PDA

View Full Version : I've Got teh Desktop Defender 2010



Team Metal
2010-01-05, 08:52
I have Desktop Defender 2010.

I was browsing the internet (OK it was porn) about a week ago when a program asked it's permission to run. Being the wiley internet browser I am, I denied it. A few minutes later I decide to work on a paper, so I open Microsoft Works. It asks me permission to open wkswp.exe. I Google it and it turns out to be Works, so I allow it. A moment after opening it, I realize the publisher was unknown and not Microsoft. It seems it was designed to be named after the next program which is opened to trick you into thinking it is legitimate. I considered myself tricked.

Especially after resetting my computer, the typical symptoms kicked in. A large window appears when windows starts that prompts you to buy their bogus software, which you can't exit from. After some rigorous task managing, I was able to browse for some anti virus software. Most searches bought me to sites which were just as seedy as Desktop Defender 2010. I tried PCTools Spyware Doctor, but after detecting it, it prompted me to buy their software (F that.) I might have tried Mcafee, which was already installed, or might have just assumed it was worthless. I then remembered Spybot S&D's reputation as 'the people's antivirus,' so I downloaded that and had it scan. It detected Desktop Defender 2010 and fixed most of it. It said more files had to be taken care of after a restart, so I restarted. I can't remember what it did after the restart, but afterwards I scanned a couple times and it found nothing. However, there are still some symptoms!

The really intrusive one at the beginning is gone. However, after a minute, a popup appears and grays out the background. If I X out of it, it gives me a threatening dialogue box followed by another. This gives me about a minute before the next one pops up, which is usually larger. I do the same process until a different kind of popup appears. This one is most convincingly like the legitimate windows security center and also allows me to drag it out of the way and continue my work. It also stops the onslaught of popups allowing me to use my computer relatively efficiently. The one exception is the constant balloon popping up from the taskbar from what appears to be a legitimate Windows Security Center icon, telling me the firewall is down, automatic updates are not on, and antivirus is not working. Clicking this usually leads me to the security center which says all of these are on. This is just confusing.

I tried the manual removal guide (http://forums.spybot.info/showthread.php?t=53362&highlight=desktop+defender+2010) and still have symptoms. I can provide more information upon request. Thanks for your help!

Team Metal
2010-01-05, 11:16
It seems I have fixed the problem.

I bit the bullet and used the uninstall guide by bleeping computer:
http://www.bleepingcomputer.com/virus-removal/remove-desktop-defender-2010

I was hesitant at first because Malwarebytes might have just been more Malware, but it seems legit. I started the scan and it got stuck on C:\Users\Edward\AppData\Local\Temp\, detecting about 2000 files and kept going. I stopped the scan and checked out the folder for myself. It seemed there were many files about 65K to be exact, which weighed in at about 228 gigs. With my music library being 168 gigs, I knew it was a lot. A few files seemed legitimate; files I remember downloading. However, most of them seemed to be named '3D5A.tmp' and were enumerated with random letters and numbers, starting with A and going up to F. Cancer is a perfect analogy for these files. Malwarebytes was taking too long to scan them and classified them as Rogue.Installer, so I tried deleting them on my own. It was taking too long, so I used the program, CCleaner and it took care of them pretty fast, albeit it deleted a few useful things like some cookies and Adobe Flash. I ran Malwarebytes again and already some of the temp files were back, but it was down to a manageable size. Additionally, there were a few other things which I will get to. I was skeptical at first, because the popup was still hanging there, and to be totally clean it would have to go. Was it going to just disappear when I decided to quarantine the files? What are the chances of that? Much to my delight, it did in fact just disappear. It asked to restart so it could finish up and I did. Nothing happened when I started up again...including virus symptoms! Here is the log of Malwarebytes. I figure you might want it to make SpybotSD more effective. Thanks!

Malwarebytes' Anti-Malware 1.43
Database version: 3495
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

1/5/2010 3:48:50 AM
mbam-log-2010-01-05 (03-48-46).txt

Scan type: Quick Scan
Objects scanned: 91084
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 212

Memory Processes Infected:
C:\Windows\SysWOW64\l0a8umnwtmst.exe (Trojan.FakeAlert) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop defender 2010 (Rogue.DesktopDefender) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\SysWOW64\l0a8umnwtmst.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\System32\l0a8umnwtmst.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\1.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\10.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\1000.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\118E.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\126.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\1392.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\1587.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\15B4.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\17C8.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\19CA.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\19CB.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\1BAF.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\1DE1.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\1DF0.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\1E0F.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\1FC6.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\2.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\2216.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\2217.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\2254.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\23DC.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\262C.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\263B.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\2689.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\2802.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\2A42.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\2A61.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\2ABE.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\2C18.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\2E59.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\2E87.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\2F32.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\3.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\302E.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\31A.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\31B.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\326F.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\32AD.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\3368.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\3444.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\3685.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\36D3.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\379D.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\385A.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\3A9B.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\3AF8.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\3BD2.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\3C71.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\3EB1.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\3F1E.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\3FF8.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\4.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\4087.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\42C8.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\4344.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\449B.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\449D.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\46DE.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\476A.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\48B3.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\496C.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\4AF4.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\4B2.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\4B80.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\4CC9.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\4D92.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\4F0A.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\4F96.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\5.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\50E0.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\5320.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\53AD.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\53BB.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\53C.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\5505.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\5737.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\57C3.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\592B.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\59E3.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\5B4D.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\5BD9.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\5D41.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\5F82.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\5FEF.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\6.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\601B.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\6177.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\6405.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\658D.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\659B.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\6644.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\681C.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\69B2.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\69C3.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\6C32.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\6C6D.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\6DC8.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\6DD9.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\7.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\7048.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\71DE.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\71EF.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\730.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\745E.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\75F4.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\7615.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\770.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\7775.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\7874.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\7A0A.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\7A2B.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\7BAB.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\7C9A.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\7E21.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\7E41.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\8.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\80B0.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\81D3.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\8237.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\8267.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\85EA.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\864D.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\867D.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\8A0F.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\8A63.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\8A93.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\8E26.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\8E79.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\8E8.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\8EB9.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\924B.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\9290.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\92DF.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\952.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\9662.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\96A6.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\96F5.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\9A78.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\9ABC.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\9B1B.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\9E8E.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\9ED2.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\9F41.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\A2F8.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\A357.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\A70E.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\A736.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\A76D.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\AB24.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\AB83.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\AF3B.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\AF71.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\AF9A.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\B351.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\B387.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\B3B0.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\B66.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\B767.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\B7C6.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\B9B0.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\BB7D.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\BBDC.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\BF93.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\BFC9.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\BFF2.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\C3AA.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\C3EF.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\C409.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\C7C0.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\C81F.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\CA46.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\CBD6.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\CC35.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\CE6C.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\CFFC.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\D04B.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\D2D0.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\D422.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\D461.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\D68.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\D838.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\D868.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\D908.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\DC5E.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\DCAD.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\DF21.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\E074.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\E102.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\E48A.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\E528.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\E54A.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\E8A0.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\E93E.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\E960.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\ECB7.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\ED73.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\ED77.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\F0CD.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\F189.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\F229.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\F3F.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\F4E3.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\F5A0.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\F7C.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\F8F9.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\F9C5.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\FA45.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\FD0F.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\FDEB.tmp (Rogue.Installer) -> No action taken.
C:\Users\Edward\AppData\Local\Temp\FE6A.tmp (Rogue.Installer) -> No action taken.

tashi
2010-01-05, 18:56
Hello Team Metal,

Did you miss the forum FAQ? ;) "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Volunteer analysts may use several tools to diagnose and remove infections. If your computer appears to be running fine now, safe surfing!

FYI:
Requests for additions to Spybot's detections (http://forums.spybot.info/forumdisplay.php?f=17)
Infected Files. How To Submit. (http://forums.spybot.info/showthread.php?t=1699)

Best regards.