Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack This Log & Others [CLOSED]


  • This topic is locked This topic is locked

#1
justwicked

justwicked

    New Member

  • Member
  • Pip
  • 3 posts
Hi guys, when you get the chance could you please look thru these logs to see if my system is now clear.

Cheers.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:21:31, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fidelity Systems\Instant Loyalty\Instant Loyalty Server.exe
C:\Program Files\Fidelity Systems\Instant Loyalty\Instant Loyalty Server.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tibbo\Tibbo Device Server Toolkit\tsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\CIEFFE\Spectiva DVMS\bkpserver.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 124.217.251.159 google.dk
O1 - Hosts: 124.217.251.159 google.se
O1 - Hosts: 124.217.251.159 google.co.nz
O1 - Hosts: 124.217.251.159 google.cn
O1 - Hosts: 124.217.251.159 google.com.pr
O1 - Hosts: 124.217.251.159 google.com.ca
O1 - Hosts: 124.217.251.159 google.com.ch
O1 - Hosts: 124.217.251.159 google.fi
O1 - Hosts: 124.217.251.159 google.co.in
O1 - Hosts: 124.217.251.159 google.co.uk
O1 - Hosts: 124.217.251.159 google.lv
O1 - Hosts: 124.217.251.159 google.co.hu
O1 - Hosts: 124.217.251.159 google.lk
O1 - Hosts: 124.217.251.159 google.com.au
O1 - Hosts: 124.217.251.159 google.ru
O1 - Hosts: 124.217.251.159 google.nl
O1 - Hosts: 124.217.251.159 google.be
O1 - Hosts: 124.217.251.159 google.de
O1 - Hosts: 124.217.251.159 gogle.de
O1 - Hosts: 124.217.251.159 googel.de
O1 - Hosts: 124.217.251.159 google.ro
O1 - Hosts: 124.217.251.159 google.kz
O1 - Hosts: 124.217.251.159 google.by
O1 - Hosts: 124.217.251.159 google.no
O1 - Hosts: 124.217.251.159 google.pl
O1 - Hosts: 124.217.251.159 google.com.pl
O1 - Hosts: 124.217.251.159 google.es
O1 - Hosts: 124.217.251.159 google.pt
O1 - Hosts: 124.217.251.159 google.com.br
O1 - Hosts: 124.217.251.159 google.vc
O1 - Hosts: 124.217.251.159 google.co.za
O1 - Hosts: 124.217.251.159 google.tm
O1 - Hosts: 124.217.251.159 google.com.my
O1 - Hosts: 124.217.251.159 google.bg
O1 - Hosts: 124.217.251.159 google.co.jp
O1 - Hosts: 124.217.251.159 google.ie
O1 - Hosts: 124.217.251.159 google.co.ck
O1 - Hosts: 124.217.251.159 google.com.mx
O1 - Hosts: 124.217.251.159 google.com.om
O1 - Hosts: 124.217.251.159 google.fr
O1 - Hosts: 124.217.251.159 google.mu
O1 - Hosts: 124.217.251.159 google.com.ph
O1 - Hosts: 124.217.251.159 google.com.jm
O1 - Hosts: 124.217.251.159 google.com
O1 - Hosts: 124.217.251.159 google.us
O1 - Hosts: 124.217.251.159 google.ro
O1 - Hosts: 124.217.251.159 www.google.dk
O1 - Hosts: 124.217.251.159 www.google.se
O1 - Hosts: 124.217.251.159 www.google.co.nz
O1 - Hosts: 124.217.251.159 www.google.cn
O1 - Hosts: 124.217.251.159 www.google.com.pr
O1 - Hosts: 124.217.251.159 www.google.com.ca
O1 - Hosts: 124.217.251.159 www.google.com.ch
O1 - Hosts: 124.217.251.159 www.google.fi
O1 - Hosts: 124.217.251.159 www.google.co.in
O1 - Hosts: 124.217.251.159 www.google.co.uk
O1 - Hosts: 124.217.251.159 www.google.lv
O1 - Hosts: 124.217.251.159 www.google.co.hu
O1 - Hosts: 124.217.251.159 www.google.lk
O1 - Hosts: 124.217.251.159 www.google.com.au
O1 - Hosts: 124.217.251.159 www.google.ru
O1 - Hosts: 124.217.251.159 www.google.nl
O1 - Hosts: 124.217.251.159 www.google.be
O1 - Hosts: 124.217.251.159 www.google.de
O1 - Hosts: 124.217.251.159 www.gogle.de
O1 - Hosts: 124.217.251.159 www.googel.de
O1 - Hosts: 124.217.251.159 www.google.ro
O1 - Hosts: 124.217.251.159 www.google.kz
O1 - Hosts: 124.217.251.159 www.google.by
O1 - Hosts: 124.217.251.159 www.google.no
O1 - Hosts: 124.217.251.159 www.google.pl
O1 - Hosts: 124.217.251.159 www.google.com.pl
O1 - Hosts: 124.217.251.159 www.google.es
O1 - Hosts: 124.217.251.159 www.google.pt
O1 - Hosts: 124.217.251.159 www.google.com.br
O1 - Hosts: 124.217.251.159 www.google.vc
O1 - Hosts: 124.217.251.159 www.google.co.za
O1 - Hosts: 124.217.251.159 www.google.tm
O1 - Hosts: 124.217.251.159 www.google.com.my
O1 - Hosts: 124.217.251.159 www.google.bg
O1 - Hosts: 124.217.251.159 www.google.co.jp
O1 - Hosts: 124.217.251.159 www.google.ie
O1 - Hosts: 124.217.251.159 www.google.co.ck
O1 - Hosts: 124.217.251.159 www.google.com.mx
O1 - Hosts: 124.217.251.159 www.google.com.om
O1 - Hosts: 124.217.251.159 www.google.fr
O1 - Hosts: 124.217.251.159 www.google.mu
O1 - Hosts: 124.217.251.159 www.google.com.ph
O1 - Hosts: 124.217.251.159 www.google.com.jm
O1 - Hosts: 124.217.251.159 www.google.com
O1 - Hosts: 124.217.251.159 www.google.us
O1 - Hosts: 124.217.251.159 www.google.ro
O1 - Hosts: 124.217.251.159 www.video.google.com
O1 - Hosts: 124.217.251.159 www.maps.google.com
O1 - Hosts: 124.217.251.159 www.groups.google.com
O1 - Hosts: 124.217.251.159 www.news.google.com
O1 - Hosts: 124.217.251.159 www.images.google.com
O1 - Hosts: 124.217.251.159 www.earth.google.com
O1 - Hosts: 124.217.251.159 www.code.google.com
O1 - Hosts: 124.217.251.159 www.directory.google.com
O1 - Hosts: 124.217.251.159 www.labs.google.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\6to4svce.exe
O4 - HKCU\..\Run: [UniwellServerID0] "C:\Program Files\Fidelity Systems\Instant Loyalty\Instant Loyalty Server.exe" /MIN
O4 - HKCU\..\Run: [UniwellServerID1] "C:\Program Files\Fidelity Systems\Instant Loyalty\Instant Loyalty Server.exe" /MIN /ID1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\6to4svce.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\6to4svce.exe
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - S-1-5-18 Startup: Spectiva DVMS Backup Services.lnk = C:\Program Files\CIEFFE\Spectiva DVMS\bkpserver.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Spectiva DVMS Backup Services.lnk = C:\Program Files\CIEFFE\Spectiva DVMS\bkpserver.exe (User 'Default user')
O4 - Startup: Spectiva DVMS Backup Services.lnk = C:\Program Files\CIEFFE\Spectiva DVMS\bkpserver.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: 82.163.126.179
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tibbo Service (tsvc) - Unknown owner - C:\Program Files\Tibbo\Tibbo Device Server Toolkit\tsvc.exe

