Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirusgold 5.1 Can Not Remove


  • This topic is locked This topic is locked
51 replies to this topic

#1 tburg

tburg

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 09 July 2008 - 05:50 AM

Hi can you please help.
Excuse me as I am a first time user.
I have used eTrust Pest Patrol and it has found AntiVirusGold 5.1.
The CA product PestPatrol AntiSpyware can not remove it.
Pest Patrol points me to a registry file HKEY_CLASSES_ROOT\CLSID\{9CB478A2-CA39-0CFD-EFAC-DB80710601D3}.
I can not delete this file even in safe mode with full administrator rights.
Access is always denied
I am running Windows XP Build 2600.xpsp_sp2 (service pack 2).

I contacted CA technical support and that has pointed me to using Hijackthis and the following log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:11 PM, on 8/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Xtreme Desktop\xdc\xdc.exe
C:\Program Files\CA\eTrust PestPatrol\CAPPActiveProtection.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internode.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Activstate
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [XDc] C:\Program Files\Xtreme Desktop\xdc\startxdc.exe
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.paramountpc.com.au
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

--
End of file - 7741 bytes

BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 14 July 2008 - 11:09 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following....


Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm





Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 tburg

tburg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 15 July 2008 - 05:34 AM

Thanks for your reply
Here is the following information as requested

SmitFraudFix v2.329

Scanning Process...
Scanning hosts...
Scanning C:\...
Scanning %SystemRoot%\...
The system cannot find the path specified.
Scanning %SystemRoot%\system...
The system cannot find the path specified.
Scanning %SystemRoot%\Web...
The system cannot find the path specified.
Scanning %SystemRoot%\system32...
The system cannot find the path specified.
Scanning C:\Documents and Settings\Daniel...
Scanning C:\Documents and Settings\Daniel\Application Data...
Scanning Start Menu...
Scanning C:\DOCUME~1\Daniel\FAVORI~1...
Scanning Desktop...
Scanning C:\Program Files...
Scanning corrupted keys
Scanning Desktop Components
Scanning IEDFix
Scanning VACFix
Scanning 404Fix
Scanning Sharedtaskscheduler
Scanning AppInit_DLLs
Scanning Winlogon
Scanning Rustock
Scanning DNS
Scanning wininet.dll infection
FINDSTR: Cannot open %SystemRoot%\system32\wininet.dll
FINDSTR: Cannot open %SystemRoot%\system32\wininet.dll

End

Thanks

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 15 July 2008 - 01:40 PM

Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 tburg

tburg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 16 July 2008 - 05:48 AM

Hi
Here is the information as requested
Thanks

Deckard's System Scanner v20071014.68
Run by Daniel on 2008-07-16 19:50:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
91: 2008-07-16 10:20:27 UTC - RP992 - Deckard's System Scanner Restore Point
90: 2008-07-15 11:58:50 UTC - RP991 - Software Distribution Service 3.0
89: 2008-07-14 11:39:36 UTC - RP990 - System Checkpoint
88: 2008-07-10 12:10:51 UTC - RP989 - System Checkpoint
87: 2008-07-08 12:42:23 UTC - RP988 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-23 05:46:47 UTC - RP902 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Daniel.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:57, on 16/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Xtreme Desktop\xdc\xdc.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Daniel\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Daniel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internode.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Activstate
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [XDc] C:\Program Files\Xtreme Desktop\xdc\startxdc.exe
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.paramountpc.com.au
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

