Help: Trojan horse generic

[Juan Pablo Lopez]

Hi PP,

I've done all the scans. All the logs are pasted below, the only one that I miss is the uninstall log. I cant install the HijackThis program. I run the dss.exe, it askes me to install Hijackthis. I click on yes but then comes an error window "Unable to download Hijackthis". I've turned off my firewall but that error keeps coming.

Thank you for your help.

JP


Deckard's System Scanner v20071014.68
Run by Juampi on 2008-08-18 16:52:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 8.32 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-18 16:52:52
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\BR040286.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Users\Juampi\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\rundll32.exe
D:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
D:\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.ex e
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Windows\System32\wuauclt.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\conime.exe
C:\Users\Juampi\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Converteren naar Adobe PDF - res://D:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://D:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://D:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://D:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://D:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://D:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://D:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://D:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\system32\igfxdev.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - D:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\System32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 16554 bytes

-- Files created between 2008-07-18 and 2008-08-18 -----------------------------

2008-08-18 11:39:19 0 d-------- C:\Program Files\Panda Security
2008-08-14 22:40:59 0 d-------- C:\Users\All Users\Malwarebytes
2008-08-14 22:40:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-14 21:35:34 0 d--h----- C:\$AVG8.VAULT$
2008-08-14 21:30:51 0 d-------- C:\Windows\system32\drivers\Avg
2008-08-14 21:30:36 0 d-------- C:\Users\All Users\avg8
2008-08-14 21:30:36 0 d-------- C:\Program Files\AVG
2008-08-13 10:47:06 0 d-------- C:\Users\All Users\LightScribe
2008-08-13 10:00:32 0 d-------- C:\Users\All Users\Nero
2008-08-13 10:00:32 0 d-------- C:\Program Files\Nero
2008-08-13 10:00:32 0 d-------- C:\Program Files\Common Files\Nero
2008-08-08 00:14:55 0 d-------- C:\Windows\1F34839E48264B64B1B342E5AE8DEC5A.TMP
2008-07-30 11:50:06 0 d-------- C:\Program Files\CASIO
2008-07-30 11:50:05 15172 --a------ C:\Windows\system32\drivers\PzWDM.sys <Not Verified; Prassi Technology; PzWDM>
2008-07-30 11:49:57 413696 --a------ C:\Windows\system32\PICSDK.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-07-30 11:49:57 114688 --a------ C:\Windows\system32\EpPicPrt.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-07-30 11:49:57 91923 --a------ C:\Windows\system32\EPPICPrinterDB.dat
2008-07-30 11:49:57 27965 --a------ C:\Windows\system32\EPPICPresetData_JP.dat
2008-07-30 11:49:57 76956 --a------ C:\Windows\system32\EPPICPattern2.dat
2008-07-30 11:49:57 39121 --a------ C:\Windows\system32\EPPICPattern1.dat
2008-07-30 11:49:57 65536 --a------ C:\Windows\system32\EPPicMgr.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-07-30 11:47:59 0 d-------- C:\Program Files\HOTALBUMMyBOX