--
End of file - 10151 bytes



Malwarebytes' Anti-Malware 1.11
Database version: 666

Scan type: Quick Scan
Objects scanned: 60879
Time elapsed: 51 minute(s), 51 second(s)

Memory Processes Infected: 9
Memory Modules Infected: 3
Registry Keys Infected: 16
Registry Values Infected: 21
Registry Data Items Infected: 0
Folders Infected: 82
Files Infected: 203

Memory Processes Infected:
C:\Program Files\WinReanimator\WinReanimator.exe (Rogue.WinReanimator) -> Unloaded process successfully.
C:\WINDOWS\svx.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\vlc.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\wdmon.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\svc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\svhoster.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\sv.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\svzip.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\runsql.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
c:\program files\winreanimator\winreanimator.dll (Rogue.WinReanimator) -> Unloaded module successfully.
C:\Program Files\WinReanimator\htmlayout.dll (Rogue.WinReanimator) -> Unloaded module successfully.
C:\Program Files\WinReanimator\pthreadVC2.dll (Rogue.WinReanimator) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware337 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware349 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45a4902e-4479-4eae-a186-8d0f7e4c78de} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4c1caacf-1788-4613-a840-6bd943d4ee95} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a7d6ad2-0881-451f-bb27-f5e2ee2c5b14} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{9a7d6ad2-0881-451f-bb27-f5e2ee2c5b14} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9fb3908c-6565-4cb0-95f8-e9f85258723c} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\spinstall (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysLibrary (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinReanimator (Rogue.WinReanimator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Starware337 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Starware349 (Adware.Starware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9fb3908c-6565-4cb0-95f8-e9f85258723c} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinReanimator (Rogue.WinReanimator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdmon (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\IEUpdate (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net64 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netsv32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netzip (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runsql (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Firewall auto setup (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Starware337 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\Microsoft.VC80.CRT (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Recipes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\RecipeSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\EbayKeyword (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\EbaySearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Horoscopes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\winreanimator\winreanimator.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\univrs32.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\sysabzg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Local Settings\Temp\xtnsht.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Local Settings\Temp\zfe2.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SEIJNX78\sdferw[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\Starware337Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\Starware337Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\bin\Starware337.dll (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\Starware349Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\Starware349Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\bin\Starware349.dll (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\sbmdl.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\sbmntr.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\sbun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\scit.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\scm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\scu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\waun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\htmlayout.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\pthreadVC2.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\unzip32.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\WinReanimator.cfg (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\WinReanimator.exe (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcm80.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcp80.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcr80.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\U0B23A388.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaykeyword.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaykeyword.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaysearch.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaysearch.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\horoscopes.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Horoscopes0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Recipes\RecipesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Recipes\RecipesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Tem373.tmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\EbayKeyword\EbayKeywordOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\EbayKeyword\EbayKeywordOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\EbaySearch\EbaySearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\EbaySearch\EbaySearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Horoscopes\HoroscopesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Horoscopes\HoroscopesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Layouts\PitchLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Layouts\PitchLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchAssistPlus\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchAssistPlus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Applicati
  • 0

Advertisements


#2
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi justwicked,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please resend the rest of the Malwarebytes log, it got cut off at

C:\Documents and Settings\Graham\Application Data\Starware349\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Applicati


This can happen because of a limit on the number of characters in any 1 post.

Cheers,

sage5

Edited by sage5, 21 April 2008 - 06:51 PM.

  • 0

#3
justwicked

justwicked

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi Sage5, thx. Here is the complete log.

