Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Downloader Win32 Fraudload


  • Please log in to reply
1 reply to this topic

#1 Big5Bear

Big5Bear

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, CA
  • Local time:06:07 PM

Posted 05 June 2008 - 03:06 PM

I run antispyware program that comes up clean but when I run online scan it comes up with infections.
Deckard's System Scanner v20071014.68
Run by Big Bear on 2008-06-05 11:56:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Big Bear.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:48 AM, on 6/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\mobsync.exe
C:\Users\Big Bear\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\BIGBEA~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5707 bytes

-- Files created between 2008-05-05 and 2008-06-05 -----------------------------

2008-06-05 07:08:27 0 d-------- C:\Program Files\Trend Micro
2008-06-05 01:46:02 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-06-04 01:10:10 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-04 01:10:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-04 01:09:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 00:52:11 0 d-------- C:\Users\All Users\Adsl Software Limited
2008-06-01 07:12:41 0 d-------- C:\Program Files\Enigma Software Group
2008-05-20 01:37:37 298104 --a------ C:\Windows\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-05-18 08:13:25 0 d-------- C:\Users\All Users\vsosdk
2008-05-14 14:08:36 0 d-------- C:\Program Files\uTorrent
2008-05-12 12:44:31 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-05-12 12:32:12 0 d-------- C:\Users\All Users\DVD Shrink
2008-05-11 17:54:56 0 d-------- C:\Program Files\iPod
2008-05-11 17:54:39 0 d-------- C:\Program Files\iTunes
2008-05-11 17:52:37 0 d-------- C:\Program Files\Common Files\Apple


-- Find3M Report ---------------------------------------------------------------

2008-06-04 01:10:01 0 d-------- C:\Users\Big Bear\AppData\Roaming\SUPERAntiSpyware.com
2008-06-04 01:09:20 0 d-------- C:\Program Files\Common Files
2008-05-18 11:52:48 0 d-------- C:\Users\Big Bear\AppData\Roaming\Vso
2008-05-12 13:26:51 34 --a------ C:\Users\Big Bear\AppData\Roaming\pcouffin.log
2008-05-12 13:26:40 7887 --a------ C:\Users\Big Bear\AppData\Roaming\pcouffin.cat
2008-05-11 17:55:23 0 d-------- C:\Users\Big Bear\AppData\Roaming\Apple Computer
2008-05-03 08:54:46 0 d-------- C:\Users\Big Bear\AppData\Roaming\LimeWire
2008-04-25 08:34:02 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-22 11:31:46 0 d-------- C:\Program Files\Collectorz.com
2008-04-20 11:09:52 174 --ahs---- C:\Program Files\desktop.ini
2008-04-20 03:49:26 0 d-------- C:\Program Files\Windows Calendar
2008-04-20 03:49:19 0 d-------- C:\Program Files\Windows Mail
2008-04-20 03:49:16 0 d-------- C:\Program Files\Windows Defender
2008-04-20 03:49:07 0 d-------- C:\Program Files\Windows Sidebar
2008-04-19 22:53:28 0 d-------- C:\Program Files\Java
2008-04-19 22:46:19 0 d-------- C:\Users\Big Bear\AppData\Roaming\Macromedia
2008-04-19 22:46:19 0 d-------- C:\Users\Big Bear\AppData\Roaming\Adobe
2008-04-19 20:11:48 0 d-------- C:\Program Files\Common Files\Java
2008-04-19 19:53:32 0 d-------- C:\Program Files\Elaborate Bytes
2008-04-19 19:47:25 34308 --a------ C:\Windows\system32\Chip.dll
2008-04-19 19:46:26 0 d-------- C:\Users\Big Bear\AppData\Roaming\SlySoft
2008-04-19 19:41:25 0 d-------- C:\Program Files\SlySoft
2008-04-19 19:13:57 0 d-------- C:\Program Files\Safari
2008-04-19 19:12:54 0 d-------- C:\Program Files\QuickTime
2008-04-19 19:11:54 0 d-------- C:\Program Files\Bonjour
2008-04-19 19:11:44 0 d-------- C:\Program Files\Apple Software Update
2008-04-19 18:43:47 0 d-------- C:\Program Files\Microsoft Works
2008-04-19 18:43:24 0 d-------- C:\Program Files\MSBuild
2008-04-19 18:40:50 0 d-------- C:\Program Files\Microsoft.NET
2008-04-19 18:36:19 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-19 17:57:57 0 d-------- C:\Users\Big Bear\AppData\Roaming\WinRAR
2008-04-19 17:51:55 0 d-------- C:\Program Files\DivX
2008-04-19 17:51:38 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-04-19 16:53:25 0 d-------- C:\Program Files\Canon
2008-04-19 16:45:47 0 d--h----- C:\Program Files\CanonBJ
2008-04-19 00:51:59 7 --a------ C:\Windows\system32\CurrentName.dat
2008-04-19 00:51:58 4096 --a------ C:\Windows\system32\16356.sys
2008-04-19 00:40:24 0 d-------- C:\Program Files\Realtek AC97
2008-04-19 00:40:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-19 00:39:47 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-18 14:05:41 0 d-------- C:\Users\Big Bear\AppData\Roaming\Identities
2008-03-31 14:25:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:46 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 14:25:46 831488 --a------ C:\Windows\system32\divx_xx0a.dll
2008-03-31 14:25:46 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 13:30:08 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-03-21 13:28:54 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 13:28:54 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 13:28:20 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/20/2008 03:36 AM]
"SoundMan"="SOUNDMAN.EXE" [03/09/2007 04:28 PM C:\Windows\SOUNDMAN.EXE]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 01:50 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [05/20/2008 01:37 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [04/20/2008 03:14 AM]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [04/19/2008 07:47 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 05:34 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [04/23/2007 03:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-05 11:57:40 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 1533.19 MiB / 956.55 MiB
Pagefile Memory (total/avail): 3304.2 MiB / 2603.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1890 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 74.55 GiB total, 41.42 GiB free.
D: is Fixed (NTFS) - 298.09 GiB total, 191.8 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - MAXTOR 6L080L4 ATA Device - 74.55 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.55 GiB - C:

\\.\PHYSICALDRIVE1 - MAXTOR STM3320620A ATA Device - 298.09 GiB - 1 partition
\PARTITION0 - Installable File System - 298.09 GiB - D:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Big Bear\AppData\Roaming
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PEACEMAKER
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Big Bear
LOCALAPPDATA=C:\Users\Big Bear\AppData\Local
LOGONSERVER=\\PEACEMAKER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\BIGBEA~1\AppData\Local\Temp
TMP=C:\Users\BIGBEA~1\AppData\Local\Temp
USERDOMAIN=Peacemaker
USERNAME=Big Bear
USERPROFILE=C:\Users\Big Bear
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Big Bear
Peace Maker
Giant


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDFab Platinum 4.0.1.2 --> "C:\Program Files\DVDFab Platinum 4\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v1.9 --> "C:\Program Files\Eset\unins000.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}


-- Application Event Log -------------------------------------------------------

Event Record #/Type7023 / Warning
Event Submitted/Written: 06/05/2008 01:41:44 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1088882088-704932034-382282003-1001_Classes:
Process 836 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1088882088-704932034-382282003-1001_CLASSES

Event Record #/Type7022 / Warning
Event Submitted/Written: 06/05/2008 01:41:43 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1088882088-704932034-382282003-1001:
Process 836 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1088882088-704932034-382282003-1001

Event Record #/Type7010 / Error
Event Submitted/Written: 06/05/2008 00:34:11 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application DVDFabPlatinum.exe, version 4.0.1.2, time stamp 0x473cc32b, faulting module vso_hwe.dll_unloaded, version 0.0.0.0, time stamp 0x467135b3, exception code 0xc0000005, fault offset 0x04d83945,
process id 0xadc, application start time 0xDVDFabPlatinum.exe0.

Event Record #/Type6999 / Warning
Event Submitted/Written: 06/04/2008 02:45:21 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1088882088-704932034-382282003-1000_Classes:
Process 836 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1088882088-704932034-382282003-1000_CLASSES

Event Record #/Type6998 / Warning
Event Submitted/Written: 06/04/2008 02:45:21 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
9 user registry handles leaked from \Registry\User\S-1-5-21-1088882088-704932034-382282003-1000:
Process 836 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1088882088-704932034-382282003-1000
Process 1016 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1088882088-704932034-382282003-1000
Process 1016 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1088882088-704932034-382282003-1000
Process 1016 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1088882088-704932034-382282003-1000\Software\Microsoft\SystemCertificates\trust
Process 1016 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1088882088-704932034-382282003-1000\Software\Microsoft\SystemCertificates\Root
Process 1016 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1088882088-704932034-382282003-1000\Software\Microsoft\SystemCertificates\CA
Process 1016 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1088882088-704932034-382282003-1000\Software\Policies\Microsoft\SystemCertificates
Process 1016 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1088882088-704932034-382282003-1000\Software\Policies\Microsoft\SystemCertificates
Process 1016 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1088882088-704932034-382282003-1000\Software\Microsoft\SystemCertificates\SmartCardRoot



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29214 / Warning
Event Submitted/Written: 06/05/2008 07:09:26 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Peacemaker27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Peacemaker27 can't undo changes that you allow.

