\WINDOWS\vbksrofa.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.exe
O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
O23 - Service: Freeloader Monthly Subscription Service - Unknown owner - C:\Program Files\Common Files\Freeloader Shared\Service\Freeloader Monthly Subscription Service File.exe
O23 - Service: Freeloader Subscription Service - Unknown owner - C:\Program Files\Common Files\Freeloader Shared\Service\Freeloader Subscription Service File.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\SYSTEM32\NMSSvc.Exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\System32\MsPMSPSv.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 14442 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - unable to read value
.js - JSFile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\f-secure\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure\anti-virus\win2k\fsrec.sys
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>

S3 CLPCIID - c:\program files\cyberlink\powerdvd\clpciid.sys <Not Verified; CyberLink Corp.; clpciid>
S3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel® NMSCFG Driver>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BackWeb Client - 7681197 (F-Secure BackWeb) - c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 F-Secure Gatekeeper Handler Starter - "c:\program files\f-secure\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corp.; F-Secure Corp. Startup service>
R2 FSMA - "c:\program files\f-secure\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "c:\program files\f-secure\fwes\program\fsdfwd.exe" <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield>
R3 F-Secure Network Request Broker - "c:\program files\f-secure\common\fnrb32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>

S3 Freeloader Monthly Subscription Service - "c:\program files\common files\freeloader shared\service\freeloader monthly subscription service file.exe"
S3 Freeloader Subscription Service - "c:\program files\common files\freeloader shared\service\freeloader subscription service file.exe"
S3 F-Secure BackWeb LAN Access - "c:\program files\f-secure\backweb\7681197\program\fsbwlan.exe"
S3 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
S4 WMDM PMSP Service - c:\windows\system32\mspmspsv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-10 13:47:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-25 22:25:00 288 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-02-25 23:25:00 410 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2003-06-01 17:05:47 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-11 14:28:14 0 d-------- C:\WINDOWS\privacy_danger
2008-05-11 14:20:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-11 14:20:09 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-11 14:20:05 0 d-------- C:\WINDOWS\LastGood
2008-05-11 14:05:52 0 d-------- C:\Program Files\Trend Micro
2008-05-10 19:32:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-10 18:51:58 2306 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-10 15:18:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-10 15:18:30 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-10 15:18:30 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-10 15:18:30 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-10 15:18:30 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-10 15:18:30 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-10 15:18:30 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-10 15:18:30 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-10 15:18:30 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-10 15:18:30 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-10 15:18:30 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-10 15:18:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-05-10 15:18:30 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-10 15:18:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-10 15:18:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-10 15:18:28 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-10 08:17:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 07:53:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 07:52:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-09 23:00:22 0 d-------- C:\Documents and Settings\Simon Thompson\Application Data\TmpRecentIcons
2008-05-09 21:29:00 0 d-------- C:\Documents and Settings\Antonia Canning\Application Data\TmpRecentIcons
2008-05-09 20:16:43 102400 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-09 20:16:42 274432 --a------ C:\WINDOWS\mpfanvqg.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-11 19:18:15 0 d-------- C:\Program Files\Firefly Media Server
2008-05-10 10:23:59 0 d-a------ C:\Program Files\Common Files
2008-05-10 10:21:14 0 d-------- C:\Program Files\RegistryFix
2008-05-10 07:53:18 0 d-------- C:\Program Files\Lavasoft
2008-05-08 20:52:37 0 d-------- C:\Program Files\Last.fm
2008-05-05 19:28:35 0 d-------- C:\Documents and Settings\Simon Thompson\Application Data\ZoomBrowser EX
2008-03-29 14:28:46 0 d-------- C:\Program Files\PacificPoker4
2008-03-24 19:23:58 0 d-------- C:\Documents and Settings\Simon Thompson\Application Data\Canon
2008-03-24 19:11:56 0 d-------- C:\Program Files\Canon
2008-03-24 19:08:55 0 d-------- C:\Program Files\Common Files\Canon
2008-03-09 11:54:25 495104 --a------ C:\WINDOWS\system32\mp3tsshx.dll
2008-03-04 11:00:43 1158 --a------ C:\WINDOWS\mozver.dat
2008-03-04 10:34:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-16 11:59:09 46 --a------ C:\WINDOWS\system32\DonationCoder_rokusnooper_InstallInfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B139642C-0F49-4630-812B-37B559803458}]
C:\WINDOWS\fvowketqftn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [09/09/2004 10:03]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [27/05/2004 09:57]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [12/12/2006 01:36]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 08:56 C:\WINDOWS\SYSTEM32\bthprops.cpl]
"PD0630 STISvc"="P0630Pin.dll" [05/06/2005 18:01 C:\WINDOWS\SYSTEM32\P0630Pin.dll]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [13/06/2007 11:19]
"FolderShare"="C:\Program Files\FolderShare\FolderShare.exe" []
"FireflyShell"="C:\Program Files\Firefly Media Server\FireflyShell.exe" [18/05/2007 04:32]
"sbPopper"="C:\Program Files\MonkeyLicense\sbPopper\sbPopper.exe" [29/06/2007 03:09]
"Windows Live FolderShare"="C:\Documents and Settings\Simon Thompson\Local Settings\Application Data\FolderShare\FolderShare.exe" [15/04/2008 14:15]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"Steam"="" []

