Computer Hope
Software => Computer viruses and spyware => Topic started by: S.C. King on October 26, 2009, 09:29:21 PM
-
O.K. 1. THERE IS NO SHORTCUTS TO F- SECURE INTERNET SECURITY 2010 ON MY DESKTOP.
2. IT IS NOT LISTED IN MY START MENU
3. IT'S NOT LISTED UNDER THE ADD & REMOVE PROGRAMS
PROBLEM
IT IS STILL LISTED AS MY VIRUS PROTECTION ACCORDING TO MY SECURITY CENTER...
LOGS
Super Anti SPyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/26/2009 at 11:06 PM
Application Version : 4.29.1004
Core Rules Database Version : 4196
Trace Rules Database Version: 2107
Scan type : Complete Scan
Total Scan Time : 01:03:30
Memory items scanned : 425
Memory threats detected : 0
Registry items scanned : 6743
Registry threats detected : 0
File items scanned : 57877
File threats detected : 4
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Trojan.Dropper/Gen
C:\ASRAPI2\BIN\WINRECDS.EXE
Trojan.Agent/Gen-Keygen
C:\PROGRAM FILES\SUPERANTISPYWARE\CM-BIZNATCH-SAS-ATOTHEC\KEYGEN.EXE
Malwarebytes' Anti-Malware (MBAM)
Malwarebytes' Anti-Malware 1.41
Database version: 3037
Windows 5.1.2600 Service Pack 2
10/26/2009 11:27:48 PM
mbam-log-2009-10-26 (23-27-48).txt
Scan type: Quick Scan
Objects scanned: 4488
Time elapsed: 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:23 AM, on 10/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://www.google.com/diskless/bin/tgctlcm.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimatebaseballonline.com/myubo/launchubo.OCX
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security ,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security ,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 9481 bytes
-
any suggestions?
-
any suggestions?
Yea. Don't use cracked software. Get rid of ALL of the cracks and then let me know what's going on.
-
yah THATS WHAT I AM TRYING TO DO... GET RID OF THIS PROGRAM... I'M DONE MESSING WITH CRACKED PROGRAMS...
-
Download Lop S&D by Eric_71 (http://eric.71.mespages.googlepages.com/LopSD.exe) and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista
Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.
- Choose the language by typing of the corresponding letter and press Enter
- Click OK at the informative window
- Type 1, to choose Option 1 (Search) then press Enter
- Wait until the end of the scan
- A report will be generated, post the contents of it in your next reply.
A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt
-
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : mobile AMD Athlon(tm) XP-M 2400+ )
BIOS : Default System BIOS
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : F-Secure Internet Security 2010 10.00 10.00 (Activated)
Firewall : F-Secure Internet Security 2010 10.00 10.00 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:17 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Tue 10/27/2009|16:17 )
--------------------\\ Listing folders in APPLIC~1
[10/26/2009|04:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[04/22/2008|09:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla
[04/22/2008|09:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Talkback
[09/15/2009|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[09/18/2009|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {755AC846-7372-4AC8-8550-C52491DAA8BD}
[04/09/2009|02:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[09/15/2009|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {A613CA96-150A-4A1D-90CE-67F81379DF8C}
[05/25/2009|04:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[05/25/2009|04:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {D5ABFFAD-D592-4F98-B02B-587125B4801F}
[03/27/2008|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> 1Click DVD Copy
[05/20/2008|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[10/28/2007|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[08/11/2007|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[02/28/2007|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[10/26/2009|04:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[02/20/2007|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[10/26/2009|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DriverScanner
[05/03/2008|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[05/25/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EmailNotifier
[10/26/2009|04:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> f-secure
[08/13/2009|08:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> fssg
[09/08/2007|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[03/16/2008|08:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[07/29/2009|01:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[10/03/2008|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Megaupload
[03/26/2009|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[07/09/2009|11:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[09/07/2007|09:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Mozilla
[02/28/2007|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MumboJumbo
[05/17/2009|06:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[12/01/2008|09:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Norton
[12/01/2008|08:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller
[08/13/2009|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[03/02/2007|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayFirst
[02/28/2007|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[07/13/2009|05:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[05/26/2008|01:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[05/25/2008|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[07/13/2009|03:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[05/19/2008|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TuneUp Software
[03/09/2009|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> vsosdk
[02/20/2007|07:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[03/10/2007|05:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Live Toolbar
[08/13/2009|08:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[05/07/2009|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!