Malwarebytes' Anti-Malware 1.11
Database version: 666

Scan type: Quick Scan
Objects scanned: 60879
Time elapsed: 51 minute(s), 51 second(s)

Memory Processes Infected: 9
Memory Modules Infected: 3
Registry Keys Infected: 16
Registry Values Infected: 21
Registry Data Items Infected: 0
Folders Infected: 82
Files Infected: 203

Memory Processes Infected:
C:\Program Files\WinReanimator\WinReanimator.exe (Rogue.WinReanimator) -> Unloaded process successfully.
C:\WINDOWS\svx.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\vlc.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\wdmon.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\svc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\svhoster.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\sv.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\svzip.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\runsql.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
c:\program files\winreanimator\winreanimator.dll (Rogue.WinReanimator) -> Unloaded module successfully.
C:\Program Files\WinReanimator\htmlayout.dll (Rogue.WinReanimator) -> Unloaded module successfully.
C:\Program Files\WinReanimator\pthreadVC2.dll (Rogue.WinReanimator) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware337 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware349 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45a4902e-4479-4eae-a186-8d0f7e4c78de} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4c1caacf-1788-4613-a840-6bd943d4ee95} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a7d6ad2-0881-451f-bb27-f5e2ee2c5b14} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{9a7d6ad2-0881-451f-bb27-f5e2ee2c5b14} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9fb3908c-6565-4cb0-95f8-e9f85258723c} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\spinstall (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysLibrary (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinReanimator (Rogue.WinReanimator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Starware337 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Starware349 (Adware.Starware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9fb3908c-6565-4cb0-95f8-e9f85258723c} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinReanimator (Rogue.WinReanimator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdmon (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\IEUpdate (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net64 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netsv32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netzip (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runsql (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Firewall auto setup (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Starware337 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\Microsoft.VC80.CRT (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Recipes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\RecipeSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\EbayKeyword (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\EbaySearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Horoscopes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\winreanimator\winreanimator.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\univrs32.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\sysabzg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Local Settings\Temp\xtnsht.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Local Settings\Temp\zfe2.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SEIJNX78\sdferw[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\Starware337Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\Starware337Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\bin\Starware337.dll (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware337\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\Starware349Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\Starware349Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\bin\Starware349.dll (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware349\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\sbmdl.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\sbmntr.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\sbun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\scit.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\scm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\scu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\waun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\htmlayout.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\pthreadVC2.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\unzip32.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\WinReanimator.cfg (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\WinReanimator.exe (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcm80.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcp80.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcr80.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\U0B23A388.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaykeyword.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaykeyword.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaysearch.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaysearch.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\horoscopes.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Horoscopes0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Recipes\RecipesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Recipes\RecipesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware337\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Tem373.tmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\EbayKeyword\EbayKeywordOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\EbayKeyword\EbayKeywordOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\EbaySearch\EbaySearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\EbaySearch\EbaySearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Horoscopes\HoroscopesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Horoscopes\HoroscopesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Layouts\PitchLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Layouts\PitchLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchAssistPlus\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchAssistPlus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Application Data\Starware349\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\svx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\vlc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wdmon.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4svce.exe (Trojan.Agent) -> Delete on reboot.
C:\winxplogon.sys (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svhoster.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\sv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svzip.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\runsql.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aaaamont.exe (Worm.Sdbot) -> Delete on reboot.
C:\syswegc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spywarewarning.mht (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Graham\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
  • 0