C:\Documents and Settings\Simon Thompson\Start Menu\Programs\Startup\
DESKTOP.INI [03/09/2002 09:00:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [23/07/2003 17:44:55]
blueyonder Instant Support Tool.lnk - C:\Program Files\blueyonder IST\bin\matcli.exe [25/07/2003 20:16:46]
DESKTOP.INI [03/09/2002 09:00:00]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"= {792B7B3C-5C62-48A5-B3BF-9BF14895DA2A} - C:\WINDOWS\mpfanvqg.dll [09/05/2008 05:18 274432]
"vbksrofa"= {2B242D0F-E231-4682-A453-3C2BC91E52CA} - C:\WINDOWS\vbksrofa.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
"DataLayer"=C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
"PD0630 STISvc"=RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- Hosts -----------------------------------------------------------------------

10.0.10.207 s007
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

8372 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-11 19:28:49 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.00GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 1023 MiB / 342.95 MiB
Pagefile Memory (total/avail): 1693.52 MiB / 1215.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.85 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 55.83 GiB total, 24.5 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - IC35L060AVV207-0 - 55.87 GiB - 2 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 55.83 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.

FW: F-Secure Anti-Virus Client Security 5.55 v5.55 (F-Secure Corporation)
AV: F-Secure Anti-Virus Client Security 5.55 v5.55 (F-Secure Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\Simon Thompson\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"="C:\\Documents and Settings\\Simon Thompson\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe:*:Enabled:Windows Live FolderShare Beta"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kazaa Lite\\Kazaa.kpp"="C:\\Program Files\\Kazaa Lite\\Kazaa.kpp:*:Enabled:Kazaa Lite"
"C:\\Program Files\\Replay Radio 5\\Tuner.exe"="C:\\Program Files\\Replay Radio 5\\Tuner.exe:*:Enabled:Tuner"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Firefly Media Server\\firefly.exe"="C:\\Program Files\\Firefly Media Server\\firefly.exe:*:Enabled:Firefly Media Server"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\Simon Thompson\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"="C:\\Documents and Settings\\Simon Thompson\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe:*:Enabled:Windows Live FolderShare Beta"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Simon Thompson\Application Data
audesktop=C:\DOCUME~1\ALLUSE~1\Desktop
aufavorites=C:\DOCUME~1\ALLUSE~1\FAVORI~1
austartm=C:\DOCUME~1\ALLUSE~1\STARTM~1
austartprg=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs
austartup=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
CancelDNS=Configuration canceled. Check your network settings.
ChoixMenu=2
ChoixRegistre=y
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CleanDNS=Do you want to set your network to dynamic -DHCP- Server ?
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D2HFPQ0J
ComSpec=C:\WINDOWS\system32\cmd.exe
CurDir=C:\Documents and Settings\Simon Thompson\Desktop\SmitfraudFix
desktop=C:\DOCUME~1\SIMONT~1\Desktop
DNSHJ=Your computer may be victim of a DNS Hijack
DoReboot=0
DoRestart=0
favorites=C:\DOCUME~1\SIMONT~1\FAVORI~1
fixname=SmitFraudFix
fixvers=v2.320
FP_NO_HOST_CHECK=NO
FSType=NTFS
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Simon Thompson
huy32Mess=huy32 detected, use a Rootkit scanner
KDMess=detected !
lang=int
LOGONSERVER=\\D2HFPQ0J
lzx32Mess=lzx32 detected, use a Rootkit scanner
MIGO_DRIVE=F
msguardMess=msguard detected, use a Rootkit scanner
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\;C:\WINDOWS\COMMAND
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
pe386Mess=pe386 detected, use a Rootkit scanner
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RKScan=use a Rootkit scanner
SafeMDisp=Fix run in safe mode
SafeMWarn=Fix run in normal mode
sChoice=Enter your choice
sDel=Deleted
sEnd=End
sError=Problem while deleting
SESSIONNAME=Console
sFound=FOUND !
sFoundLSP=Detected, use LSPFix.exe to delete !
sFSType=The filesystem type is
sfxname=C:\Documents and Settings\Simon Thompson\Desktop\SmitfraudFix.exe
sHOSTS=hosts file corrupted !
sInfect=infected !
sInfect2=infected !
sNotFound=not found
sProcess=Killing process
sRegClean=Registry Cleaning
sRegCleanQ=Do you want to clean the registry ? (y/n)
sRen=Please, Reboot and Run SmitfraudFix option 2 once again.
sRunFrom=Run from
sScanDate=Scan done at
sSearch=Scanning
startm=C:\DOCUME~1\SIMONT~1\STARTM~1
startprg=C:\DOCUME~1\SIMONT~1\STARTM~1\Programs
startup=C:\DOCUME~1\SIMONT~1\STARTM~1\Programs\Startup
sTempFolder=Deleting Temp Files
sTrustBackUp=Saving BackUp
sTrustDone=Trusted Zone deleted.
sTrustError=*** Error : zone.reg not found ***
sTrustQ=Restore Trusted Zone ? (y/n)
sWininetQ=Replace infected file ? (y/n)
sWiniSearch=Scanning for wininet.dll backup
syspath=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SIMONT~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SIMONT~1\LOCALS~1\Temp
USERDOMAIN=D2HFPQ0J
USERNAME=Simon Thompson
USERPROFILE=C:\Documents and Settings\Simon Thompson
Version=Microsoft Windows XP [Version 5.1.2600]
windir=C:\WINDOWS
xpdtMess=xpdt detected, use a Rootkit scanner
xpdxMess=xpdx detected, use a Rootkit scanner