-- Find3M Report ---------------------------------------------------------------

2008-08-18 15:48:45 89246 --a------ C:\Users\Juampi\AppData\Roaming\nvModes.001
2008-08-18 10:01:34 0 d-------- C:\Users\Juampi\AppData\Roaming\Skype
2008-08-18 09:49:28 689618 --a------ C:\Windows\system32\perfh013.dat
2008-08-18 09:49:28 122796 --a------ C:\Windows\system32\perfc013.dat
2008-08-18 09:46:14 0 d-------- C:\Users\Juampi\AppData\Roaming\skypePM
2008-08-14 22:41:03 0 d-------- C:\Users\Juampi\AppData\Roaming\Malwarebytes
2008-08-13 17:21:51 0 d-------- C:\Program Files\Windows Mail
2008-08-13 17:17:08 0 d-------- C:\Users\Juampi\AppData\Roaming\Vso
2008-08-13 17:17:07 668 --a------ C:\Users\Juampi\AppData\Roaming\vso_ts_preview.xml
2008-08-13 12:08:58 166 --a------ C:\Users\Juampi\AppData\Roaming\default.pls
2008-08-13 10:06:56 0 d-------- C:\Users\Juampi\AppData\Roaming\Nero
2008-08-13 10:00:32 0 d-------- C:\Program Files\Common Files
2008-08-10 09:08:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-09 21:47:39 0 d-------- C:\Users\Juampi\AppData\Roaming\uTorrent
2008-07-30 11:49:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-11 22:00:57 0 d-------- C:\Program Files\Symantec
2008-07-10 11:52:58 174 --ahs---- C:\Program Files\desktop.ini
2008-07-04 20:08:55 34 --a------ C:\Users\Juampi\AppData\Roaming\pcouffin.log
2008-07-04 20:07:43 7887 --a------ C:\Users\Juampi\AppData\Roaming\pcouffin.cat
2008-07-04 20:07:37 0 d-------- C:\Program Files\VSO
2008-07-02 16:50:08 89246 --a------ C:\Users\Juampi\AppData\Roaming\nvModes.dat
2008-06-29 20:32:17 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-18 20:56:22 0 d-------- C:\Program Files\VistaCodecPack
2008-06-12 19:25:06 966656 --a------ C:\Windows\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
14-08-2008 21:30 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [14-08-2008 21:30 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03-09-2007 17:12]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" []
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" []
"Persistence"="C:\Windows\system32\igfxpers.ex e" []
"RtHDVCpl"="RtHDVCpl.exe" [06-07-2007 05:06 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [25-04-2007 16:33]
"Acer Tour"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [08-03-2007 04:38]
"BisonInst0402"="C:\Windows\BR040286.exe" [08-05-2007 21:48]
"SetPanel"="C:\Acer\APanel\APanel.cmd" []
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [11-06-2007 15:54]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [27-06-2007 11:15]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [24-05-2007 14:38]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [21-03-2007 14:00]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp. exe" [05-11-2006 22:48]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [06-06-2007 10:06]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [22-05-2007 15:49]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27-10-2006 01:47]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [10-10-2007 16:35]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [10-10-2007 16:35]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [10-10-2007 16:35]
"Adobe Version Cue CS2"="D:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [06-04-2005 17:53]
"Acrobat Assistant 7.0"="D:\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [14-12-2004 03:12]
"@"="" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29-01-2008 17:38]
"MBBalloon"="C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe" [30-11-2007 14:48]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08-06-2008 09:31]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [14-08-2008 21:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09-01-2008 23:56]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 12:34]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [12-11-2007 16:48]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [24-06-2008 16:06]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe

C:\Users\Juampi\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26-10-2006 20:24:54]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Snelle start.lnk - C:\Windows\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [28-1-2008 19:23:13]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16-3-2005 21:16:50]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [3-9-2007 17:41:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoFolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{392671a7-f58a-11dc-8d37-a1fe5f5febcf}]
Auto\Command- H:\TASKMON.EXE
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\TASKMON.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{392671ac-f58a-11dc-8d37-a1fe5f5febcf}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4d798e75-d1bb-11dc-9b78-d6cd25e375e9}]
AutoRun\command- F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6b5d43be-fb35-11dc-890c-daca9c348aa6}]
Auto\Command- G:\TASKMON.EXE
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\TASKMON.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7af1815a-a015-11dc-9011-001b385c8c7b}]
Auto\Command- G:\TASKMON.EXE
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\TASKMON.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{afc90d4d-a76a-11dc-b612-bb5bd34dbbd2}]
Setup\command- setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c25825aa-27e0-11dd-9ac5-af13aa92f595}]
Auto\Command- G:\TASKMON.EXE
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\TASKMON.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-18 16:53:31 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: Dutch

CPU 0: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 2045.39 MiB / 1124.94 MiB
Pagefile Memory (total/avail): 4305.01 MiB / 3013.69 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1901.31 MiB

C: is Fixed (NTFS) - 69.77 GiB total, 7.27 GiB free.
D: is Fixed (NTFS) - 69.52 GiB total, 42.1 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 9.76 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 69.77 GiB - C:
\PARTITION2 - Installable File System - 69.52 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AS: AVG Anti-Virus Free v8.0 (AVG Technologies) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Juampi\AppData\Roaming
ARCGISHOME=C:\Program Files\ArcGIS\
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JUANPABLO
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Juampi
LOCALAPPDATA=C:\Users\Juampi\AppData\Local
LOGONSERVER=\\JUANPABLO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\Sys tem32\Wbem;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
PYTHONPATH=C:\Program Files\ArcGIS\bin
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Juampi\AppData\Local\Temp
TMP=C:\Users\Juampi\AppData\Local\Temp
USERDOMAIN=JUANPABLO
USERNAME=Juampi
USERPROFILE=C:\Users\Juampi
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Juampi