#4
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi justwicked,

Please download the following & save to your Desktop:
Deckard's System Scanner


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 124.217.251.159 google.dk
O1 - Hosts: 124.217.251.159 google.se
O1 - Hosts: 124.217.251.159 google.co.nz
O1 - Hosts: 124.217.251.159 google.cn
O1 - Hosts: 124.217.251.159 google.com.pr
O1 - Hosts: 124.217.251.159 google.com.ca
O1 - Hosts: 124.217.251.159 google.com.ch
O1 - Hosts: 124.217.251.159 google.fi
O1 - Hosts: 124.217.251.159 google.co.in
O1 - Hosts: 124.217.251.159 google.co.uk
O1 - Hosts: 124.217.251.159 google.lv
O1 - Hosts: 124.217.251.159 google.co.hu
O1 - Hosts: 124.217.251.159 google.lk
O1 - Hosts: 124.217.251.159 google.com.au
O1 - Hosts: 124.217.251.159 google.ru
O1 - Hosts: 124.217.251.159 google.nl
O1 - Hosts: 124.217.251.159 google.be
O1 - Hosts: 124.217.251.159 google.de
O1 - Hosts: 124.217.251.159 gogle.de
O1 - Hosts: 124.217.251.159 googel.de
O1 - Hosts: 124.217.251.159 google.ro
O1 - Hosts: 124.217.251.159 google.kz
O1 - Hosts: 124.217.251.159 google.by
O1 - Hosts: 124.217.251.159 google.no
O1 - Hosts: 124.217.251.159 google.pl
O1 - Hosts: 124.217.251.159 google.com.pl
O1 - Hosts: 124.217.251.159 google.es
O1 - Hosts: 124.217.251.159 google.pt
O1 - Hosts: 124.217.251.159 google.com.br
O1 - Hosts: 124.217.251.159 google.vc
O1 - Hosts: 124.217.251.159 google.co.za
O1 - Hosts: 124.217.251.159 google.tm
O1 - Hosts: 124.217.251.159 google.com.my
O1 - Hosts: 124.217.251.159 google.bg
O1 - Hosts: 124.217.251.159 google.co.jp
O1 - Hosts: 124.217.251.159 google.ie
O1 - Hosts: 124.217.251.159 google.co.ck
O1 - Hosts: 124.217.251.159 google.com.mx
O1 - Hosts: 124.217.251.159 google.com.om
O1 - Hosts: 124.217.251.159 google.fr
O1 - Hosts: 124.217.251.159 google.mu
O1 - Hosts: 124.217.251.159 google.com.ph
O1 - Hosts: 124.217.251.159 google.com.jm
O1 - Hosts: 124.217.251.159 google.com
O1 - Hosts: 124.217.251.159 google.us
O1 - Hosts: 124.217.251.159 google.ro
O1 - Hosts: 124.217.251.159 www.google.dk
O1 - Hosts: 124.217.251.159 www.google.se
O1 - Hosts: 124.217.251.159 www.google.co.nz
O1 - Hosts: 124.217.251.159 www.google.cn
O1 - Hosts: 124.217.251.159 www.google.com.pr
O1 - Hosts: 124.217.251.159 www.google.com.ca
O1 - Hosts: 124.217.251.159 www.google.com.ch
O1 - Hosts: 124.217.251.159 www.google.fi
O1 - Hosts: 124.217.251.159 www.google.co.in
O1 - Hosts: 124.217.251.159 www.google.co.uk
O1 - Hosts: 124.217.251.159 www.google.lv
O1 - Hosts: 124.217.251.159 www.google.co.hu
O1 - Hosts: 124.217.251.159 www.google.lk
O1 - Hosts: 124.217.251.159 www.google.com.au
O1 - Hosts: 124.217.251.159 www.google.ru
O1 - Hosts: 124.217.251.159 www.google.nl
O1 - Hosts: 124.217.251.159 www.google.be
O1 - Hosts: 124.217.251.159 www.google.de
O1 - Hosts: 124.217.251.159 www.gogle.de
O1 - Hosts: 124.217.251.159 www.googel.de
O1 - Hosts: 124.217.251.159 www.google.ro
O1 - Hosts: 124.217.251.159 www.google.kz
O1 - Hosts: 124.217.251.159 www.google.by
O1 - Hosts: 124.217.251.159 www.google.no
O1 - Hosts: 124.217.251.159 www.google.pl
O1 - Hosts: 124.217.251.159 www.google.com.pl
O1 - Hosts: 124.217.251.159 www.google.es
O1 - Hosts: 124.217.251.159 www.google.pt
O1 - Hosts: 124.217.251.159 www.google.com.br
O1 - Hosts: 124.217.251.159 www.google.vc
O1 - Hosts: 124.217.251.159 www.google.co.za
O1 - Hosts: 124.217.251.159 www.google.tm
O1 - Hosts: 124.217.251.159 www.google.com.my
O1 - Hosts: 124.217.251.159 www.google.bg
O1 - Hosts: 124.217.251.159 www.google.co.jp
O1 - Hosts: 124.217.251.159 www.google.ie
O1 - Hosts: 124.217.251.159 www.google.co.ck
O1 - Hosts: 124.217.251.159 www.google.com.mx
O1 - Hosts: 124.217.251.159 www.google.com.om
O1 - Hosts: 124.217.251.159 www.google.fr
O1 - Hosts: 124.217.251.159 www.google.mu
O1 - Hosts: 124.217.251.159 www.google.com.ph
O1 - Hosts: 124.217.251.159 www.google.com.jm
O1 - Hosts: 124.217.251.159 www.google.com
O1 - Hosts: 124.217.251.159 www.google.us
O1 - Hosts: 124.217.251.159 www.google.ro
O1 - Hosts: 124.217.251.159 www.video.google.com
O1 - Hosts: 124.217.251.159 www.maps.google.com
O1 - Hosts: 124.217.251.159 www.groups.google.com
O1 - Hosts: 124.217.251.159 www.news.google.com
O1 - Hosts: 124.217.251.159 www.images.google.com
O1 - Hosts: 124.217.251.159 www.earth.google.com
O1 - Hosts: 124.217.251.159 www.code.google.com
O1 - Hosts: 124.217.251.159 www.directory.google.com
O1 - Hosts: 124.217.251.159 www.labs.google.com
O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\6to4svce.exe
O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\6to4svce.exe
O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\6to4svce.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O15 - Trusted IP range: 82.163.126.179
O20 - AppInit_DLLs: cru629.dat

  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to C:\active_scan.txt
  • Post the contents of the TotalScan report


Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of
  • main.txt
  • extra.txt
  • C:\active_scan.txt
in your next reply.



Cheers,

sage5
  • 0

#5
justwicked

justwicked

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi Sage 5, thx for the help.

Here are the logs as requested.

Cheers.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 255.48 MiB / 85.02 MiB
Pagefile Memory (total/avail): 702.92 MiB / 341.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.93 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.27 GiB total, 15.73 GiB free.
D: is CDROM (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:

\\.\PHYSICALDRIVE1 - EPSON Stylus Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\UltraVNC\\winvnc.exe"="C:\\Program Files\\UltraVNC\\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Graham\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GRAHAM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Graham
LOGONSERVER=\\GRAHAM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Graham\LOCALS~1\Temp
TMP=C:\DOCUME~1\Graham\LOCALS~1\Temp
USERDOMAIN=GRAHAM
USERNAME=Graham
USERPROFILE=C:\Documents and Settings\Graham
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Graham (admin)
LogMeInRemoteUser (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x9 uninst
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x9 -UnInstall
EPSON PhotoQuicker3.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x9 uninst
EPSON PhotoStarter3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x9 uninst
EPSON PRINT Image Framer Tool2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
ESPRX420 Software Guide --> C:\Program Files\EPSON\TPMANUAL\ESPRX420\PQU_G\DOCUNINS.EXE
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Hard Rock Casino --> C:\PROGRA~1\Hexacto\HARDRO~1\UNWISE.EXE C:\PROGRA~1\Hexacto\HARDRO~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Instant Drilldown --> MsiExec.exe /I{5C8EA9A8-C0FA-4C60-941A-DCDAF49A0A03}
Instant Drilldown --> MsiExec.exe /I{7B7BC1F4-B358-4C29-B9F6-A02D2EDE6695}
Instant Loyalty System --> MsiExec.exe /I{D4D9B4EB-A4FD-4AD5-93D7-AC364F45D017}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_247a9a9e\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LG GSM PC Components --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}\setup.exe" -l0x9
LG USB Modem Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
LogMeIn --> MsiExec.exe /I{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda TotalScan --> C:\Program Files\Panda Security\TotalScan\ascuninst.exe
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x9
Proxima DVMS --> C:\Program Files\CIEFFE\Proxima DVMS\uninst.exe
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Spectiva RemoteControl --> C:\Program Files\CIEFFE\Spectiva DVMS\uninst.exe
SplitWave 2.0 --> MsiExec.exe /I{75894E15-11AA-4490-84EE-FED6F9D5A645}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tibbo Device Server Toolkit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2AA4E05D-7F8C-42CB-9D98-C0D63D42D304}\Setup.exe"
Total Control and Stock V1-5 Build 16b --> MsiExec.exe /X{94B56ED6-0EF4-439B-9D9C-53424E2633FC}
Total Control and Stock V1-5 Build 18c --> MsiExec.exe /X{A745A779-C3B6-4605-8B71-4F213B89B0A6}
UltraVNC v1.0.2 --> "C:\Program Files\UltraVNC\unins000.exe"
VBloXCFG --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Honeywell\VBloXCFG\DeIsL1.isu" -c"C:\Program Files\Honeywell\VBloXCFG\_ISREG32.DLL"
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
VIA Audio Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Video Codecs --> C:\WINDOWS\system32\insignis_uninst_codecs.exe
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WaveReader Ver 4-2 G --> MsiExec.exe /I{6A4EC4DA-C780-4A0E-BF64-AE2F65F85749}
Web Easy Professional 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB46AB60-F603-4FEA-8A0C-590EA4982C0B}\Setup.exe" -l0x9 -removeonly
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type10183 / Error
Event Submitted/Written: 04/28/2008 00:16:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application AcroRd32.exe, version 7.0.8.218, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10176 / Error
Event Submitted/Written: 04/22/2008 02:33:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10148 / Error
Event Submitted/Written: 04/21/2008 08:38:02 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application MSE7.EXE, version 11.0.5510.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10137 / Error
Event Submitted/Written: 04/21/2008 04:51:53 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF_Cleaner.exe, version 3.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10136 / Error
Event Submitted/Written: 04/21/2008 02:02:12 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF_Cleaner.exe, version 3.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type95 / Error
Event Submitted/Written: 04/29/2008 06:09:39 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer PRESTIGE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{57D550A9-2EE3-43F2-.
The master browser is stopping or an election is being forced.

Event Record #/Type94 / Error
Event Submitted/Written: 04/29/2008 05:09:37 PM / 04/29/2008 05:09:38 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer PRESTIGE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{57D550A9-2EE3-43F2-.
The master browser is stopping or an election is being forced.

Event Record #/Type93 / Error
Event Submitted/Written: 04/29/2008 04:02:15 PM / 04/29/2008 04:02:16 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer KEVIN-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{57D550A9-2EE3-43F2-.
The master browser is stopping or an election is being forced.

Event Record #/Type92 / Error
Event Submitted/Written: 04/29/2008 02:45:57 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer KEVIN-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{57D550A9-2EE3-43F2-.
The master browser is stopping or an election is being forced.

Event Record #/Type91 / Error
Event Submitted/Written: 04/29/2008 01:22:01 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer KEVIN-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{57D550A9-2EE3-43F2-.
The master browser is stopping or an election is being forced.



-- End of Deckard's System Scanner: finished at 2008-04-29 18:35:23 ------------

Deckard's System Scanner v20071014.68
Run by Graham on 2008-04-29 18:29:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
87: 2008-04-29 17:30:01 UTC - RP837 - Deckard's System Scanner Restore Point
86: 2008-04-28 16:49:34 UTC - RP836 - System Checkpoint
85: 2008-04-27 14:43:53 UTC - RP835 - System Checkpoint
84: 2008-04-26 13:43:52 UTC - RP834 - System Checkpoint
83: 2008-04-25 12:47:12 UTC - RP833 - System Checkpoint


-- First Restore Point --
1: 2008-02-08 22:32:14 UTC - RP751 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Graham.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:59, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\PCPrivacyTool\plug\GDCW.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\PCPrivacyTool\stm.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Fidelity Systems\Instant Loyalty\Instant Loyalty Server.exe
C:\Program Files\Fidelity Systems\Instant Loyalty\Instant Loyalty Server.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\CIEFFE\Spectiva DVMS\bkpserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tibbo\Tibbo Device Server Toolkit\tsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Graham\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Graham.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\PCPrivacyTool\stm.exe" dm=http://pcprivacytool.com ad=http://pcprivacytool.com sd=http://ilp.pcprivacytool.com
O4 - HKCU\..\Run: [UniwellServerID0] "C:\Program Files\Fidelity Systems\Instant Loyalty\Instant Loyalty Server.exe" /MIN
O4 - HKCU\..\Run: [UniwellServerID1] "C:\Program Files\Fidelity Systems\Instant Loyalty\Instant Loyalty Server.exe" /MIN /ID1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [AskUninstall] "C:\Program Files\Internet Explorer\iexplore.exe" http://pcprivacytool...ed20203=5126676
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - S-1-5-18 Startup: Spectiva DVMS Backup Services.lnk = C:\Program Files\CIEFFE\Spectiva DVMS\bkpserver.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Spectiva DVMS Backup Services.lnk = C:\Program Files\CIEFFE\Spectiva DVMS\bkpserver.exe (User 'Default user')
O4 - Startup: Spectiva DVMS Backup Services.lnk = C:\Program Files\CIEFFE\Spectiva DVMS\bkpserver.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tibbo Service (tsvc) - Unknown owner - C:\Program Files\Tibbo\Tibbo Device Server Toolkit\tsvc.exe