-- User Profiles ---------------------------------------------------------------

Simon Thompson (admin)
Antonia Canning (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Policy Manager Support"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> C:\PROGRA~1\BLUEYO~1\Uninstall.exe blueyonder
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\BWUnin-6.1.4.55-7681197L.exe -AppId 7681197
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93CC99FD-FCFC-4BAB-BCB0-3814826DF93D}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Prophet KYRO Series --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hercules\3D Prophet KYRO Series\Uninst.isu" -c"C:\Program Files\Hercules\SharedUninst\pmxgenin.dll"
Ace Utilities --> "C:\Program Files\Ace Utilities\uninstall.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Advanced Video FX Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9 /remove
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D95ED581-3C67-4BB4-AA50-DDCC6A97226D}\SETUP.EXE" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
blueyonder Instant Support Tool --> C:\WINDOWS\Motive\blueyonder\MCCUninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MP Drivers 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D335AC77-6F59-46D6-9082-F74A9F7E0FC3}\Setup.exe" -l0x9 -Uninstall
Canon MP Navigator 1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8653730A-683D-4C42-BB18-6471291D5DEA}\setup.exe" /SUUninstall
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\setup.exe" -l0x9 anything
Canon Utilities Digital Photo Professional 2.2 --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Citrix Web Client --> C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Creative Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 /remove
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Creative WebCam Live! Driver (1.02.03.0606) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script Pd0630.uns -unsext NT -plugin P0630Pin.dll -pluginres P0630Pin.crl
Creative WebCam Live! User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam\Creative WebCam Live! User's Guide\English\CTManual.isu"
Dan Elwell's Broadband Speed Test --> "C:\Program Files\Dan Elwell's Broadband Speed Test\unins000.exe"
del.icio.us Buttons for Internet Explorer --> MsiExec.exe /I{08F7CCA6-8590-4401-8B44-CEB09A909AAB}
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
Disk Usage --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\DiskUsage\ST6UNST.LOG"
DivX Player --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Player\uninstal.log
DivX Pro Codec Adware --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Pro Codec Adware\uninstal.log
DriverGuide Toolkit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEA5EF64-B694-4B79-9A2C-0FF738906A1D}\setup.exe"
Driving Test Success 2003-2004 --> MsiExec.exe /I{27A4C502-AAD6-402F-8A36-63ECB26B67D6}
E-Color Indicator --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\E-Color\E-Color Indicator\Uninst.isu" -c"C:\Program Files\E-Color\E-Color Indicator\TICUninstall.dll"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
F-Secure Anti-Virus Client Security - E-mail Scanning --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
F-Secure Anti-Virus Client Security - Internet Shield --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
F-Secure Anti-Virus Client Security - Virus Protection --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
F-Secure BackWeb --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure BackWeb"
F-Secure Management Agent --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
FinePixViewer Ver.3.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
Firefly Media Server --> C:\Program Files\Firefly Media Server\uninst.exe
Freeloader Subscription (Shared Components) --> C:\Program Files\Common Files\Freeloader Shared\Uninstall\Freeloader Subscription\B224D000\UninstApplet.exe /uninstall
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 /remove
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\windows\googletoolbar5.dll"
Guillemot Hardware Inspector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD> -l0x9
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
Intel® PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