For more information please see the following:
%Peacemaker275

Scan ID: {6F074E52-2DA9-4E9E-AF71-E591F7918F4B}

User: Peacemaker\Big Bear

Name: %Peacemaker271

ID: %Peacemaker272

Severity ID: %Peacemaker273

Category ID: %Peacemaker274

Path Found: %Peacemaker276

Alert Type: %Peacemaker278

Detection Type: 1.1.1505.02

Event Record #/Type29213 / Warning
Event Submitted/Written: 06/05/2008 07:09:26 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Peacemaker27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Peacemaker27 can't undo changes that you allow.

For more information please see the following:
%Peacemaker275

Scan ID: {75866871-25A8-4BC8-94D0-CBDA30B4C8A8}

User: Peacemaker\Big Bear

Name: %Peacemaker271

ID: %Peacemaker272

Severity ID: %Peacemaker273

Category ID: %Peacemaker274

Path Found: %Peacemaker276

Alert Type: %Peacemaker278

Detection Type: 1.1.1505.02

Event Record #/Type29212 / Warning
Event Submitted/Written: 06/05/2008 07:09:26 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Peacemaker27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Peacemaker27 can't undo changes that you allow.

For more information please see the following:
%Peacemaker275

Scan ID: {56442682-B043-4B18-A9D3-287364B04F2B}

User: Peacemaker\Big Bear

Name: %Peacemaker271

ID: %Peacemaker272

Severity ID: %Peacemaker273

Category ID: %Peacemaker274

Path Found: %Peacemaker276

Alert Type: %Peacemaker278

Detection Type: 1.1.1505.02

Event Record #/Type29211 / Warning
Event Submitted/Written: 06/05/2008 07:09:26 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Peacemaker27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Peacemaker27 can't undo changes that you allow.

For more information please see the following:
%Peacemaker275

Scan ID: {7C52B9E9-B8DC-49EA-B137-F2310EF61D9A}

User: Peacemaker\Big Bear

Name: %Peacemaker271

ID: %Peacemaker272

Severity ID: %Peacemaker273

Category ID: %Peacemaker274

Path Found: %Peacemaker276

Alert Type: %Peacemaker278

Detection Type: 1.1.1505.02

Event Record #/Type29210 / Warning
Event Submitted/Written: 06/05/2008 07:09:26 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Peacemaker27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Peacemaker27 can't undo changes that you allow.

For more information please see the following:
%Peacemaker275

Scan ID: {42A0C749-5300-493E-BE1B-BC6094B83370}

User: Peacemaker\Big Bear

Name: %Peacemaker271

ID: %Peacemaker272

Severity ID: %Peacemaker273

Category ID: %Peacemaker274

Path Found: %Peacemaker276

Alert Type: %Peacemaker278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-06-05 07:10:54 ------------


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 05, 2008 11:42:48 AM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/06/2008
Kaspersky Anti-Virus database records: 831358
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 118231
Number of viruses found: 9
Number of infected objects: 45
Number of suspicious objects: 0
Duration of the scan process: 01:49:18

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\NT2TNVAA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\Program Files\ESET\infected\QZYZ30BA.NQF Infected: Trojan-Downloader.Win32.FraudLoad.uf skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8e65a1329e3ddf35b37206cf12c171bc_96320dff-fffe-4bcb-818e-3ed715aed5b6 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_96320dff-fffe-4bcb-818e-3ed715aed5b6 Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Giant.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Peace Maker.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\Users\Big Bear\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Big Bear\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Big Bear\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat Object is locked skipped
C:\Users\Big Bear\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008060520080606\index.dat Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIEIQSJR\Install_254_503_[1].exe Infected: not-a-virus:FraudTool.Win32.WinSpywareProtect.n skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\UsrClass.dat{20392f2d-0d89-11dd-a20a-0007e9e9ff3d}.TM.blf Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\UsrClass.dat{20392f2d-0d89-11dd-a20a-0007e9e9ff3d}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows\UsrClass.dat{20392f2d-0d89-11dd-a20a-0007e9e9ff3d}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows Defender\FileTracker\{D4D336D8-72DB-4F77-AFD0-442D6DC80A26} Object is locked skipped
C:\Users\Big Bear\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Big Bear\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Big Bear\AppData\Local\Temp\Low\~DFE230.tmp Object is locked skipped
C:\Users\Big Bear\AppData\Local\Temp\Low\~DFE23E.tmp Object is locked skipped
C:\Users\Big Bear\ntuser.dat Object is locked skipped
C:\Users\Big Bear\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Big Bear\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Big Bear\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\Big Bear\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Big Bear\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JDPW7KZ\kb456456[1] Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HB98B8R\setup_254_503_[1].exe Infected: Trojan-Downloader.Win32.FraudLoad.awd skipped
C:\Users\Peace Maker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TN4EN3OG\kb456456[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Peace Maker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TN4EN3OG\kb516107[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Peace Maker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TN4EN3OG\kb767887[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Peace Maker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TN4EN3OG\kb767887[2] Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Peace Maker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J1J1Z64J\setup_254_503_[1].exe Infected: Trojan-Downloader.Win32.FraudLoad.awd skipped
C:\Users\Peace Maker\AppData\Local\Temp\IH18B9.tmp Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Peace Maker\AppData\Local\Temp\IH1C54.tmp Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Peace Maker\AppData\Local\Temp\IHA962.tmp Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Peace Maker\AppData\Local\Temp\Low\~DFC4F2.tmp Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\Low\~DFC4F8.tmp Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp0000e157 Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp0000e176 Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp0000f4c0 Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp00010f1e Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp00011eae Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp00013d33 Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp000150f9 Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp000155cc Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp000167bd Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp00016ee1 Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp000250a6 Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp00032d7a Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp000843a9 Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp00295f8d Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp019da3c8 Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp0215de49 Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp03d34b76 Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp0445bee6 Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\tmp05112824 Infected: not-a-virus:AdWare.Win32.Virtumonde.vjq skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog00.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog01.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog02.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog03.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog04.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog05.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog06.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog07.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog08.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog09.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog10.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog11.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog12.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog13.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog14.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog15.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog16.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog17.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog18.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Local\Temp\wmplog19.sqm Object is locked skipped
C:\Users\Peace Maker\AppData\Roaming\Microsoft\IMJP10\imjp10u.dic Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\MSDVRMM_818121087_327680_58720 Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\SBEE470.tmp Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\{7390130A-65BD-4BE7-991F-0C1EAD38197D}.TmpSBE Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{480902A5-D3CF-48CE-B2CB-01108EDB99D7}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{39d56884-1d9a-11dd-913a-0007e9e9ff3d}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{39d56884-1d9a-11dd-913a-0007e9e9ff3d}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{39d56884-1d9a-11dd-913a-0007e9e9ff3d}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{39d56884-1d9a-11dd-913a-0007e9e9ff3d}.TxR.blf Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\pagefile.sys Object is locked skipped
D:\Utilities\Mike\Download from FileHippo\File Sharing\iMeshV7.exe/WISE0101.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
D:\Utilities\Mike\Download from FileHippo\File Sharing\iMeshV7.exe/WISE0101.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
D:\Utilities\Mike\Download from FileHippo\File Sharing\iMeshV7.exe/WISE0101.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
D:\Utilities\Mike\Download from FileHippo\File Sharing\iMeshV7.exe WiseSFX: infected - 3 skipped
D:\Utilities\Mike\Download from FileHippo\File Sharing\iMeshV7.exe WiseSFXDropper: infected - 3 skipped
D:\Utilities\Mike\Mike's download\Key Finder\jellybeankeyFinder151.zip/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped
D:\Utilities\Mike\Mike's download\Key Finder\jellybeankeyFinder151.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Utilities\Mike\Mike's download\Key Finder\jellybeankeyFinder151.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Utilities\Mike\Mike's download\Key Finder\jellybeankeyFinder151.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Utilities\Mike\Mike's download\Key Finder\jellybeankeyFinder151.zip ZIP: infected - 4 skipped
D:\Utilities\Mike\Mike's download\Key Finder\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Utilities\Mike\Mike's download\Key Finder\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Utilities\Mike\Mike's download\Key Finder\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Utilities\Mike\Mike's download\Key Finder\keyfinder.exe RarSFX: infected - 3 skipped

Scan process completed.

BC AdBot (Login to Remove)

 


#2 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 01 July 2008 - 12:50 PM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Regards,

Rosty.
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users