--
End of file - 5826 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080429-091403-100 O1 - Hosts: 124.217.251.159 www.google.co.in
backup-20080429-091403-101 O1 - Hosts: 124.217.251.159 google.com.pl
backup-20080429-091403-135 O1 - Hosts: 124.217.251.159 www.google.vc
backup-20080429-091403-144 O1 - Hosts: 124.217.251.159 google.ie
backup-20080429-091403-150 O1 - Hosts: 124.217.251.159 google.de
backup-20080429-091403-159 O1 - Hosts: 124.217.251.159 google.tm
backup-20080429-091403-163 O1 - Hosts: 124.217.251.159 google.es
backup-20080429-091403-164 O1 - Hosts: 124.217.251.159 www.google.com.pr
backup-20080429-091403-173 O1 - Hosts: 124.217.251.159 www.google.pl
backup-20080429-091403-175 O1 - Hosts: 124.217.251.159 google.com.ca
backup-20080429-091403-181 O1 - Hosts: 124.217.251.159 google.com.pr
backup-20080429-091403-192 O1 - Hosts: 124.217.251.159 www.google.com.br
backup-20080429-091403-193 O1 - Hosts: 124.217.251.159 www.google.us
backup-20080429-091403-219 O1 - Hosts: 124.217.251.159 www.news.google.com
backup-20080429-091403-224 O1 - Hosts: 124.217.251.159 google.se
backup-20080429-091403-235 R3 - URLSearchHook: (no name) - - (no file)
backup-20080429-091403-239 O1 - Hosts: 124.217.251.159 google.lk
backup-20080429-091403-250 O1 - Hosts: 124.217.251.159 www.google.ie
backup-20080429-091403-259 O1 - Hosts: 124.217.251.159 google.co.za
backup-20080429-091403-260 O1 - Hosts: 124.217.251.159 google.lv
backup-20080429-091403-265 O1 - Hosts: 124.217.251.159 www.google.co.hu
backup-20080429-091403-267 O1 - Hosts: 124.217.251.159 google.be
backup-20080429-091403-313 O1 - Hosts: 124.217.251.159 google.co.nz
backup-20080429-091403-314 O1 - Hosts: 124.217.251.159 google.fi
backup-20080429-091403-316 O1 - Hosts: 124.217.251.159 google.nl
backup-20080429-091403-328 O1 - Hosts: 124.217.251.159 google.com
backup-20080429-091403-347 O1 - Hosts: 124.217.251.159 www.earth.google.com
backup-20080429-091403-348 O1 - Hosts: 124.217.251.159 www.gogle.de
backup-20080429-091403-353 O1 - Hosts: 124.217.251.159 www.google.com.om
backup-20080429-091403-366 O1 - Hosts: 124.217.251.159 google.kz
backup-20080429-091403-372 O1 - Hosts: 124.217.251.159 www.google.de
backup-20080429-091403-387 O1 - Hosts: 124.217.251.159 google.bg
backup-20080429-091403-389 O1 - Hosts: 124.217.251.159 www.google.fr
backup-20080429-091403-402 O1 - Hosts: 124.217.251.159 www.google.mu
backup-20080429-091403-407 O1 - Hosts: 124.217.251.159 www.maps.google.com
backup-20080429-091403-410 O1 - Hosts: 124.217.251.159 google.dk
backup-20080429-091403-418 O1 - Hosts: 124.217.251.159 www.google.nl
backup-20080429-091403-424 O1 - Hosts: 124.217.251.159 google.ro
backup-20080429-091403-429 O1 - Hosts: 124.217.251.159 www.google.ro
backup-20080429-091403-431 O1 - Hosts: 124.217.251.159 www.google.co.ck
backup-20080429-091403-439 O1 - Hosts: 124.217.251.159 www.video.google.com
backup-20080429-091403-447 O1 - Hosts: 124.217.251.159 google.pt
backup-20080429-091403-456 O1 - Hosts: 124.217.251.159 www.google.com.ca
backup-20080429-091403-462 O1 - Hosts: 124.217.251.159 google.com.jm
backup-20080429-091403-463 O1 - Hosts: 124.217.251.159 www.google.bg
backup-20080429-091403-466 O1 - Hosts: 124.217.251.159 www.google.com.my
backup-20080429-091403-487 O1 - Hosts: 124.217.251.159 www.google.co.jp
backup-20080429-091403-502 O1 - Hosts: 124.217.251.159 gogle.de
backup-20080429-091403-503 O1 - Hosts: 124.217.251.159 google.com.mx
backup-20080429-091403-506 O1 - Hosts: 124.217.251.159 www.google.com.ph
backup-20080429-091403-507 O1 - Hosts: 124.217.251.159 googel.de
backup-20080429-091403-512 O1 - Hosts: 124.217.251.159 google.cn
backup-20080429-091403-532 O1 - Hosts: 124.217.251.159 www.google.ro
backup-20080429-091403-545 O1 - Hosts: 124.217.251.159 google.ru
backup-20080429-091403-573 O1 - Hosts: 124.217.251.159 www.google.co.za