[07/18/2009|05:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion
[03/01/2007|07:01] C:\DOCUME~1\APPLIC~1\APPLIC~1\<DIR> Microsoft
[02/20/2007|05:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[10/26/2009|04:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[07/13/2009|04:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore
[11/27/2008|12:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Adobe
[11/27/2008|12:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia
[10/26/2009|04:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[01/03/2009|07:35] C:\DOCUME~1\Owner\APPLIC~1\<DIR> 2K Sports
[01/13/2009|06:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[11/01/2007|06:12] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ahead
[09/19/2009|07:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[08/13/2007|05:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> BonkEnc
[02/24/2007|11:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> CyberLink
[10/28/2007|10:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DatPiff
[01/02/2009|11:12] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DivX
[05/13/2009|08:35] C:\DOCUME~1\Owner\APPLIC~1\<DIR> dvdcss
[10/03/2008|10:13] C:\DOCUME~1\Owner\APPLIC~1\<DIR> EmailNotifier
[08/13/2009|08:27] C:\DOCUME~1\Owner\APPLIC~1\<DIR> f-secure
[09/07/2007|08:34] C:\DOCUME~1\Owner\APPLIC~1\<DIR> GetRightToGo
[03/05/2007|09:02] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[04/25/2007|07:41] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[10/07/2007|04:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Kutchka
[08/02/2008|06:10] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lavasoft
[03/02/2007|11:38] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[03/16/2008|08:45] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[01/03/2009|08:56] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Media Player Classic
[10/26/2009|04:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[06/04/2009|08:51] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Move Networks
[08/01/2008|12:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[03/01/2007|07:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MySpace
[05/17/2009|06:37] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Nero
[02/18/2008|08:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> OpenOffice.org2
[08/01/2008|12:59] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Participatory Culture Foundation
[08/01/2008|01:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> PCF-VLC
[11/03/2007|06:03] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Pegasys Inc
[03/02/2007|12:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> PlayFirst
[10/28/2007|10:37] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Simple Star
[08/05/2009|06:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Simply Super Software
[10/28/2007|10:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Snapfish
[02/20/2007|07:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[10/26/2009|09:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SUPERAntiSpyware.com
[09/07/2007|09:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Talkback
[06/01/2008|12:02] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Thinstall
[05/19/2008|10:25] C:\DOCUME~1\Owner\APPLIC~1\<DIR> TuneUp Software
[05/25/2009|04:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Uniblue
[08/13/2007|05:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Unwiredtec
[10/26/2009|04:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> uTorrent
[01/02/2009|05:30] C:\DOCUME~1\Owner\APPLIC~1\<DIR> vlc
[10/26/2009|06:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Vso
[05/19/2008|10:46] C:\DOCUME~1\Owner\APPLIC~1\<DIR> WinRAR
[05/07/2009|10:07] C:\DOCUME~1\Owner\APPLIC~1\<DIR> yahoo!