iScrobbler --> C:\Program Files\iTunes\UninstalliScrobble.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jimmy Whites 2 --> C:\Program Files\freeloader.com\Jimmy White 2\Uninstall.exe
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Last.fm 1.5.0.24910 --> "C:\Program Files\Last.fm\unins000.exe"
Last.fm Player 1.1.4 --> "C:\Program Files\Last.fm Player\unins000.exe"
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" mmUninstall
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Magic MP3 Tagger 2.2.4d --> "C:\Program Files\Magic MP3 Tagger\unins000.exe"
Mahjong Master - from freeloader.com --> C:\Program Files\freeloader.com\Mahjong Master\Uninstall.exe
MediaBar --> C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.exe "C:\WINDOWS\Downloaded Program Files\MusicManagerPlugin.ocx" "{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}"
Medieval Total War --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Total War\Medieval - Total War\Uninst.isu"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3-Tag Studio 3.05 --> MsiExec.exe /X{CF0C0E58-2C1A-4645-85FC-D3DF9686EF60}
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c
MusicBrainz Picard 0.9.0 --> C:\Program Files\MusicBrainz Picard\uninst.exe
Pacific Poker --> C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pinnacle SoundBridge --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBEA7689-67B9-40DE-B2A2-6450243E24C1}\Setup.exe" -l0x9 UNINSTALL
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Raptor Special Edition --> C:\PROGRA~1\eGames\RAPTOR~1\UNWISE.EXE C:\PROGRA~1\eGames\RAPTOR~1\INSTALL.LOG
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Replay Radio 5.2 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Radio 5\irunin.ini"
RokuRadioSnooper v2.10.06 --> "C:\Program Files\Roku Radio Snooper\unins000.exe"
sbPopper --> MsiExec.exe /X{A89D34D2-B1AD-495C-B1AA-61FF06F1B6C7}
Security Task Manager 1.7 --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
SightSpeed (remove only) --> "C:\Program Files\SightSpeed\uninst.exe"
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartFTP Client 2.5 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
Solitaire Master - from freeloader.com --> C:\Program Files\freeloader.com\Solitaire Master\Uninstall.exe
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
Soundflavor DJ 1.30 --> C:\Program Files\Soundflavor DJ\uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Tagrunner --> MsiExec.exe /I{752D18A4-696E-4C87-8087-C876C24660CA}
Tech Demos --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C0420B1-CA56-4FF8-A2B7-C02D5E8C2A0C}\Setup.exe"
The Ur-Quan Masters 0.5.0 --> C:\Program Files\The Ur-Quan Masters\uninst.exe
Tile Blazer Special Edition --> C:\PROGRA~1\eGames\TILEBL~1\UNWISE.EXE C:\PROGRA~1\eGames\TILEBL~1\INSTALL.LOG
Tiscali 10.0 --> MsiExec.exe /X{1EDBB5DD-3AB0-49D8-99CC-235A93865D03}
Torrent Episode Downloader --> MsiExec.exe /I{C672363C-69EC-4549-B955-AA9997BCACDA}
Tremulous 1.1.0 --> "C:\Program Files\Tremulous\uninstall.exe"
Tunatic --> "C:\WINDOWS\lsb_un20.exe" /C=UC /N=Tunatic
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u
WebCam Live! Product Registration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93CC99FD-FCFC-4BAB-BCB0-3814826DF93D}\SETUP.EXE" -l0x9 /remove
WinCleaner OneClick Cleanup Version 10 --> "C:\Program Files\blcorp\WCCSC\unins000.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live FolderShare Beta --> MsiExec.exe /X{FE434300-A311-4BE1-93BA-B74BC8C4017B}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
X-Lite 3.0 --> "C:\Program Files\CounterPath\X-Lite\unins000.exe"
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type26609 / Error
Event Submitted/Written: 05/11/2008 05:44:00 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
5 2008-05-11 17:43:59+01:00 d2hfpq0j D2HFPQ0J\Simon Thompson F-Secure Anti-Virus
Scanning of C:\WINDOWS\PREFETCH\BACKWEB-7681197.EXE-0CD34FA2.PF was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Event Record #/Type26556 / Error
Event Submitted/Written: 05/11/2008 03:29:35 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
4 2008-05-11 15:29:35+01:00 d2hfpq0j D2HFPQ0J\Simon Thompson F-Secure Anti-Virus
Malicious code found in file C:\DOCUMENTS AND SETTINGS\SIMON THOMPSON\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OHENCPQN\SYSTEMDEFENDER_INSTALLER[1].0XE.
Infection: Trojan-Downloader.Win32.Adload.ma