--
End of file - 7475 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 VirtualBackplane (A-B Virtual Backplane) - c:\windows\system32\drivers\virtualbackplane.sys <Not Verified; Rockwell Automation; VirtualBackplane Driver>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SMBios (Intel ® System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>
R3 smbusp (Intel® SMBus 2.0 Driver) - c:\windows\system32\drivers\smb.sys <Not Verified; Intel Corporation; Intel® SMBus Controller>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 ABKTCX (Rockwell Software 1784-KTC(X) Driver) - c:\windows\system32\drivers\abktcx.sys <Not Verified; Rockwell Software Inc.; abktcx Driver>
S3 AgereSoftModem (Agere Systems Soft Modem) - c:\windows\system32\drivers\agrsm.sys <Not Verified; Agere Systems; Agere SoftModem Driver>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 RS_SS_NT (RSLinx S-S SD/SD2 Device Driver) - c:\windows\system32\rs_ss_nt.sys <Not Verified; Rockwell Software, Inc.; RSLinx>
S3 RsiKtControl - c:\windows\system32\rsikt.sys <Not Verified; Rockwell Software, Inc.; RSLinx>
S3 RSSERIAL (RSLinx Serial Driver) - c:\windows\system32\rsserial.sys <Not Verified; Rockwell Software Inc.; Rsserial Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 Ccdobpppag_s -
S4 1784-PCIDS DeviceNet - c:\program files\rockwell software\rslogix emulate 5000\pcidsservice.exe <Not Verified; Rockwell Automation; 1784-PCIDS DeviceNet>
S4 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
S4 dnWhoDisp - c:\program files\rockwell software\rslinx\dnwhodisp.exe <Not Verified; ; dnWhoDisp Module>
S4 Harmony - c:\progra~1\rockwe~1\rscommon\rsobserv.exe <Not Verified; Rockwell Software Inc.; Rockwell Sofware Hamony services>
S4 OpcEnum - c:\windows\system32\opcenum.exe <Not Verified; OPC Foundation; OPC Server Enumerator 1.10>
S4 RSLinx - c:\progra~1\rockwe~1\rslinx\rslinx.exe /service <Not Verified; Rockwell Software, Inc.; RSLinx>
S4 SimModuleService (1789-SIM Simulator Module) - c:\program files\rockwell software\rslogix emulate 5000\simmoduleservice.exe <Not Verified; ; SimModuleService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6110 Navigator
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6110 Navigator
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-07-16 17:30:57 498 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
2008-07-08 19:34:56 358 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Daniel at 7 18 PM.job


-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-08 19:37:40 0 d-------- C:\Program Files\Trend Micro
2008-06-20 19:09:22 0 d-------- C:\Documents and Settings\Daniel\Application Data\AdwareAlert
2008-06-20 19:09:10 0 d-------- C:\Program Files\AdwareAlert
2008-06-17 17:37:25 0 d-------- C:\Documents and Settings\Daniel\Application Data\U3


-- Find3M Report ---------------------------------------------------------------

2008-07-16 19:31:36 0 d-------- C:\Documents and Settings\Daniel\Application Data\Adobe
2008-06-14 12:57:33 0 d-------- C:\Documents and Settings\Daniel\Application Data\Jasc
2008-06-14 12:54:25 0 d-------- C:\Program Files\Jasc Software Inc
2008-05-21 19:43:17 0 d-------- C:\Program Files\NCH Swift Sound
2008-05-21 19:42:31 0 d-------- C:\Program Files\NCH Software


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [23/05/2003 10:43 C:\WINDOWS\AGRSMMSG.exe]
"eTrustPPAP"="C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" [16/02/2006 16:19]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [20/08/2004 14:55]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" [30/05/2003 09:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"CAVRID"="C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe" [30/04/2007 10:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/12/2006 17:45]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [28/08/2007 18:01]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/01/2007 10:19]
"XDc"="C:\Program Files\Xtreme Desktop\xdc\startxdc.exe" [03/10/2006 13:39]
"Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [11/05/2008 22:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 17:26]
"Start WingMan Profiler"="" []
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [20/06/2008 01:14]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [25/11/2002 4:01:04 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegSvr32]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"matlabserver"=2 (0x2)
"Crypkey License"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"RSLinx"=3 (0x3)
"Harmony"=2 (0x2)
"OpcEnum"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)
"SimModuleService"=3 (0x3)
"IDriverT"=3 (0x3)
"dnWhoDisp"=3 (0x3)
"ATI Smart"=2 (0x2)
"1784-PCIDS DeviceNet"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b07694f-3c44-11dd-8a8f-0011670480b7}]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-16 19:59:44 ------------


***************************************************************************************
***************************************************************************************
***************************************************************************************


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 1022.73 MiB / 676.48 MiB
Pagefile Memory (total/avail): 2461.36 MiB / 2099.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.48 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 35.06 GiB free.
D: is CDROM (UDF)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800PB-00EPA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