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> Dummy
--> msiexec /I {236BB7C4-4419-42FD-0413-1E257A25E34D}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.EXE" -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Crystal Eye --> C:\Program Files\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x13 -removeonly
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x13 -removeonly
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x13 -removeonly
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x13 -removeonly
Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x13 -removeonly
Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x13 -removeonly
Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x13 -removeonly
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x13 -removeonly
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\fscommand\adobe cs2 nl\adobe creative suite 2.0/lang=0413
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugi n.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-551D-4478-9682-DBB587257110}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
ALPS Touch Pad Driver --> C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
ArcGIS Desktop --> MsiExec.exe /I{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}
ArcGIS License Manager --> C:\PROGRA~1\ESRI\License\arcgis9x\UNWISE32.EXE C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS~1.LOG "License Manager"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AutoCAD 2008 - English --> C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CODE Multimedia --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{841C8380-3273-407C-91CE-6C644F327E6A}\SETUP.EXE" -l0x13
Codec Pack - All In 1 6.0.3.0 --> C:\Windows\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
ConvertXtoDVD 3.1.1.32 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Dialang V1 Beta --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97DF4674-AB43-11D5-91C9-005004F84FA1}\Setup.exe" -l0x13
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dynasty --> "C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log"
Galapago --> "C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BF AOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
HOT ALBUM MYBOX --> C:\Program Files\HOTALBUMMyBOX\VUninst.exe /a
Huur- en zorgtoeslag 2008 --> C:\Program Files\Belastingdienst\Huur- en zorgtoeslag\2008\hz2008u.exe
Intel(R) Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Launch Manager --> C:\Windows\UnInst32.exe LManager.UNI
LimeWire PRO 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Luxor 2 --> "C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x13
Microsoft Office Access MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office Groove MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00BA-0413-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{A2A0A82F-025F-458d-A0CD-9BB2320804B5}
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Mystery Case Files - Prime Suspects --> "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\install.log"
Mystery Case Files Ravenhearst --> "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\install.log"
Nero 8 --> MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041043}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1043 CDM7
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenMG Limited Patch 4.7-07-14-05-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1 \IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PM Toolbox --> C:\PM Toolbox\uninstx.exe C:\PM Toolbox\PM Toolbox.log
PowerProducer 3.72 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
Python 2.4.1 --> C:\Python24\\Python24\UNWISE.EXE C:\Python24\\Python24\INSTALL.LOG
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x13 -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
SecureW2 TTLS Client 3.2.0 for Windows Vista --> C:\Program Files\SecureW2\SecureW2 TTLS Client\Uninstall.exe
Security Update for 2007 Microsoft Office System (KB951596) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951596) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for Microsoft Office Excel 2007 (KB951546) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office Excel 2007 (KB951546) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office PowerPoint 2007 (KB951338) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office PowerPoint 2007 (KB951338) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sentinel Protection Installer 7.2.2 --> MsiExec.exe /I{6DC0632A-A838-4B34-AC19-0FA18E1C533C}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SonicStage 4.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Star Defender 3 --> "C:\Program Files\Acer GameZone\Star Defender 3\Uninstall.exe" "C:\Program Files\Acer GameZone\Star Defender 3\install.log"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Sun Java Runtime Environment and JMF --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFA98080-B0C6-11D5-91CB-005004F84FA1}\Setup.exe" -l0x13
Symantec Technical Support Web Controls --> MsiExec.exe /X{9743AF47-B746-4324-B4C4-512E67D04370}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Treasures of the Deep --> "C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe" "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
Unreal Tournament G.O.T.Y. Edition --> C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Update for Outlook 2007 Junk Email Filter (kb955433) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {D9806966-6AA1-4B55-9528-6748E37CEE86}
Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\common\unyt.exe
Zuma Deluxe --> "C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type43754 / Error
Event Submitted/Written: 08/14/2008 10:12:10 PM
Event ID/Source: 5007 / WerSvc
Event Description:
Kan het doelbestand voor het Windows Feedback Platform (een dll-bestand dat de lijst met problemen op deze computer bevat waarvoor aanvullende gegevens moeten worden verzameld voor diagnose) niet parseren. Foutcode: 8014FFF9.