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[10/23/2009 10:16 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/27/2009 04:00 PM][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job
[10/27/2009 03:16 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[04/24/2008|04:55] C:\Program Files\<DIR> 01-mp3search
[01/03/2009|01:13] C:\Program Files\<DIR> Adobe
[05/20/2008|09:08] C:\Program Files\<DIR> Adobe Media Player
[05/17/2009|06:17] C:\Program Files\<DIR> Ahead
[07/29/2009|01:10] C:\Program Files\<DIR> Alwil Software
[08/17/2008|01:21] C:\Program Files\<DIR> AnMing
[09/07/2007|08:58] C:\Program Files\<DIR> AoA DVD Ripper
[04/09/2009|02:13] C:\Program Files\<DIR> Apple Software Update
[10/26/2009|04:33] C:\Program Files\<DIR> Audacity
[12/01/2008|10:33] C:\Program Files\<DIR> AVG
[12/01/2008|05:34] C:\Program Files\<DIR> BFG
[04/09/2009|01:59] C:\Program Files\<DIR> Bonjour
[10/26/2009|05:21] C:\Program Files\<DIR> CCleaner
[07/29/2009|01:13] C:\Program Files\<DIR> Common Files
[02/20/2007|05:08] C:\Program Files\<DIR> ComPlus Applications
[03/03/2009|12:35] C:\Program Files\<DIR> Cucusoft
[02/20/2007|07:00] C:\Program Files\<DIR> CyberLink
[04/22/2007|06:45] C:\Program Files\<DIR> DIFX
[01/03/2009|02:30] C:\Program Files\<DIR> DivX
[07/17/2009|04:35] C:\Program Files\<DIR> DivxAccess
[09/07/2007|08:32] C:\Program Files\<DIR> FLV Player
[10/26/2009|04:26] C:\Program Files\<DIR> F-Secure
[08/02/2008|07:24] C:\Program Files\<DIR> Grisoft
[03/16/2007|08:40] C:\Program Files\<DIR> Illustrate
[05/13/2007|05:39] C:\Program Files\<DIR> Image-Line
[06/04/2009|02:53] C:\Program Files\<DIR> InstallShield Installation Information
[04/23/2008|05:48] C:\Program Files\<DIR> InterActual
[10/27/2009|03:03] C:\Program Files\<DIR> Internet Explorer
[10/26/2009|04:36] C:\Program Files\<DIR> iPod
[10/26/2009|04:36] C:\Program Files\<DIR> iPod(2)
[10/26/2009|04:36] C:\Program Files\<DIR> iTunes
[10/26/2009|04:36] C:\Program Files\<DIR> iTunes(2)
[10/27/2009|07:37] C:\Program Files\<DIR> Java
[01/03/2009|08:54] C:\Program Files\<DIR> K-Lite Codec Pack
[10/07/2007|04:31] C:\Program Files\<DIR> Kutchka
[04/19/2007|07:43] C:\Program Files\<DIR> Lexmark X5100 Series
[10/26/2009|11:26] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/15/2008|03:16] C:\Program Files\<DIR> Messenger
[03/02/2008|04:14] C:\Program Files\<DIR> Microsoft ActiveSync
[02/20/2007|05:12] C:\Program Files\<DIR> microsoft frontpage
[11/16/2008|09:12] C:\Program Files\<DIR> Microsoft Office
[11/17/2008|12:19] C:\Program Files\<DIR> Microsoft Visual Studio
[10/07/2007|05:06] C:\Program Files\<DIR> Microsoft Visual Studio 8
[11/16/2008|09:12] C:\Program Files\<DIR> Microsoft Works
[10/07/2007|05:08] C:\Program Files\<DIR> Microsoft.NET
[02/20/2007|05:09] C:\Program Files\<DIR> Movie Maker
[10/27/2009|04:05] C:\Program Files\<DIR> Mozilla Firefox
[04/08/2007|10:43] C:\Program Files\<DIR> MP4 to MP3 Converter
[05/12/2009|12:23] C:\Program Files\<DIR> MSBuild
[10/26/2009|04:37] C:\Program Files\<DIR> MSECache
[04/18/2008|12:44] C:\Program Files\<DIR> MSN Games
[02/20/2007|05:07] C:\Program Files\<DIR> MSN Gaming Zone
[11/14/2008|04:08] C:\Program Files\<DIR> MSXML 4.0
[11/14/2008|05:16] C:\Program Files\<DIR> MSXML 6.0
[05/17/2009|06:33] C:\Program Files\<DIR> Nero
[05/17/2009|06:38] C:\Program Files\<DIR> NeroInstall.bak
[04/17/2007|08:22] C:\Program Files\<DIR> NETAMIN
[02/20/2007|05:09] C:\Program Files\<DIR> NetMeeting
[08/13/2009|07:56] C:\Program Files\<DIR> NOS
[12/02/2008|04:30] C:\Program Files\<DIR> On-line Help Console
[02/20/2007|05:10] C:\Program Files\<DIR> Online Services