AV: CA Anti-Virus v8.4.0.24 (CA, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe:*:Enabled:SIGSPat"
"C:\\Program Files\\Steam\\SteamApps\\dan_ta22\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\dan_ta22\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\MSN Gaming Zone\\zclient.exe"="C:\\Program Files\\MSN Gaming Zone\\zclient.exe:*:Disabled:Zone Datafile"
"C:\\Vet\\vet32.exe"="C:\\Vet\\vet32.exe:*:Enabled:VetXP Anti-Virus"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Disabled:GameSpy Arcade"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bethesda Softworks\\Oblivion\\OblivionLauncher.exe"="C:\\Program Files\\Bethesda Softworks\\Oblivion\\OblivionLauncher.exe:*:Enabled:Oblivion"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Steam\\SteamApps\\benno69\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\benno69\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE"="C:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE:*:Enabled:RSLinx Communications Server"
"C:\\Program Files\\World of Warcraft\\WoW.exe"="C:\\Program Files\\World of Warcraft\\WoW.exe:*:Enabled:World of Warcraft"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"="C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe:*:Enabled:RelicCOH"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2SP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2SP_s.exe:*:Enabled:Call of Duty® 2 Single Player"
"C:\\Documents and Settings\\Daniel\\Local Settings\\Temp\\CoHMultiPatch.exe"="C:\\Documents and Settings\\Daniel\\Local Settings\\Temp\\CoHMultiPatch.exe:*:Enabled:TODO: <File description>"
"C:\\Program Files\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"="C:\\Program Files\\THQ\\Company of Heroes\\BugReport\\BugReport.exe:*:Disabled:BugReport"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"="C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe:*:Enabled:GRAW"
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"="C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\\Documents and Settings\\Daniel\\My Documents\\Daniel\\TAFE\\racer.exe"="C:\\Documents and Settings\\Daniel\\My Documents\\Daniel\\TAFE\\racer.exe:*:Enabled:racer"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"="C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Disabled:Azureus"
"C:\\Program Files\\World of Warcraft\\WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\Daniel\\Desktop\\dss.exe"="C:\\Documents and Settings\\Daniel\\Desktop\\dss.exe:*:Enabled:dss"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Daniel\Application Data
CLASSPATH="x\QTJava.zip"
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BURGEMEISTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Daniel
LOGONSERVER=\\BURGEMEISTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Program Files\Rockwell Software\RSCommon;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA="x\QTJava.zip"
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Daniel\LOCALS~1\Temp
TMP=C:\DOCUME~1\Daniel\LOCALS~1\Temp
USERDOMAIN=BURGEMEISTER
USERNAME=Daniel
USERPROFILE=C:\Documents and Settings\Daniel
windir=%SystemRoot%