Event Record #/Type26555 / Error
Event Submitted/Written: 05/11/2008 03:29:22 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
3 2008-05-11 15:29:19+01:00 d2hfpq0j D2HFPQ0J\Simon Thompson F-Secure Anti-Virus
Malicious code found in file C:\DOCUMENTS AND SETTINGS\SIMON THOMPSON\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KD6B4TQZ\SYSTEMDEFENDER_INSTALLER[1].0XE.
Infection: Trojan-Downloader.Win32.Adload.ma

Event Record #/Type26538 / Error
Event Submitted/Written: 05/11/2008 02:48:52 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
2 2008-05-11 14:48:49+01:00 d2hfpq0j D2HFPQ0J\Simon Thompson F-Secure Anti-Virus
Scanning of C:\DOCUMENTS AND SETTINGS\ANTONIA CANNING\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DKQ5228P.DEFAULT\CACHE\12934877D01 was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Event Record #/Type26517 / Error
Event Submitted/Written: 05/11/2008 01:57:44 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
1 2008-05-11 13:57:44+01:00 d2hfpq0j D2HFPQ0J\Simon Thompson F-Secure Anti-Virus
Malicious code found in file C:\DOCUMENTS AND SETTINGS\SIMON THOMPSON\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KD6B4TQZ\SYSTEMDEFENDER_INSTALLER[1].EXE.
Infection: Trojan-Downloader.Win32.Adload.ma



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type79136 / Error
Event Submitted/Written: 05/11/2008 02:10:01 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type79126 / Warning
Event Submitted/Written: 05/11/2008 09:39:04 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0007E97C19CE. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type79123 / Warning
Event Submitted/Written: 05/11/2008 09:38:26 AM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Event Record #/Type79119 / Warning
Event Submitted/Written: 05/11/2008 09:18:34 AM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Event Record #/Type79116 / Error
Event Submitted/Written: 05/11/2008 08:21:32 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 82.35.77.8 for the Network Card with network address 0007E97C19CE has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).



-- End of Deckard's System Scanner: finished at 2008-05-11 19:28:49 ------------


*KASPERSKY ONLINE SCANNER REPORT*
Sunday, May 11, 2008 7:18:27 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2
(Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/05/2008
Kaspersky Anti-Virus database records: 756163

*Scan Settings*
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
*Scan Target* My Computer
A:\
C:\
D:\
*Scan Statistics*
Total number of scanned objects 144314
Number of viruses found 17
Number of infected objects 48
Number of suspicious objects 6
Duration of the scan process 03:27:31