[04/24/2008|08:55] C:\Program Files\<DIR> OpenOffice.org 2.0
[08/13/2009|03:10] C:\Program Files\<DIR> Outlook Express
[01/14/2008|09:24] C:\Program Files\<DIR> Paprikari
[08/01/2008|12:59] C:\Program Files\<DIR> Participatory Culture Foundation
[09/18/2009|04:28] C:\Program Files\<DIR> QuickTime
[06/04/2009|02:53] C:\Program Files\<DIR> RadarSync PC Updater
[02/20/2007|07:24] C:\Program Files\<DIR> Reference Assemblies
[05/19/2008|06:25] C:\Program Files\<DIR> RegistryFix
[09/07/2007|08:44] C:\Program Files\<DIR> Replay Converter
[09/07/2007|08:45] C:\Program Files\<DIR> Replay Media Catcher
[08/13/2007|05:32] C:\Program Files\<DIR> Ringtone Ripper
[06/04/2009|02:53] C:\Program Files\<DIR> SiS VGA Utilities V3.73
[05/26/2008|03:05] C:\Program Files\<DIR> sisagp
[02/20/2007|05:31] C:\Program Files\<DIR> SiSLan
[01/28/2008|10:01] C:\Program Files\<DIR> Sony Setup
[05/26/2008|01:17] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/01/2007|05:52] C:\Program Files\<DIR> Super DVD Creator 9.30
[10/26/2009|09:58] C:\Program Files\<DIR> SUPERAntiSpyware
[04/12/2009|01:07] C:\Program Files\<DIR> Total Video Converter
[03/06/2009|01:06] C:\Program Files\<DIR> Trend Micro
[10/26/2009|11:18] C:\Program Files\<DIR> Trojan Remover
[08/23/2008|12:08] C:\Program Files\<DIR> TuneUp Utilities 2008
[05/25/2009|04:36] C:\Program Files\<DIR> Uniblue
[02/20/2007|05:18] C:\Program Files\<DIR> Uninstall Information
[04/20/2009|04:58] C:\Program Files\<DIR> uTorrent
[10/15/2008|07:35] C:\Program Files\<DIR> Veetle
[01/02/2009|05:15] C:\Program Files\<DIR> VideoLAN
[03/08/2009|09:17] C:\Program Files\<DIR> VSO
[03/27/2008|10:57] C:\Program Files\<DIR> VstPlugins
[08/01/2009|11:18] C:\Program Files\<DIR> WinAVI Video Converter 9.0
[10/26/2009|04:36] C:\Program Files\<DIR> Windows Installer Clean Up
[05/15/2008|11:32] C:\Program Files\<DIR> Windows Live Toolbar
[12/19/2008|08:28] C:\Program Files\<DIR> Windows Media Connect 2
[12/19/2008|08:28] C:\Program Files\<DIR> Windows Media Player
[02/20/2007|05:07] C:\Program Files\<DIR> Windows NT
[02/20/2007|05:10] C:\Program Files\<DIR> WindowsUpdate
[05/19/2008|10:46] C:\Program Files\<DIR> WinRAR
[01/02/2009|02:05] C:\Program Files\<DIR> WinZip
[02/20/2007|05:12] C:\Program Files\<DIR> xerox
[05/14/2009|07:47] C:\Program Files\<DIR> Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[05/20/2008|09:09] C:\Program Files\Common Files\<DIR> Adobe
[05/20/2008|09:08] C:\Program Files\Common Files\<DIR> Adobe AIR
[05/17/2009|06:17] C:\Program Files\Common Files\<DIR> Ahead
[10/26/2009|04:36] C:\Program Files\Common Files\<DIR> Apple
[04/22/2007|06:45] C:\Program Files\Common Files\<DIR> ComponentOne
[11/17/2008|12:19] C:\Program Files\Common Files\<DIR> DESIGNER
[03/16/2008|08:45] C:\Program Files\Common Files\<DIR> Download Manager
[02/20/2007|07:00] C:\Program Files\Common Files\<DIR> InstallShield
[08/03/2008|12:12] C:\Program Files\Common Files\<DIR> Java
[12/03/2008|04:05] C:\Program Files\Common Files\<DIR> Microsoft Shared
[02/20/2007|05:09] C:\Program Files\Common Files\<DIR> MSSoap
[05/17/2009|06:34] C:\Program Files\Common Files\<DIR> Nero
[02/20/2007|11:49] C:\Program Files\Common Files\<DIR> ODBC
[02/20/2007|05:09] C:\Program Files\Common Files\<DIR> Services
[02/20/2007|11:49] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/04/2009|04:10] C:\Program Files\Common Files\<DIR> Symantec Shared
[12/03/2008|10:41] C:\Program Files\Common Files\<DIR> System
[10/26/2009|09:57] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
--------------------\\ Process
( 46 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
No Lop folder found !