backup-20080429-091403-584 O1 - Hosts: 124.217.251.159 www.google.com
backup-20080429-091403-591 O1 - Hosts: 124.217.251.159 google.us
backup-20080429-091403-596 O1 - Hosts: 124.217.251.159 www.google.by
backup-20080429-091403-655 O1 - Hosts: 124.217.251.159 google.mu
backup-20080429-091403-659 O1 - Hosts: 124.217.251.159 www.google.com.ch
backup-20080429-091403-662 O1 - Hosts: 124.217.251.159 www.google.com.jm
backup-20080429-091403-668 O1 - Hosts: 124.217.251.159 www.google.lk
backup-20080429-091403-675 O1 - Hosts: 124.217.251.159 www.google.no
backup-20080429-091403-676 O1 - Hosts: 124.217.251.159 google.com.om
backup-20080429-091403-679 O1 - Hosts: 124.217.251.159 www.google.com.pl
backup-20080429-091403-681 O1 - Hosts: 124.217.251.159 www.google.ru
backup-20080429-091403-683 O1 - Hosts: 124.217.251.159 www.google.cn
backup-20080429-091403-687 O1 - Hosts: 124.217.251.159 google.fr
backup-20080429-091403-705 O1 - Hosts: 124.217.251.159 www.google.fi
backup-20080429-091403-711 O1 - Hosts: 124.217.251.159 www.google.co.uk
backup-20080429-091403-719 O1 - Hosts: 124.217.251.159 www.google.dk
backup-20080429-091403-725 O1 - Hosts: 124.217.251.159 google.com.my
backup-20080429-091403-744 O1 - Hosts: 124.217.251.159 google.co.in
backup-20080429-091403-751 O1 - Hosts: 124.217.251.159 google.com.ph
backup-20080429-091403-774 O1 - Hosts: 124.217.251.159 google.co.jp
backup-20080429-091403-778 O1 - Hosts: 124.217.251.159 www.google.pt
backup-20080429-091403-787 O1 - Hosts: 124.217.251.159 www.google.com.mx
backup-20080429-091403-790 O1 - Hosts: 124.217.251.159 www.google.se
backup-20080429-091403-791 O1 - Hosts: 124.217.251.159 google.com.ch
backup-20080429-091403-799 O1 - Hosts: 124.217.251.159 www.google.lv
backup-20080429-091403-803 O1 - Hosts: 124.217.251.159 www.images.google.com
backup-20080429-091403-831 O1 - Hosts: 124.217.251.159 google.co.ck
backup-20080429-091403-838 O1 - Hosts: 124.217.251.159 google.by
backup-20080429-091403-843 O1 - Hosts: 124.217.251.159 www.google.co.nz
backup-20080429-091403-859 O1 - Hosts: 124.217.251.159 google.com.br
backup-20080429-091403-867 O1 - Hosts: 124.217.251.159 www.google.kz
backup-20080429-091403-877 O1 - Hosts: 124.217.251.159 google.pl
backup-20080429-091403-887 O1 - Hosts: 124.217.251.159 google.vc
backup-20080429-091403-888 O1 - Hosts: 124.217.251.159 www.googel.de
backup-20080429-091403-895 O1 - Hosts: 124.217.251.159 www.google.es
backup-20080429-091403-904 O1 - Hosts: 124.217.251.159 google.co.hu
backup-20080429-091403-927 O1 - Hosts: 124.217.251.159 www.google.com.au
backup-20080429-091403-942 O1 - Hosts: 124.217.251.159 www.google.be
backup-20080429-091403-945 O1 - Hosts: 124.217.251.159 google.ro
backup-20080429-091403-950 O1 - Hosts: 124.217.251.159 www.groups.google.com
backup-20080429-091403-952 O1 - Hosts: 124.217.251.159 google.no
backup-20080429-091403-968 O1 - Hosts: 124.217.251.159 google.com.au
backup-20080429-091403-985 O1 - Hosts: 124.217.251.159 google.co.uk
backup-20080429-091403-994 O1 - Hosts: 124.217.251.159 www.google.tm
backup-20080429-091404-214 O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\6to4svce.exe
backup-20080429-091404-357 O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\6to4svce.exe
backup-20080429-091404-369 O15 - Trusted IP range: 82.163.126.179
backup-20080429-091404-560 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
backup-20080429-091404-584 O1 - Hosts: 124.217.251.159 www.labs.google.com
backup-20080429-091404-628 O1 - Hosts: 124.217.251.159 www.code.google.com
backup-20080429-091404-682 O1 - Hosts: 124.217.251.159 www.directory.google.com
backup-20080429-091404-786 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
backup-20080429-091404-908 O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\6to4svce.exe
backup-20080429-091404-917 O20 - AppInit_DLLs: cru629.dat