*Infected Object Name* *Virus Name* *Last Action*
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is
locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local
Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet
Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked
skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is
locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is
locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local
Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary
Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked
skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is
locked skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/Documents and Settings/Simon
Thompson/Local Settings/Temp/a.0xe Infected:
Trojan-Downloader.Win32.Agent.xq skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/Documents and Settings/Simon
Thompson/Local Settings/Temp/ajdnjhfo10.0xe Infected:
Trojan-Spy.Win32.Agent.io skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc52.bak/[From
billing@jewelryadviser.com][Date Wed, 13 Dec 2006 16:00:21
-0200]/UNNAMED/ERR Infected: Trojan-Downloader.Win32.Nurech.s skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc52.bak/[From
billing@jewelryadviser.com][Date Wed, 13 Dec 2006 16:00:21
-0200]/UNNAMED Infected: Trojan-Downloader.Win32.Nurech.s skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc52.bak
Infected: Trojan-Downloader.Win32.Nurech.s skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc55.bak/[From
"Antonia Canning" ][Date Wed, 13 Dec 2006 18:35:24 -0000]/UNNAMED/ERR
Infected: Trojan-Downloader.Win32.Nurech.s skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc55.bak/[From
"Antonia Canning" ][Date Wed, 13 Dec 2006 18:35:24 -0000]/UNNAMED
Infected: Trojan-Downloader.Win32.Nurech.s skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc55.bak
Infected: Trojan-Downloader.Win32.Nurech.s skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc60.bak/[From
Natalia ][Date Sun, 21 Jan 2007 11:23:33 +0100]/UNNAMED/Postcard.exe
Infected: Email-Worm.Win32.Zhelatin.a skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc60.bak/[From
Natalia ][Date Sun, 21 Jan 2007 11:23:33 +0100]/UNNAMED Infected:
Email-Worm.Win32.Zhelatin.a skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc60.bak
Infected: Email-Worm.Win32.Zhelatin.a skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc62.bak/[From
billing@jewelryadviser.com][Date Wed, 13 Dec 2006 16:00:21
-0200]/UNNAMED/ERR Infected: Trojan-Downloader.Win32.Nurech.s skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc62.bak/[From
billing@jewelryadviser.com][Date Wed, 13 Dec 2006 16:00:21
-0200]/UNNAMED Infected: Trojan-Downloader.Win32.Nurech.s skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc62.bak
Infected: Trojan-Downloader.Win32.Nurech.s skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc65.bak/[From
"Antonia Canning" ][Date Wed, 13 Dec 2006 18:35:24 -0000]/UNNAMED/ERR
Infected: Trojan-Downloader.Win32.Nurech.s skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc65.bak/[From
"Antonia Canning" ][Date Wed, 13 Dec 2006 18:35:24 -0000]/UNNAMED
Infected: Trojan-Downloader.Win32.Nurech.s skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU/C:/RECYCLER/S-1-5-21-158120117-1345474740-2004010681-1007/Dc65.bak
Infected: Trojan-Downloader.Win32.Nurech.s skipped
C:\Documents and Settings\Simon Thompson\Application Data\Business
Logic\UWC\Backup\J39111.8358729282.WCU ZIP: infected - 17 skipped
C:\Documents and Settings\Simon Thompson\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\cert8.db Object is
locked skipped
C:\Documents and Settings\Simon Thompson\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\history.dat Object is
locked skipped
C:\Documents and Settings\Simon Thompson\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\key3.db Object is
locked skipped
C:\Documents and Settings\Simon Thompson\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\parent.lock Object is
locked skipped
C:\Documents and Settings\Simon Thompson\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\search.sqlite Object is
locked skipped
C:\Documents and Settings\Simon Thompson\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\urlclassifier2.sqlite
Object is locked skipped
C:\Documents and Settings\Simon Thompson\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\ybookmarks@yahoo.log
Object is locked skipped
C:\Documents and Settings\Simon Thompson\Cookies\INDEX.DAT Object is
locked skipped
C:\Documents and Settings\Simon
Thompson\Desktop\SmitfraudFix\IEDFix.exe Infected:
Constructor.Win32.Binder.bn skipped
C:\Documents and Settings\Simon
Thompson\Desktop\SmitfraudFix\Reboot.exe Infected:
not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Simon
Thompson\Desktop\SmitfraudFix.exe/SmitfraudFix/IEDFix.exe Infected:
Constructor.Win32.Binder.bn skipped
C:\Documents and Settings\Simon
Thompson\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected:
not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Simon Thompson\Desktop\SmitfraudFix.exe RAR:
infected - 2 skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Application
Data\FolderShare\logs\log.log Object is locked skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Application
Data\FolderShare\settings\883045.dat Object is locked skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Application
Data\Last.fm\Client\Last.fm.log Object is locked skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\Cache\63329BDCd01/SmitfraudFix/IEDFix.exe
Infected: Constructor.Win32.Binder.bn skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\Cache\63329BDCd01/SmitfraudFix/Reboot.exe
Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\Cache\63329BDCd01 RAR:
infected - 2 skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\Cache\B207EDF5d01
Infected: not-a-virus:Downloader.Win32.FraudLoad.ar skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\Cache\_CACHE_001_ Object
is locked skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\Cache\_CACHE_002_ Object
is locked skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\Cache\_CACHE_003_ Object
is locked skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Application
Data\Mozilla\Firefox\Profiles\s70yxev6.default\Cache\_CACHE_MAP_ Object
is locked skipped
C:\Documents and Settings\Simon Thompson\Local
Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Simon Thompson\Local
Settings\History\History.IE5\MSHist012008051120080512\index.dat Object