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 16:19:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
No other infections found !
[F:30][D:6]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:9][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:148][D:4]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Mon 01/05/2009|22:13 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Mon 01/05/2009|22:38 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - Sat 03/07/2009| 0:41 - Option : [1]
4 - "C:\Lop SD\LopR_4.txt" - Tue 10/27/2009|16:20 - Option : [1]
--------------------\\ Scan completed at 16:20:01
-
Visit here. F-Secure Uninstallation tool http://support.f-secure.com/enu/corporate/downloads/removeav.shtml
Let me know how that goes.
-
the download file ain't working... *UITool3-420.zip* is there an alternative link to download this program?
-
Now run a scan with MGtools and attach the log. Using MGtools (http://forums.majorgeeks.com/showthread.php?t=137630)
Just download the file to your desktop and double click it to run it. It will create a .zip file with the logs that you will need to attach in your reply.
-
attached in 3 different post
[Saving space, attachment deleted by admin]
-
2nd post of 3
[Saving space, attachment deleted by admin]
-
Userinfo.txt
d-----w 0 2009-10-26 08:37:16 C:\Documents and Settings\Administrator
d-----w 0 2007-02-20 23:34:06 C:\Documents and Settings\All Users
d-----w 0 2009-07-29 05:00:20 C:\Documents and Settings\Application Data
d--h--w 0 2009-08-16 07:04:40 C:\Documents and Settings\Default User
d-sh--w 0 2009-10-26 08:37:16 C:\Documents and Settings\LocalService
d-sh--w 0 2009-10-26 08:37:16 C:\Documents and Settings\NetworkService
d-----w 0 2009-10-27 07:14:51 C:\Documents and Settings\Owner
Entries: 7 (4)
Directories: 7 Files: 0
Bytes: 0 Blocks: 0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1614895754-1454471165-839522115-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Owner
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1614895754-1454471165-839522115-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator
[Saving space, attachment deleted by admin]
-
Go to Start > Run and copy/paste this into the window then click OK.
C:\Program Files\F-Secure\Uninstall\fsuninst.exe
-
i tried that and a box popped up saying
The Uninstaller
Run uninstallation from Add/Remove Programs in Control Panel
-
Download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) to your desktop.
Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator.
* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)
:Processes
explorer.exe
:services
F-Secure Gatekeeper Handler Starter
FSDFWD
FSMA
FSORSPClient
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"F-Secure Manager"=-
"F-Secure TNB"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Anti-Spyware Scanner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Anti-Virus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Anti-Virus Client Security Installer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Automatic Update Agent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure DAAS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure DAAS2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Diagnostics]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure E-mail Scanning]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure ExploitShield]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure FWES]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Gadget]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure GateKeeper Interface]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Gemini]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure GUI]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Help]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure HIPS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Internet Shield]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure ISP News]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Localization API]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Management Agent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure NRS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure ORSP Client]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Protocol Scanner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Spam Control]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Spam Scanner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure TNB]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Uninstall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Web Filter]
:files
C:\Documents and Settings\Owner\Application Data\f-secure
C:\Documents and Settings\All Users\Application Data\F-Secure
C:\Program Files\F-Secure
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
* Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.
-
Umm...evil? Sorry to barge in, but -
the download file ain't working... *UITool3-420.zip* is there an alternative link to download this program?
-
Yea. I tried it also and am trying to figure out an alternate link or if that one will be active again.
-
Well, found it. ftp://ftp.f-secure.com/support/tools/uitool/uitool3.zip
Still though, the instructions I gave will do the same thing as the removal tool. Maybe even more since I included the program folders also.
-
what ever you had me do yesterday like shut my internet down... i had to have my internet service provider come out here and it took them almost an hour to get my e-net back working... they said like i totally shut down the fire wall and stuff...
so any new suggestions???
-
ftp://ftp.f-secure.com/support/tools/uitool/uitool3.zip
-
i just tried that and its doing the same thing as the other link... no working
-
Try this one. ftp://ftp.f-secure.com/anti-virus/tools/removal/uninst23.zip
-
its doing the same thing... as the link above
-
Here...
[Saving space, attachment deleted by admin]
-
it said the unistaller could not find an exsisting Installation of F-Secure Anti-Virus
-
Your f-secure must be removed then for some reason...maybe you could use your disks or whatever to re-install it (only if Evil says it is fine).