-- User Profiles ---------------------------------------------------------------

Trevor (admin)
Daniel (admin)
Courtney (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /x{685D6CE7-AC5E-4EB3-A5BB-2424891D4ADB}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AdwareAlert --> MsiExec.exe /X{2254EC00-C942-444D-8673-D3E876FD0F05}
Askey ADSL Router USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3638411A-C5DB-4916-BA1A-9C2A6AD1BBBB}\Setup.exe" -l0x9 FORCE_UNINSTALL
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVS Video Converter 6 --> "C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.2 --> "C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
CA Anti-Spyware --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=pp
CA Anti-Virus --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B9B9863A-32FD-4133-ADB7-46244ED77694} /l1033
Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
Canon PhotoRecord --> MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9518F764-C54D-47B2-9E73-154B21E79FD2}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2C164906-E68F-462A-9010-70DD022223EF}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Daily Interest Calculator v3.1 --> "C:\Program Files\Daily Interest Calculator v3.1\unins000.exe"
DAO 3.5 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Your Company\DAO 3.5\Uninst.isu"
Debugging Tools for Windows --> MsiExec.exe /I{D459A7BB-F85E-4C0E-8AEC-3D90C4549740}
designsafe 5 demo --> MsiExec.exe /X{D90144DD-1586-487A-B222-661BD32CBDB6}
DH Driver Cleaner Professional Edition --> C:\Program Files\Driver Cleaner Pro\Uninstall.exe
DiskFactory32 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DiskFactory32\Uninst.isu"
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Electronics Workbench DesignSuite Freeware Edition 8.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{241F24E1-1F27-42C2-94A9-6D76DC23AE0A}\setup.exe" -l0x9 -removeonly
EWB Support and Upgrade Utility --> MsiExec.exe /I{81FF9BF7-60D9-4538-8C2B-9F0EC8DDC507}
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip --> C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
ExpressPCB --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ExpressPCB\DeIsL1.isu" -c"C:\Program Files\ExpressPCB\_ISREG32.DLL"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Half-Life: Counter-Strike --> C:\Sierra\COUNTE~1\UNWISE.EXE C:\Sierra\COUNTE~1\INSTALL.LOG
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hot CPU Tester Pro 4.4.1 --> "C:\Program Files\Hot CPU Tester Pro 4 LE\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jasc Animation Shop 3 --> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Jasc Paint Shop Pro 8.10 Update Patch --> C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Java 2 Runtime Environment, SE v1.4.2_10 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142100}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Knowledgebase 2005 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Knowledgebase 2005\irunin.ini"
LimeWire PRO 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MailNavigator v.1.11 --> "C:\Program Files\MailNavigator\uninstall.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NCH Tone Generator --> C:\Program Files\NCH Swift Sound\ToneGen\uninst.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{98F837F9-A1B4-4155-AABC-4C80637165B5}
Nokia PC Suite --> MsiExec.exe /I{68E9B173-BC4D-4FFF-812D-32D79BE370AD}
PC Connectivity Solution --> MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
PC Wizard 2007.1.73 --> "C:\Program Files\PC Wizard 2007\unins000.exe"
PitchPerfect Uninstall --> C:\Program Files\NCH Swift Sound\PitchPerfect\uninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Radeon Omega Drivers v3.8.330 Setup Files and Tools --> "C:\WINDOWS\Radeon Omega Drivers v3.8.330 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v3.8.330\Omega Uninstall.xml"
Recordpad --> C:\Program Files\NCH Swift Sound\Recordpad\uninst.exe
RegistryFix v3.0 --> "C:\Program Files\RegistryFix\unins000.exe"
Risk Management System (Demo) --> MsiExec.exe /X{329F00F1-39B2-433D-A072-D15A578B4B84}
Rockwell Automation 1769 Analog Module Profiles --> MsiExec.exe /X{23010879-BAAC-475A-9232-C98521C31FE9}
Rockwell Automation 1769 Discrete Module Profiles --> MsiExec.exe /X{8EFC8396-050E-4065-8BDD-7CEA0F98B675}
Rockwell Automation 1769 Specialty Module Profiles --> MsiExec.exe /X{EC894F92-0E85-4A24-9D1A-87B08E1FC51E}
Rockwell Software Harmony Runtime --> C:\Program Files\Rockwell Software\RSCommon\Pkginst.exe -Package:Harmony -Uninstall
ROUTE 66 Sync --> rundll32.exe dfshim.dll,ShArpMaintain ROUTE66Sync.application, Culture=neutral, PublicKeyToken=c4b9ac6af6e31a36, processorArchitecture=msil
RSCompanion 500 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rockwell Software\RSCompanion\RSComp500\Uninst.isu"
RSLogix 500 English --> MsiExec.exe /I{685D6CE7-AC5E-4EB3-A5BB-2424891D4ADB}
RSLogix 5000 Faceplates --> MsiExec.exe /X{BBF813F6-95EC-4762-8BED-5730CAF47324}
RSLogix 5000 Module Profile Core --> MsiExec.exe /X{53BB1242-1E61-4424-95AD-A4D76D6692E1}
RSLogix 5000 Module Profile Setup Utility --> MsiExec.exe /X{AEBF419E-80FE-4095-86D3-5E4E3BCB1828}
RSLogix 5000 System Updates --> MsiExec.exe /X{85BF93BB-16B8-45BD-A6B9-4F49454CF630}
RSLogix 5000 v10.06 --> MsiExec.exe /X{30010610-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v11.15 --> MsiExec.exe /X{30011511-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v12.05 --> MsiExec.exe /X{30010512-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v13.03 --> MsiExec.exe /X{30010313-EC33-11D6-A408-F6139379CBFB}
RSLogix Emulate 5000 13.00.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99B772DF-FAA1-401F-A65F-8C44CC3107EE}\setup.exe" AnyText
RSTestStand Lite --> MsiExec.exe /I{EDAC4FFC-22DC-4F3E-863B-E9F4F21CEEB3}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sony Ericsson File Manager --> MsiExec.exe /X{C00FAC7F-DAF5-4FD8-83E7-5959C882A811}
Sony Ericsson Image Editor --> MsiExec.exe /X{506907A8-7146-4AFD-983A-FD08CC83D2DD}
Sony Ericsson MMS Home Studio --> MsiExec.exe /X{680DC451-F795-4D70-91B5-A3BB3BAC3A47}
Sony Ericsson Mobile Networking Wizard --> MsiExec.exe /X{03A70F27-D80E-4A22-A1B4-1C878FC6056A}
Sony Ericsson Sound Editor --> MsiExec.exe /X{8739AE20-81AF-43AA-8FAF-281B064612C2}
Sony Ericsson Sync Station --> MsiExec.exe /X{CBA04F21-D46C-46FC-9A8A-A5360F58CF94}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
The CLXTrainer Demo --> C:\PROGRA~1\KoldSoft\CLXTrain\UNWISE.EXE C:\PROGRA~1\KoldSoft\CLXTrain\INSTALL.LOG
The PLCTrainer Demo --> C:\PROGRA~1\KoldSoft\PLCTRA~1\UNWISE.EXE C:\PROGRA~1\KoldSoft\PLCTRA~1\INSTALL.LOG
Video Card Stability Test --> C:\Program Files\Video Card Stability Test\uninstall.exe
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
White Noise Player v1.01 --> "C:\Program Files\White Noise Player\unins000.exe"
Whiz Kidz --> C:\WINDOWS\uninst.exe -fC:\NODTRON\WHIZKIDZ\DeIsL1.isu
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2726 / Error
Event Submitted/Written: 07/15/2008 09:31:57 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Professional Edition 2003 - Update 'Update for Office 2003 (KB907417): OTKLOADR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type2724 / Error
Event Submitted/Written: 07/15/2008 09:31:42 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Project Professional 2003 - Update 'Project 2003 Service Pack 3 (SP3): PROJECTSP3' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type2722 / Error
Event Submitted/Written: 07/15/2008 09:31:09 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Professional Edition 2003 - Update 'Office 2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type2715 / Error
Event Submitted/Written: 07/14/2008 08:49:21 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2710 / Error
Event Submitted/Written: 07/14/2008 08:29:40 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type42431 / Warning
Event Submitted/Written: 07/16/2008 07:31:09 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type42408 / Error
Event Submitted/Written: 07/16/2008 05:31:33 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Help and Support service terminated with the following error:
%%126

Event Record #/Type42407 / Error
Event Submitted/Written: 07/16/2008 05:31:33 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The bsaspi32 service failed to start due to the following error:
%%2

Event Record #/Type42405 / Error
Event Submitted/Written: 07/16/2008 05:30:36 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.4 for the Network Card with network address 0011112C995D has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type42399 / Error
Event Submitted/Written: 07/15/2008 09:31:57 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Office 2003 (KB907417).



-- End of Deckard's System Scanner: finished at 2008-07-16 19:59:44 ------------

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 16 July 2008 - 10:01 AM

Hello,

Please uninstall AdwareAlert from your computer



Please download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please post the following logs in your next reply...

1. SUPERAntiSpyware
2. Malwarebytes'
3. A fresh DSS log (after Malwarebytes' step)
4. Tell me about your computer conditions..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 tburg

tburg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 18 July 2008 - 06:48 AM

Hi
The following as requested

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/17/2008 at 11:31 PM

Application Version : 4.15.1000

Core Rules Database Version : 3506
Trace Rules Database Version: 1497

Scan type : Complete Scan
Total Scan Time : 01:40:53

Memory items scanned : 507
Memory threats detected : 0
Registry items scanned : 9643
Registry threats detected : 0
File items scanned : 104150
File threats detected : 187

Adware.Tracking Cookie
C:\Documents and Settings\Daniel\Cookies\daniel@server.iad.liveperson[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@editorial.discountnewcars.com[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@dealtime[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adbrite[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@server.iad.liveperson[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@rm.yieldmanager[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@doubleclick[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-parademag.hitbox[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adopt.specificclick[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@atdmt[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@sixapart.adbureau[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@pro-market[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@wotifcom.112.2o7[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@pathfinder[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.etracker[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@paypal.112.2o7[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@partypoker[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@banner.32vegas[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.adfox[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ad.yieldmanager[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@tribalfusion[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ad.lookery[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@specificclick[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@webtrends.moxymedia[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@linkto.mediafire[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www7.addfreestats[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@partner2profit[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@3.adbrite[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adserver.easyad[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@sixapart.112.2o7[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@casalemedia[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adopt.euroclick[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@bs.serving-sys[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.ak.facebook[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-zoomerang.hitbox[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.discountnewcars.com[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@webtrends.moxymedia[3].txt
C:\Documents and Settings\Daniel\Cookies\daniel@media.medhelp[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@media.adrevolver[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@statcounter[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@zedo[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@fastclick[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@sensismediasmart.com[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@revenue[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@advertising[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ad.zanox[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.sup[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@clickaider[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@partygaming.122.2o7[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@kontera[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@serving-sys[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@shopping.112.2o7[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@bravenet[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@media.sensis.com[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@anad.tacoda[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@socialmedia[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@webstat[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@counter2.hitslink[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@imrworldwide[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@tradedoubler[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@devart.adbureau[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@clickbank[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-centaur.hitbox[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@mediafire[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@fujielectricholdings.112.2o7[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@list[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@counter.surfcounters[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.adfox[3].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adtech[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@hitbox[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@realmedia[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@apmebf[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@rambler[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@eas.apm.emediate[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@overture[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@pacificpoker[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@msnportal.112.2o7[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@gettyimages.122.2o7[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-putmanmediainc.hitbox[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@indextools[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@bilbo.counted[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@sexandthecitymovie[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@xiti[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-reed.hitbox[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.associatedcontent[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@rotator.adjuggler[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-logantod.hitbox[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@nielsen.112.2o7[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-oreilly.hitbox[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@network.alluremedia.com[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.sexandthecityquotes[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@audit.median[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@fdau.adbureau[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@timeinc.122.2o7[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@m1.webstats.motigo[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.burstnet[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.realtechnetwork[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adrevolver[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@azjmp[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@e-2dj6wbl4eoajsgq.stats.esomniture[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.techguy[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@earthlink.122.2o7[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@insightexpressai[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@e-2dj6wfkieiczeco.stats.esomniture[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@e-2dj6whlyekc5ggo.stats.esomniture[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@mediaonenetwork[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.belstat[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@e-2dj6wfkiukcpcho.stats.esomniture[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-ti.hitbox[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@tripod[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@tracking.foxnews[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@counter.hitslink[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@tns-counter[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-futurepub.hitbox[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adinsert.buddymedia[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.multimania.lycos[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@e-2dj6wjlysidpsbq.stats.esomniture[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@statse.webtrendslive[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@clicksor[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adinterax[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@e-2dj6wgmiwnd5oap.stats.esomniture[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@bluestreak[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@rotabanner.izvestia[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.addynamix[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@media.fastclick[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.googleadservices[5].txt
C:\Documents and Settings\Daniel\Cookies\daniel@e-2dj6wfk4ugdpobo.stats.esomniture[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@questionmarket[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@videoegg.adbureau[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@server.cpmstar[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@reliableplant.advertserve[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@phg.hitbox[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@CAUQ4IX4.txt
C:\Documents and Settings\Daniel\Cookies\daniel@stopzilla[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@e-2dj6wgk4eoczaeo.stats.esomniture[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@sexandthecityquotes[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@mediaplex[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@hotlog[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@stat.dealtime[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@e-2dj6wgkikic5sbo.stats.esomniture[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@richmedia.yahoo[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@itxt.vibrantmedia[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@stat.onestat[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.googleadservices[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@yadro[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@display.mediafire[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.googleadservices[6].txt
C:\Documents and Settings\Daniel\Cookies\daniel@superstats[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.mediafire[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.googleadservices[9].txt
C:\Documents and Settings\Daniel\Cookies\daniel@mycounter.tinycounter[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.googleadservices[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@stats.sitesuite[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@CAQD4C4R.txt
C:\Documents and Settings\Daniel\Cookies\daniel@CAX6JZPC.txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.googleadservices[10].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.smallworldlabs[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ad1.clickhype[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@media.mtvnservices[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ehg.hitbox[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www4.addfreestats[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.telegraph.co[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@server.iad.liveperson[4].txt
C:\Documents and Settings\Daniel\Cookies\daniel@e-2dj6wfkiehcpcko.stats.esomniture[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@media.adrevolver[3].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.motogp[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@z.blogads[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.googleadservices[8].txt
C:\Documents and Settings\Daniel\Cookies\daniel@stats.paypal[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@interclick[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@hg1.hitbox[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.googleadservices[11].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ad.slashgear[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.adbrite[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.realtechnetwork[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.googleadservices[3].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.sexydesktop.co[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.burstbeacon[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.googleadservices[4].txt
C:\Documents and Settings\Daniel\Cookies\daniel@cz4.clickzs[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.stopzilla[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@CADX9VT5.txt

Unclassified.Unknown Origin
C:\DOCUMENTS AND SETTINGS\DANIEL\MY DOCUMENTS\DANIEL\TAFE\ESSENTIALS\1553FFAFF2327FDD73E9D5E8F5EEF82CB46\KEYGEN.NFO


***************************************************************************************************



Malwarebytes' Anti-Malware 1.20
Database version: 962
Windows 5.1.2600 Service Pack 2

11:54:38 AM 18/07/2008
mbam-log-7-18-2008 (11-54-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 143286
Time elapsed: 59 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 34

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Daniel\Application Data\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> No action taken.

Files Infected:
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2003 Jul 11 - 07_52_55 AM_234.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2003 Jun 27 - 07_07_48 PM_203.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2003 Jun 27 - 08_04_48 PM_234.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2003 Jun 29 - 12_18_31 PM_187.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 01 - 06_15_17 PM_625.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 02 - 05_44_54 PM_750.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 03 - 04_31_47 PM_328.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 07 - 04_37_24 PM_442.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 08 - 06_18_42 PM_218.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 09 - 06_09_34 PM_640.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 10 - 05_14_38 PM_171.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 14 - 06_11_29 PM_436.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 14 - 08_36_41 PM_541.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 15 - 05_38_40 PM_000.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 16 - 05_30_51 PM_859.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 17 - 05_26_18 PM_093.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 20 - 07_09_22 PM_437.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 21 - 09_24_21 PM_703.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 23 - 05_31_55 PM_609.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 24 - 04_56_24 PM_406.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 25 - 05_57_05 PM_031.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 26 - 01_40_23 PM_414.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 28 - 02_19_21 PM_359.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 28 - 08_11_19 PM_684.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 28 - 08_24_45 PM_637.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 28 - 08_58_20 PM_075.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 28 - 09_12_33 PM_375.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 29 - 11_07_51 AM_828.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 30 - 04_40_31 PM_466.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 30 - 07_03_39 PM_250.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 30 - 09_25_23 AM_349.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> No action taken.
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> No action taken.



*************************************************************************************************
After

Malwarebytes' Anti-Malware 1.20
Database version: 962
Windows 5.1.2600 Service Pack 2

11:54:55 AM 18/07/2008
mbam-log-7-18-2008 (11-54-55).txt

Scan type: Full Scan (C:\|)
Objects scanned: 143286
Time elapsed: 59 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 34

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Daniel\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2003 Jul 11 - 07_52_55 AM_234.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2003 Jun 27 - 07_07_48 PM_203.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2003 Jun 27 - 08_04_48 PM_234.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2003 Jun 29 - 12_18_31 PM_187.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 01 - 06_15_17 PM_625.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 02 - 05_44_54 PM_750.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 03 - 04_31_47 PM_328.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 07 - 04_37_24 PM_442.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 08 - 06_18_42 PM_218.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 09 - 06_09_34 PM_640.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 10 - 05_14_38 PM_171.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 14 - 06_11_29 PM_436.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 14 - 08_36_41 PM_541.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 15 - 05_38_40 PM_000.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 16 - 05_30_51 PM_859.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jul 17 - 05_26_18 PM_093.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 20 - 07_09_22 PM_437.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 21 - 09_24_21 PM_703.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 23 - 05_31_55 PM_609.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 24 - 04_56_24 PM_406.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 25 - 05_57_05 PM_031.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 26 - 01_40_23 PM_414.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 28 - 02_19_21 PM_359.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 28 - 08_11_19 PM_684.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 28 - 08_24_45 PM_637.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 28 - 08_58_20 PM_075.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 28 - 09_12_33 PM_375.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 29 - 11_07_51 AM_828.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 30 - 04_40_31 PM_466.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 30 - 07_03_39 PM_250.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Log\2008 Jun 30 - 09_25_23 AM_349.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.

The computer exhibits no upfront malfunctioning except when I run CA eTrust PestPatrol Anti-Spyware
it picks up Antivirusgold 5.1 spyware and it can not remove it.
This still exists in my registry from which I can not remove for some reason unknown.
I have attached a screen shot of CA spyware

Thanks

Attached Files



#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 18 July 2008 - 08:11 AM

ok.. lets do this...


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    HKEY_CLASSES_ROOT\CLSID\{9CB478A2-CA39-0CFD-EFAC-DB80710601D3}
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



NEXT



Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Then, tell me about your computer..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 tburg

tburg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 21 July 2008 - 06:06 AM

Hi logs as requested

Explorer killed successfully
< HKEY_CLASSES_ROOT\CLSID\{9CB478A2-CA39-0CFD-EFAC-DB80710601D3} >
Registry key HKEY_CLASSES_ROOT\CLSID\{9CB478A2-CA39-0CFD-EFAC-DB80710601D3}\\ not found.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Daniel\LOCALS~1\Temp\~DF553.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daniel\LOCALS~1\Temp\~DF7A15.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daniel\LOCALS~1\Temp\~DF9203.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daniel\LOCALS~1\Temp\~DFEB41.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daniel\LOCALS~1\Temp\~DFF569.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daniel\LOCALS~1\Temp\~DFF9A0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daniel\LOCALS~1\Temp\2019wrd.~lk\7336fspext.dll scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07212008_180439



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, July 21, 2008 8:32:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/07/2008
Kaspersky Anti-Virus database records: 979828
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 95937
Number of viruses found: 5
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:52:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Daniel\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Daniel\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-7-21-2008( 18-28-12 ).LOG Object is locked skipped
C:\Documents and Settings\Daniel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Daniel\Desktop\Bleepingcomputer2.doc Object is locked skipped
C:\Documents and Settings\Daniel\Desktop\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vaoz skipped
C:\Documents and Settings\Daniel\Desktop\SmitfraudFix\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz skipped
C:\Documents and Settings\Daniel\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Daniel\Desktop\SmitfraudFix.exe/SmitfraudFix/IEDFix.C.exe Infected: Hoax.Win32.Renos.vaoz skipped
C:\Documents and Settings\Daniel\Desktop\SmitfraudFix.exe/SmitfraudFix/IEDFix.exe Infected: Hoax.Win32.Renos.vaoz skipped
C:\Documents and Settings\Daniel\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Daniel\Desktop\SmitfraudFix.exe RAR: infected - 3 skipped
C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\History\History.IE5\MSHist012008072120080722\index.dat Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Temp\~DF4824.tmp Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Temp\~DF63F3.tmp Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Temp\~DFD03D.tmp Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Temp\~DFD5D3.tmp Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Daniel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Daniel\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\SharedComponents\PPRT\logs\2008-07-21.csv Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{41A1850B-0612-4EFE-B0C2-2A7CCCE55CD6}\RP1001\change.log Object is locked skipped
C:\System Volume Information\_restore{41A1850B-0612-4EFE-B0C2-2A7CCCE55CD6}\RP993\A0364126.rbf Infected: not-a-virus:FraudTool.Win32.SpywareStop.al skipped
C:\System Volume Information\_restore{41A1850B-0612-4EFE-B0C2-2A7CCCE55CD6}\RP993\A0364129.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.fd skipped
C:\System Volume Information\_restore{41A1850B-0612-4EFE-B0C2-2A7CCCE55CD6}\RP993\A0364130.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.fe skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.


Thanks

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 21 July 2008 - 06:16 AM

Erm.. your log looks clean to my eyes.. Do you still received the error? (as in the picture?)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 tburg

tburg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 22 July 2008 - 07:20 AM

Hi
Still can not get rid of it
It is still present in the registry from original topic
I have attached file of view I have of screen
Thanks

Attached Files



#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 22 July 2008 - 11:05 AM

Please download RegSrch and unzip it to your Desktop.
  • Double-click RegScrh.vbs
  • Copy/paste {9CB478A2-CA39-0CFD-EFAC-DB80710601D3} to the RegSrch windows and press Ok
  • RegScrh will be dissappear. Please wait until a window pop-up stated the search is completed..
  • A log will be appear. Please save it to your Desktop and post its content here in your next reply

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 tburg

tburg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 23 July 2008 - 05:22 AM

Hi

REGEDIT4
; RegSrch.vbs Bill James

; Registry search results for string "{9CB478A2-CA39-0CFD-EFAC-DB80710601D3}" 23/07/2008 7:49:24 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-583907252-790525478-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="My Computer\\HKEY_CLASSES_ROOT\\CLSID\\{9CB478A2-CA39-0CFD-EFAC-DB80710601D3}"

Thanks

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 23 July 2008 - 08:49 AM

Please go to Start >> Run >> Copy/paste the following >> Press Enter..

reg export "HKEY_USERS\S-1-5-21-583907252-790525478-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit" C:\export.txt


Then please find a textfile at C:\export.txt and post its content in your next reply..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 tburg

tburg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 24 July 2008 - 07:08 AM

Hi export log as requested

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-583907252-790525478-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"View"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,17,00,00,00,43,00,00,00,15,04,00,00,55,02,00,00,7d,01,00,\
00,78,00,00,00,78,00,00,00,20,01,00,00,01,00,00,00
"FindFlags"=dword:0000000e
"LastKey"="My Computer\\HKEY_CLASSES_ROOT\\CLSID\\{9CB478A2-CA39-0CFD-EFAC-DB80710601D3}"

[HKEY_USERS\S-1-5-21-583907252-790525478-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites]

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users