is locked skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Temporary
Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Temporary
Internet Files\Content.IE5\KD6B4TQZ\SYSTEMDEFENDER_INSTALLER[1].0XE
Object is locked skipped
C:\Documents and Settings\Simon Thompson\Local Settings\Temporary
Internet Files\Content.IE5\OHENCPQN\SYSTEMDEFENDER_INSTALLER[1].0XE
Object is locked skipped
C:\Documents and Settings\Simon Thompson\My
Documents\pspv.zip/pspv.exe Infected:
not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\Documents and Settings\Simon Thompson\My Documents\pspv.zip ZIP:
infected - 1 skipped
C:\Documents and Settings\Simon Thompson\NTUSER.DAT Object is locked
skipped
C:\Documents and Settings\Simon Thompson\ntuser.dat.LOG Object is
locked skipped
C:\Downloads\pspv.exe Infected:
not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\Program Files\blueyonder IST\log\mpbtn.log Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps1 Object
is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps2 Object
is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00010002.ci Object
is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.fid Object is
locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.hsh Object is
locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiCL0001.000 Object
is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP10000.000 Object
is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP20000.000 Object
is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiPT0000.000 Object
is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSL0001.000 Object
is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSP0000.000 Object
is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiST0000.000 Object
is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiVP0000.000 Object
is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\INDEX.000 Object is
locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk1 Object
is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk2 Object
is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\main.log
Object is locked skipped
C:\Program Files\F-Secure\Common\policy.ipf Object is locked skipped
C:\Program Files\Firefly Media Server\firefly.log Object is locked
skipped
C:\Program Files\Firefly Media Server\songs3.db Object is locked skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\IEDFix.exe Infected:
Constructor.Win32.Binder.bn skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected:
not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\RECYCLER\S-1-5-21-158120117-1345474740-2004010681-1007\Dc167.bak/[From
"VirginCreditCards@MBNA.co.uk" ][Date Tue, 20 Nov 2007 16:11:26 +0100
(CET)]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\RECYCLER\S-1-5-21-158120117-1345474740-2004010681-1007\Dc167.bak/[From
"VirginCreditCards@MBNA.co.uk" ][Date Tue, 20 Nov 2007 16:11:26 +0100
(CET)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\RECYCLER\S-1-5-21-158120117-1345474740-2004010681-1007\Dc167.bak
MailMSOutlook5: suspicious - 2 skipped
C:\RECYCLER\S-1-5-21-158120117-1345474740-2004010681-1007\Dc178.bak/[From
"VirginCreditCards@MBNA.co.uk" ][Date Tue, 20 Nov 2007 16:11:26 +0100
(CET)]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\RECYCLER\S-1-5-21-158120117-1345474740-2004010681-1007\Dc178.bak/[From
"VirginCreditCards@MBNA.co.uk" ][Date Tue, 20 Nov 2007 16:11:26 +0100
(CET)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\RECYCLER\S-1-5-21-158120117-1345474740-2004010681-1007\Dc178.bak
MailMSOutlook5: suspicious - 2 skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is
locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is
locked skipped
C:\System Volume Information\catalog.wci\00010016.ci Object is locked
skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked
skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked
skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is
locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is
locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is
locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is
locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is
locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is
locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is
locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is
locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked
skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is
locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is
locked skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1462\A0175260.dll
Infected: not-a-virus:AdWare.Win32.Altnet.t skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1487\A0177248.exe
Infected: not-a-virus:AdWare.Win32.Altnet.l skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1487\A0177252.dll
Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1487\A0177253.dll
Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1487\A0177254.exe
Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1487\A0177256.dll
Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1487\A0177257.dll
Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1487\A0177258.dll
Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1487\A0177259.exe
Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1541\A0184545.dll
Infected: Trojan.Win32.Vapsup.eyp skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1541\A0184546.dll
Infected: Trojan.Win32.Vapsup.eyl skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1541\A0184589.dll
Infected: Trojan.Win32.Vapsup.eyp skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1541\A0184600.exe
Infected: Constructor.Win32.Binder.bn skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1541\A0184602.exe
Infected: Constructor.Win32.Binder.bn skipped
C:\System Volume
Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1542\change.log
Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\mpfanvqg.dll Infected: Trojan.Win32.Vapsup.eyp skipped
C:\WINDOWS\oadkxrts.exe Infected: Trojan.Win32.Vapsup.eyp skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\LogFiles\HTTPERR\httperr1.log Object is locked
skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked
skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked
skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked
skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked
skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked
skipped
C:\WINDOWS\Temp\etilqs_d39NVOAmTtg0EJx Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
*Scan process completed.*

Any help would be appreciate

BC AdBot (Login to Remove)

 


#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 12 May 2008 - 03:45 PM

Hi

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 simeytwin

simeytwin
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 15 May 2008 - 01:29 PM

Thanks for your help Steam

Here's the log

ComboFix 08-05-12.1 - Antonia Canning 2008-05-15 18:45:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.674 [GMT 1:00]
Running from: C:\Documents and Settings\Antonia Canning\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\file.bat
C:\WINDOWS\hosts
C:\WINDOWS\smdat32m.sys

.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-14 18:13 . 2008-05-14 18:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-14 18:13 . 2008-05-14 18:13 <DIR> d-------- C:\Documents and Settings\Antonia Canning\Application Data\Malwarebytes
2008-05-14 18:13 . 2008-05-14 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-14 18:13 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-05-14 18:13 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-05-14 18:12 . 2008-05-14 18:12 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-12 19:50 . 2008-05-12 19:51 <DIR> d-------- C:\Program Files\Panda Security
2008-05-11 19:18 . 2008-05-11 19:18 <DIR> d-------- C:\Deckard
2008-05-11 14:20 . 2008-05-11 14:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-05-11 14:20 . 2008-05-11 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-11 14:05 . 2008-05-11 14:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-10 18:51 . 2008-05-11 10:25 2,306 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-05-10 15:18 . 2003-05-12 21:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-05-10 15:18 . 2008-05-10 15:18 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-10 15:18 . 2008-05-15 18:39 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-05-10 10:16 . 2008-05-10 17:05 792 --a------ C:\WINDOWS\wininit.ini
2008-05-10 08:17 . 2008-05-10 08:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-10 08:17 . 2008-05-10 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 07:53 . 2008-05-10 07:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 07:52 . 2008-05-10 07:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-09 21:29 . 2008-05-09 21:29 <DIR> d-------- C:\Documents and Settings\Antonia Canning\Application Data\TmpRecentIcons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 17:59 --------- d-----w C:\Program Files\Firefly Media Server
2008-05-10 09:21 --------- d-----w C:\Program Files\RegistryFix
2008-05-10 06:53 --------- d-----w C:\Program Files\Lavasoft
2008-05-08 19:52 --------- d-----w C:\Program Files\Last.fm
2008-05-04 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-04-18 22:38 --------- d-----w C:\Documents and Settings\Antonia Canning\Application Data\Canon
2008-03-29 13:28 --------- d-----w C:\Program Files\PacificPoker4
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-24 18:11 --------- d-----w C:\Program Files\Canon
2008-03-24 18:08 --------- d-----w C:\Program Files\Common Files\Canon
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-09 10:54 495,104 ----a-w C:\WINDOWS\SYSTEM32\mp3tsshx.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2003-07-20 11:28 723 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 11:19 68856]
"eyeBeam SIP Client"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2004-09-09 10:03 118832]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 09:57 684032]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-12-12 01:36 366400]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 18:01 36864 C:\WINDOWS\SYSTEM32\P0630Pin.dll]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]

C:\Documents and Settings\Antonia Canning\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-02-28 22:18:29 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-07-23 17:44:55 113664]
blueyonder Instant Support Tool.lnk - C:\Program Files\blueyonder IST\bin\matcli.exe [2003-07-25 20:16:46 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
"DataLayer"=C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
"PD0630 STISvc"=RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Replay Radio 5\\Tuner.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Firefly Media Server\\firefly.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2004-10-26 13:49]
R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2003-07-13 15:23]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2004-09-10 17:14]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 13:32]
R2 Firefly Media Server;Firefly Media Server;C:\Program Files\Firefly Media Server\firefly.exe [2007-05-18 04:32]
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2001-08-31 00:40]
S3 CLPCIID;CLPCIID;C:\Program Files\CyberLink\PowerDVD\clpciid.sys [2002-02-08 12:10]
S3 Freeloader Monthly Subscription Service;Freeloader Monthly Subscription Service;"C:\Program Files\Common Files\Freeloader Shared\Service\Freeloader Monthly Subscription Service File.exe" [2007-08-31 22:26]
S3 Freeloader Subscription Service;Freeloader Subscription Service;"C:\Program Files\Common Files\Freeloader Shared\Service\Freeloader Subscription Service File.exe" [2007-10-28 16:10]
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-10-10 04:18]
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 04:18]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 22:10]
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2005-06-06 02:44]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 12:47:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-06-01 16:05:47 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-04-25 21:25:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-25 22:25:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 19:00:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-05-15 19:06:00
ComboFix-quarantined-files.txt 2008-05-15 18:04:53

Pre-Run: 30,563,155,968 bytes free
Post-Run: 30,712,467,456 bytes free

156 --- E O F --- 2008-05-14 21:35:00

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 15 May 2008 - 01:53 PM

Hi

Looking good so far ... do you have the Malwarebytes' Anti-Malware log for me please ?

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 26 June 2008 - 01:35 PM

Due to lack of feedback This thread is now treated as resolved and duly closed.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users