-
FREE 30-Day Trial Versions for Home & Home Office Products - http://www.f-secure.com/en_EMEA/downloads/trial-versions/
Install it.
Uninstall it.
-
ok i tried that and about half way threw the installation it said
"It was not possible to install the product, because some programs could not be removed automatically. Please remove the folloing programs and try again"
and then it took me to add/remove programs but f-secure isn't there
-
Try the Windows Installer CleanUp Utility - http://download.microsoft.com/download/e/9/d/e9d80355-7ab4-45b8-80e8-983a48d5e1bd/msicuu2.exe
-
alright i install it... what now?
-
Open it and look for any f-secure entries and remove them.
-
When you tried to install f-secure from my link did it give you an option to uninstall instead of install?
-
When you tried to install f-secure from my link did it give you an option to uninstall instead of install?
No it only ask me to install.... & i removed what one f-secure thing i seen in the windows cleaner thing but it iz still listed az my "Virus Protection"
-
but it iz still listed az my "Virus Protection"
Listed where?
Try the OPSWAT AppRemover (http://www.appremover.com/)
AppRemover enables you to thoroughly uninstall security applications such as antivirus and antispyware from your computer.
-
nope only things it ask me did i want to unistall were malawarebytes and superantispyware...
but when i say its still listed as my virus protection i mean when i click on
start: control panel: Security Center: & it says F-Secure Iz My Virus Protection
-
Download, unzip and run Process Explorer (http://majorgeeks.com/Process_Explorer_d4566.html)
* Locate the folder where you extracted the downloaded file, and then double-click procexp.exe
* Wait for the list to populate.
* In the Process Explorer window, click File and then click Save
* Enter a name for the file such as Process Explorer and then click Save.
* Save it to your desktop so you can easily find it.
* Copy and paste the log in your next reply.
-
Process PID CPU Description Company Name
System Idle Process 0 96.88
Interrupts n/a Hardware Interrupts
DPCs n/a 1.56 Deferred Procedure Calls
System 4
smss.exe 404 Windows NT Session Manager Microsoft Corporation
csrss.exe 468 Client Server Runtime Process Microsoft Corporation
winlogon.exe 492 Windows NT Logon Application Microsoft Corporation
services.exe 536 Services and Controller app Microsoft Corporation
svchost.exe 708 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 756 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 820 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 2524 Windows Update Microsoft Corporation
svchost.exe 860 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1028 Generic Host Process for Win32 Services Microsoft Corporation
LEXBCES.EXE 1364 LexBce Service Lexmark International, Inc.
LEXPPS.EXE 1404 LEXPPS.EXE Lexmark International, Inc.
spoolsv.exe 1388 Spooler SubSystem App Microsoft Corporation
svchost.exe 1816 Generic Host Process for Win32 Services Microsoft Corporation
AppleMobileDeviceService.exe 1896 Apple Mobile Device Service Apple Inc.
mDNSResponder.exe 1916 Bonjour Service Apple Inc.
jqs.exe 176 Java(TM) Quick Starter Service Sun Microsystems, Inc.
NBService.exe 196 Nero BackItUp Nero AG
IoctlSvc.exe 216 PLFlash DeviceIoControl Service Prolific Technology Inc.
svchost.exe 328 Generic Host Process for Win32 Services Microsoft Corporation
NMIndexingService.exe 1188 Nero Home Nero AG
iPodService.exe 1588 iPodService Module (32-bit) Apple Inc.
alg.exe 2108 Application Layer Gateway Service Microsoft Corporation
lsass.exe 548 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1232 Windows Explorer Microsoft Corporation
GrooveMonitor.exe 1700 GrooveMonitor Utility Microsoft Corporation
jusched.exe 1708 Java(TM) Platform SE binary Sun Microsystems, Inc.
jucheck.exe 2336 Java(TM) Update Checker Sun Microsystems, Inc.
iTunesHelper.exe 1780 iTunesHelper Module Apple Inc.
ctfmon.exe 1788 CTF Loader Microsoft Corporation
NMIndexStoreSvr.exe 1824 Nero Home Nero AG
sistray.exe 1868 SiS Compatible Super VGA Tray Application Silicon Integrated Systems Corporation
firefox.exe 2260 Firefox Mozilla Corporation
procexp.exe 868 1.56 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
-
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
- R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
- R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
- O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
- O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
- O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
- O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
- O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security ,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security ,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security
.
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
----------
If you already have ComboFix be sure to delete it and download a new copy.
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://www.forospyware.com/sUBs/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
DO NOT run it yet!
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Driver::
F-Secure Gatekeeper Handler Starter
FSDFWD
FSMA
FSORSPClient
Folder::
C:\Program Files\F-Secure
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
Ok I Did What You Said With HiJackThis but when i waz about to run ComboFix a Box Popped Up Saying:
ComboFix has detected the following real time scanner(s) to be active:
antivirus: F-Secure Internet Security 2010 10.00
Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible maching damage. Please disable these scanners before clicking 'OK'.
So I Didn't Do ComboFix... So Should I Go Ahead & DO It???
-
Download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) to your desktop.
Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator.
* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)
:Processes
explorer.exe
:services
F-Secure Gatekeeper Handler Starter
FSDFWD
FSMA
FSORSPClient
:Commands
[purity]
[emptytemp]
[start explorer]
* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
* Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.
----------
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Folder::
C:\Program Files\F-Secure
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript and drop it into ComboFix.
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
I DId Everything WIth OTM Old TYmer But Got The Same Message Again When Trying To Use Combo Fix... Heres The Log From OTM though (I ALSO HAD TO RUN OTM TWICE CUZ WHEN I TRIED COMBO FIX IT SHUT DOWN MY E-NET... SO I JUST REPEATED STEP 1 WITH OTM TWICE:
All processes killed
Error: Unable to interpret <explorer.exe> in the current context!
========== SERVICES/DRIVERS ==========
Service\Driver F-Secure Gatekeeper Handler Starter not found.
Service\Driver F-Secure Gatekeeper Handler Starter not found.
Service\Driver FSDFWD not found.
Service\Driver FSDFWD not found.
Service\Driver FSMA not found.
Service\Driver FSMA not found.
Service\Driver FSORSPClient not found.
Service\Driver FSORSPClient not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: All Users
User: Application Data
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Owner
->Temp folder emptied: 726604 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9457154 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 9.78 mb
OTM by OldTimer - Version 3.0.0.6 log created on 10302009_230906
Files moved on Reboot...
Registry entries deleted on Reboot...
-
You just need to let ComboFix continue on.
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Driver::
F-Secure Gatekeeper Handler Starter
FSDFWD
FSMA
FSORSPClient
Folder::
C:\Program Files\F-Secure
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
Attached Below:
[Saving space, attachment deleted by admin]
-
You also had a lot of malware.
Now, go to Start > Run, and copy/paste the following into the Open box (one line at a time) then Click OK after each.
sc config fsbts start= disabled
sc stop fsbts
sc delete fsbts
----------
Go to Start > Run and type Notepad.exe then click OK.
Copy and paste the following text within the code box into the new Notepad file.
@ECHO OFF
net stop winmgmt
cd /d %windir%\system32\wbem
ren repository repository.old
net start winmgmt
exit
In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixsecurity.bat making sure that the Save as type field says All files.
Next double click fixsecurity.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.
----------
How is everything now?
-
everything looks good but when i go to Start > Control Panel > Security Center it says
The Security Center is Currently Unavailable because the "Security Center" service has not started or was stopped. Please close this window, restart the computer (or start the :Security Center" service), and then open the Security Center again.
-
And a restart didn't solve it?
Click on Start, then Run, type in services.msc then click OK.
When the page comes up, on the far right scroll down the list and doubleclick on Security Center.
Where it says Startup, set it to Automatic. Just below that you will see the word "Start," click on that and then click OK. Restart your computer and your Service Center should be active.
-
THANKS>>> I Just Restarted It & Its Gone!!!
Is There Anything Else I Need To Do?
-
Yes. Finish up.
1. Double click OTM to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTM will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTM.
----------
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
.
.
The above procedure will:- Delete: ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
-
alright thanks again
-
Your welcome.
-
do you know anything about Dvd Burners Cuz Now Mines Isn't Working???
-
You mean the built in hardware?
What kind of computer?
-
yah the built in hardware & it says CD or Computer DIrect
-
Try posting in the hardware forum