Event Record #/Type43745 / Success
Event Submitted/Written: 08/14/2008 10:10:08 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type43736 / Success
Event Submitted/Written: 08/14/2008 10:07:36 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type43733 / Success
Event Submitted/Written: 08/14/2008 10:07:29 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type43719 / Success
Event Submitted/Written: 08/14/2008 10:06:37 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
De Software Licensing-service is gestart.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type105479 / Warning
Event Submitted/Written: 08/14/2008 10:21:30 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JUANPABLO27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.

Zie voor meer informatie:
%JUANPABLO275

Scan-id: {CDFC56BE-9470-4EBF-84F8-04BA5D7589C9}

Gebruiker: JUANPABLO\Juampi

Naam: %JUANPABLO271

Id: %JUANPABLO272

Ernst-id: %JUANPABLO273

Categorie-id: %JUANPABLO274

Gevonden pad: %JUANPABLO276

Type waarschuwing: %JUANPABLO278

Type detectie: 1.1.1505.02

Event Record #/Type105478 / Warning
Event Submitted/Written: 08/14/2008 10:21:30 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JUANPABLO27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.

Zie voor meer informatie:
%JUANPABLO275

Scan-id: {5119E469-85CF-41D8-96B4-071473FFE0B8}

Gebruiker: JUANPABLO\Juampi

Naam: %JUANPABLO271

Id: %JUANPABLO272

Ernst-id: %JUANPABLO273

Categorie-id: %JUANPABLO274

Gevonden pad: %JUANPABLO276

Type waarschuwing: %JUANPABLO278

Type detectie: 1.1.1505.02

Event Record #/Type105477 / Warning
Event Submitted/Written: 08/14/2008 10:21:30 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JUANPABLO27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.

Zie voor meer informatie:
%JUANPABLO275

Scan-id: {D97F35FC-2DDB-4A07-A47C-BF6245AF81AA}

Gebruiker: JUANPABLO\Juampi

Naam: %JUANPABLO271

Id: %JUANPABLO272

Ernst-id: %JUANPABLO273

Categorie-id: %JUANPABLO274

Gevonden pad: %JUANPABLO276

Type waarschuwing: %JUANPABLO278

Type detectie: 1.1.1505.02

Event Record #/Type105476 / Warning
Event Submitted/Written: 08/14/2008 10:21:27 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JUANPABLO27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.

Zie voor meer informatie:
%JUANPABLO275

Scan-id: {C5D4EDD7-F4CC-4A8E-AEE8-07E1F644C731}

Gebruiker: JUANPABLO\Juampi

Naam: %JUANPABLO271

Id: %JUANPABLO272

Ernst-id: %JUANPABLO273

Categorie-id: %JUANPABLO274

Gevonden pad: %JUANPABLO276

Type waarschuwing: %JUANPABLO278

Type detectie: 1.1.1505.02

Event Record #/Type105475 / Warning
Event Submitted/Written: 08/14/2008 10:21:27 PM
Event ID/Source: 3004 / WinDefend

Event Description:
%JUANPABLO27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.

Zie voor meer informatie:
%JUANPABLO275

Scan-id: {50A55901-972A-4524-AA13-701D686356BF}

Gebruiker: JUANPABLO\Juampi

Naam: %JUANPABLO271

Id: %JUANPABLO272

Ernst-id: %JUANPABLO273

Categorie-id: %JUANPABLO274

Gevonden pad: %JUANPABLO276

Type waarschuwing: %JUANPABLO278

Type detectie: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-08-14 22:24:12 ------------


;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-08-18 16:44:25
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Windows Defender 1.1.1603.0 No No
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Microsoft\Windows\ Cookies\juampi@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Microsoft\Windows\ Cookies\juampi@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.tribalfusion.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.clickbank.net/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Microsoft\Windows\ Cookies\juampi@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.burstnet.com/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Microsoft\Windows\ Cookies\Low\juampi@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.weborama.fr/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Microsoft\Windows\ Cookies\juampi@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.zedo.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.adrevolver.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[searchportal.information.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Juampi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0rc0r70u.default\cookies.txt[.atwola.com/]
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location �<�X�s5[
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description �<�X�s5[
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================


Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 6.0.6000

11:32:12 18-8-2008
mbam-log-08-18-2008 (11-32-12).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 199265
Time elapsed: 1 hour(s), 20 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\bm0fd3269d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\0ce01501 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\awo wrsvn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\bax mtdgn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\jja tuhng.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\KEY GEN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\ljJ AQGyA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\obs btwpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\plj oephb.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\pnt seoxr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\tdr tlbkh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\tmp 00019839 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\uaa awdqo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\tmp 0001e2b0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\tmp 0003fb2f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\tmp 00043e28 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\vtw iwnmb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\wbo tvdha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Juampi\AppData\Local\Temp\wfa rxtkg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Juampi\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\1K805HDN\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\ACER\Install_Flash_Player_9_AX_9.0.28.0 .exe (BHO.Baidu) -> Quarantined and deleted successfully.

[PhilliePhan]

Thank you for your help.

Hi JP,

Happy to try to help.

I do not see much in the logs. Looks like MBA-M removed the Vundo that AVG detected.

-- You should Go and Update your Java here ---> http://www.java.com/en
--> Please note that, before updating your Sun Java, you MUST remove ALL older versions that may be on your machine or you will still be vulnerable to some exploits/weaknesses such as VUNDO which may target and force execution on older runtime environments.
-- Do this by going into Add or Remove Programs and removing any versions that differ from the current version listed at the Java site. They may look similar to the following:
Java 2 Runtime Environment SE v1.4.2.06
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2

Then, run ATFCleaner again as directed in the "Read Me First" post. This will flush the Java Cache, among other things.

-- Also, you should Update your Windows Defender. Use that for "real time" protection and keep MBA-M on hand for "on demand" scanning like you just did.

-- How are things working now after running Malwarebyte's Anti-Amlware?

PP

[Juan Pablo Lopez]

-- How are things working now after running Malwarebyte's Anti-Amlware?

PP

Hi PP!!!

It works beter!!

Thank you very much for your help. My computer is clean!... I've performed a full scan a couple of hours ago and nothing is infected!...

My last question: I've uninstalled older versions of JAVA and installed the new version in that link (the one u gave me). I have some troubles with youtube.. I cant watch videos... Is there a problem with the JAVA??

Well... thank you again

JP

[PhilliePhan]

My last question: I've uninstalled older versions of JAVA and installed the new version in that link (the one u gave me). I have some troubles with youtube.. I cant watch videos... Is there a problem with the JAVA??
Well... thank you again

Hi JP,

Happy to help

-- The new Java (if it is running properly) should not be the cause of any problems. And, as I mentioned in last post, you really need to keep it updated to help avoid further Vundo infections.

-- Do you get an error message?

-- Maybe update your Flash Player?

Sometimes the issue is on YouTube's end and they get it sorted pretty quickly. Do you have the same problem on other video sites?

PP

[Juan Pablo Lopez]

Hi JP,

Happy to help

-- The new Java (if it is running properly) should not be the cause of any problems. And, as I mentioned in last post, you really need to keep it updated to help avoid further Vundo infections.

-- Do you get an error message?

-- Maybe update your Flash Player?

Sometimes the issue is on YouTube's end and they get it sorted pretty quickly. Do you have the same problem on other video sites?

PP

Hi PP,

Well, I don't have any problems with other video sites.. only youtube. I was using facebook and I wanted to upload some fotos, but I've got the following message

"To use our full-featured photo uploader on Firefox on Microsoft Vista, you must have the latest version of the Java plug-in.

(Versions of Java older than 1.6.0_07 will cause Firefox to freeze.)"

A little bit weard.. or not?

JP

[PhilliePhan]

"To use our full-featured photo uploader on Firefox on Microsoft Vista, you must have the latest version of the Java plug-in.
(Versions of Java older than 1.6.0_07 will cause Firefox to freeze.)"
A little bit weard.. or not?

That is indeed odd.. . . .

You should double-check that you have everything installed properly and enabled.

Make sure your Firefox plugin is in order as well.

This version of Java should not be the cause of the problem. Especially if other sites are not affected....

PP