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 tsvckrnl (Tibbo Service Kernel-mode Satellite) - c:\windows\system32\drivers\tsvc.sys
R2 WinDriver - c:\windows\system32\drivers\windrvr.sys <Not Verified; KRFTech; WinDriver Device Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 tvspd (Virtual Serial Port Driver) - c:\windows\system32\drivers\tvspd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT® Operating System>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 tsvc (Tibbo Service) - c:\program files\tibbo\tibbo device server toolkit\tsvc.exe

S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-29 03:33:37 416 --a------ C:\WINDOWS\Tasks\Total Control.job


-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-29 17:11:14 0 dr-h----- C:\$VAULT$.AVG
2008-04-29 09:16:22 0 d-------- C:\WINDOWS\LastGood
2008-04-28 16:49:00 0 d-------- C:\Documents and Settings\Graham\Application Data\PCPrivacyTool
2008-04-25 14:47:46 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-04-25 14:47:44 0 d-------- C:\Documents and Settings\All Users\Application Data\PCPrivacyTool
2008-04-25 14:47:39 0 d-------- C:\Program Files\Common Files\PCPrivacyTool
2008-04-25 14:47:31 0 d-------- C:\Program Files\PCPrivacyTool
2008-04-22 11:38:28 0 d-------- C:\Documents and Settings\Graham\Application Data\AVG7
2008-04-22 11:38:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-22 11:37:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-22 10:12:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-22 01:19:40 0 d-------- C:\Program Files\Trend Micro
2008-04-21 21:59:39 0 d-------- C:\Program Files\Panda Security
2008-04-21 18:21:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-21 18:21:19 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-21 18:21:18 0 d-------- C:\Documents and Settings\Graham\Application Data\SUPERAntiSpyware.com
2008-04-21 18:20:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 17:02:52 0 d-------- C:\Documents and Settings\Graham\Application Data\Malwarebytes
2008-04-21 17:02:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 17:02:32 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 17:01:57 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-19 08:25:59 144 --ahs---- C:\WINDOWS\system32\4176499683.dat
2008-04-09 06:39:18 2 --a------ C:\-118467613
2008-04-06 22:28:20 6553600 --a------ C:\Documents and Settings\Graham\ntuser.dat
2008-04-06 22:28:19 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-04-29 11:21:00 0 d-------- C:\Program Files\WaveReader
2008-04-29 10:54:38 0 d-------- C:\Program Files\LogMeIn
2008-04-25 14:47:39 0 d-------- C:\Program Files\Common Files
2008-03-18 11:38:43 0 d-------- C:\Documents and Settings\Graham\Application Data\EPSON
2008-03-11 16:14:47 0 d-------- C:\Program Files\QuickTime
2008-03-11 16:14:46 0 d-------- C:\Program Files\MSN Messenger
2008-03-09 19:41:52 14195 --a------ C:\WINDOWS\ipiryd.pif
2008-03-09 19:41:52 19915 --a------ C:\Documents and Settings\Graham\Application Data\ybabivum.dl
2008-03-09 19:41:52 18666 --a------ C:\Documents and Settings\Graham\Application Data\verovam.scr
2008-03-09 19:41:52 16567 --a------ C:\Documents and Settings\Graham\Application Data\iqimi._dl
2008-03-09 19:41:51 13274 --a------ C:\WINDOWS\system32\nilub.com
2008-03-09 19:41:51 17361 --a------ C:\Program Files\Common Files\ojanuci.vbs
2008-03-08 14:01:36 0 d-------- C:\Documents and Settings\Graham\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/03/2006 15:29]
"BluetoothAuthenticationAgent"="irprops.cpl" [04/08/2004 01:56 C:\WINDOWS\system32\irprops.cpl]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/03/2006 15:29]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [22/04/2008 11:37]
"Salestart"="C:\Program Files\Common Files\PCPrivacyTool\stm.exe" [27/02/2008 19:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UniwellServerID0"="C:\Program Files\Fidelity Systems\Instant Loyalty\Instant Loyalty Server.exe" [23/08/2006 12:15]
"UniwellServerID1"="C:\Program Files\Fidelity Systems\Instant Loyalty\Instant Loyalty Server.exe" [23/08/2006 12:15]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [22/04/2008 10:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"AskUninstall"="C:\Program Files\Internet Explorer\iexplore.exe" http://pcprivacytool...ed20203=5126676

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

C:\Documents and Settings\Graham\Start Menu\Programs\Startup\
Spectiva DVMS Backup Services.lnk - C:\Program Files\CIEFFE\Spectiva DVMS\bkpserver.exe [29/11/2005 12:52:19]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [23/07/2004 08:26:34]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [13/02/2004 14:12:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 22/04/2008 10:26 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 15/11/2007 19:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"IEUpdate"= C:\WINDOWS\system32\6to4svce.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]


@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-29 18:35:23 ------------

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-29 18:14:41
PROTECTIONS: 1
MALWARE: 65
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.524 7.5.524 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4c6a-9D17-95018D228FF5}
00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}
00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}
00122168 Application/Restart HackTools No 0 Yes No C:\WINDOWS\system32\Tools\Restart.exe
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][1].txt
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][2].txt
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][2].txt
00220923 Application/ErrorSafe HackTools No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP826\A0116266.dll
00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\HoyleCasino2006v12Setup-dm[1].exe
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][1].txt
00263288 Application/ErrorSafe HackTools No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP826\A0116269.exe
00287266 Application/ErrorSafe HackTools No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP826\A0116268.dll
00287267 Application/ErrorSafe HackTools No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP782\A0104392.exe
00287268 Application/ErrorSafe HackTools No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP826\A0116270.dll
00287269 Application/ErrorSafe HackTools No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP826\A0116267.dll
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\Graham\Cookies\[email protected][1].txt
00520005 Trj/Downloader.NUS Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP811\A0113684.exe
01230278 W32/PatchLog.gen Virus No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP811\A0113683.exe
01230278 W32/PatchLog.gen Virus No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP812\A0113775.exe
01230278 W32/PatchLog.gen Virus No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP812\A0113777.exe
01230278 W32/PatchLog.gen Virus No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP812\A0113776.exe
01230278 W32/PatchLog.gen Virus No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP811\A0113682.exe
01789974 Rootkit/Agysteo.Q HackTools No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP784\A0106394.sys
01895148 Malicious Packer SecRisk No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP811\A0113689.exe
01895148 Malicious Packer SecRisk No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP812\A0113737.exe
01895148 Malicious Packer SecRisk No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP811\A0113676.exe
02895262 W32/PatchLog.P Virus No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP782\A0104382.exe
02895262 W32/PatchLog.P Virus No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP782\A0104383.exe
02895262 W32/PatchLog.P Virus No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP782\A0104384.exe
02895262 W32/PatchLog.P Virus No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP782\A0104380.exe
02895262 W32/PatchLog.P Vir
  • 0

#6
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi justwicked,

The TotalScan log (C:\active_scan.txt) got cut off at

02895262 W32/PatchLog.P Virus No 0 Yes No C:\System Volume Information\_restore{07D3D612-6484-4C98-B009-E25AAEAB6299}\RP782\A0104380.exe
02895262 W32/PatchLog.P Vir



Can you please resend that log.

Cheers,

sage5
  • 0

#7
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP