|
| ||
| Virus Alert on taskbar Hi all. I believe i have a virus and malware/adware on my machine that i cannot get rid of. I have preformed lots of scans with kaspersky 7.0 and used antispyware which finds things, quarentines them and i dont know what it does after. The virus popped up with a red background saying my privacy is in danger, i ran antispyware whihc seems to have removed this but i still keep getting virus alert popping up. I have looked at other peoples threads and got a hijack this log, but totally unsure about what to remove and how to do it Any help is much appreciated. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:11: VIRUS ALERT!, on 03/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\AVG\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe F:\Program Files\Common Files\LightScribe\LSSrvc.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe F:\WINDOWS\system32\nvsvc32.exe F:\Program Files\OneStepSearch\onestep.exe F:\Program Files\CyberLink\Shared Files\RichVideo.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe F:\WINDOWS\Explorer.EXE F:\Program Files\OneStepSearch\onestep.exe F:\WINDOWS\system32\wscntfy.exe F:\Program Files\Analog Devices\SoundMAX\Smax4.exe F:\Program Files\ASUS\Ai Gear\GearHelp.exe F:\Program Files\ASUS\AI Booster\OverClk.exe F:\Program Files\XpertVision\TBPanel.exe F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe F:\Program Files\Analog Devices\Core\smax4pnp.exe F:\WINDOWS\System32\DLA\DLACTRLW.EXE F:\WINDOWS\system32\RUNDLL32.EXE F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe F:\Program Files\Microsoft ActiveSync\wcescomm.exe F:\WINDOWS\system32\ctfmon.exe F:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe F:\PROGRA~1\MICROS~3\rapimgr.exe F:\documents and settings\mark thurston\local settings\application data\skuyy.exe F:\Program Files\Antispyware\Antispyware.exe F:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe F:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe W:\Firefox\firefox.exe F:\WINDOWS\system32\notepad.exe F:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: fdkowvbp - {54EF0797-AF80-4CF5-AB0C-7E87CCEC3E0B} - F:\WINDOWS\fdkowvbp.dll O4 - HKLM\..\Run: [SoundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Ai Gear Help] "F:\Program Files\ASUS\Ai Gear\GearHelp.exe" O4 - HKLM\..\Run: [Ai Nap] "F:\Program Files\ASUS\Ai Nap\AiNap.exe" O4 - HKLM\..\Run: [Launch Ai Booster] "F:\Program Files\ASUS\AI Booster\OverClk.exe" O4 - HKLM\..\Run: [Gainward] F:\Program Files\XpertVision\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [LanguageShortcut] "F:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [DLA] F:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [AVP] "F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "F:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ISUSPM] "F:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [MobileConnect.EXE] F:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [skuyy] f:\documents and settings\mark thurston\local settings\application data\skuyy.exe skuyy O4 - HKCU\..\Run: [Antispyware] F:\Program Files\Antispyware\Antispyware.exe -boot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\AVG\ANTI-V~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = F:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoStart IR.lnk = F:\Program Files\WinTV\Ir.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\FROMPH~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: eqvwamkl - {55AE4FAC-8B30-4FD2-BF20-7F9D5CBB6D57} - F:\WINDOWS\eqvwamkl.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\AVG\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - F:\Program Files\OneStepSearch\onestep.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9266 bytes |
| ||
| Re: Virus Alert on taskbar Please follow the steps as given and run all the programs noted in this sticky Read me before posting a request for assistance. Then post back here with all the requested logs and maybe we will better be able to offer more steps if needed. The steps given in the sticky may very well clean everything up. Run only those programs noted in that sticky. Ok? |
| ||
| Re: Virus Alert on taskbar Ok i have completed the steps mentioned in the last thread. Having done so teh virus alert notice in the task bar has gone although i still have messages flashing up saying i need to update whatever and the automatic updates is permantently disabled - each time i try to enable it the system freezes. the machine is also running incredibly slowly and icons for windows word, powerpoint publisher and excel are missing along with photoshop and firefox? Here are the logs Malwarebytes Malwarebytes' Anti-Malware 1.24 Database version: 1012 Windows 5.1.2600 Service Pack 2 19:17:01 04/08/2008 mbam-log-8-4-2008 (19-17-01).txt Scan type: Full Scan (F:\|W:\|X:\|Y:\|Z:\|) Objects scanned: 179200 Time elapsed: 1 hour(s), 22 minute(s), 18 second(s) Memory Processes Infected: 3 Memory Modules Infected: 7 Registry Keys Infected: 24 Registry Values Infected: 5 Registry Data Items Infected: 16 Folders Infected: 4 Files Infected: 38 Memory Processes Infected: F:\documents and settings\mark thurston\local settings\application data\skuyy.exe (Adware.Navipromo) -> Not selected for removal. F:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Not selected for removal. F:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Not selected for removal. Memory Modules Infected: F:\WINDOWS\system32\nnnoOiIc.dll (Trojan.Vundo) -> Not selected for removal. F:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Not selected for removal. F:\Program Files\Antispyware\SpyCleaner.dll (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\TCL.dll (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\zlib.dll (Rogue.Antispyware) -> Not selected for removal. F:\WINDOWS\system32\jkkKEwXp.dll (Trojan.Vundo) -> Delete on reboot. F:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32260c36-31c9-4508-8b5d-13740859d618} (Trojan.Vundo) -> Not selected for removal. HKEY_CLASSES_ROOT\CLSID\{32260c36-31c9-4508-8b5d-13740859d618} (Trojan.Vundo) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.BHO) -> Not selected for removal. HKEY_CLASSES_ROOT\CLSID\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.BHO) -> Not selected for removal. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestepsearch (Adware.OneStepSearch) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OneStep Search Service (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkkewxp (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{55ae4fac-8b30-4fd2-bf20-7f9d5cbb6d57} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{41fd62bf-793c-4f2b-8080-4c09bd9381b9} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{000d1e46-c588-4fa1-8bd6-42f4e6e9d1f1} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{54ef0797-af80-4cf5-ab0c-7e87ccec3e0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{06e100ad-f529-473b-a0d1-77a05be33c62} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{404a4bf6-491e-440a-bffa-aeda915b1e0a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8a0819b4-6101-46e2-b50a-a854bdc92a8d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{51dc7a06-2251-4795-a863-421782966ec9} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51dc7a06-2251-4795-a863-421782966ec9} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fdkowvbp.bxwo (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f06e2abe-3a50-4079-be25-fc100d9eaa25} (Trojan.Zlob) -> Not selected for removal. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{54ef0797-af80-4cf5-ab0c-7e87ccec3e0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: f:\windows\system32\nnnooiic -> Not selected for removal. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: f:\windows\system32\nnnooiic -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76477-OEM-0059293-36124) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: F:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Not selected for removal. F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\FilterDrv (Rogue.Antispyware) -> Not selected for removal. Files Infected: F:\WINDOWS\system32\nnnoOiIc.dll (Trojan.Vundo) -> Not selected for removal. F:\WINDOWS\system32\cIiOonnn.ini (Trojan.Vundo) -> Not selected for removal. F:\WINDOWS\system32\cIiOonnn.ini2 (Trojan.Vundo) -> Not selected for removal. F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy_navps.dat (Adware.Navipromo) -> Not selected for removal. F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy_nav.dat (Adware.Navipromo) -> Not selected for removal. F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy.dat (Adware.Navipromo) -> Not selected for removal. F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy.exe (Adware.Navipromo) -> Not selected for removal. F:\WINDOWS\system32\jkkKEwXp.dll (Trojan.BHO) -> Not selected for removal. F:\WINDOWS\elfv.exe (Trojan.FakeAlert) -> Not selected for removal. F:\WINDOWS\wnslvxtf.dll (Trojan.Zlob) -> Not selected for removal. W:\Disk Cleaner\glk12.tmp (Rogue.EvidenceEliminator) -> Not selected for removal. F:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> Not selected for removal. F:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Not selected for removal. F:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Not selected for removal. F:\Program Files\OneStepSearch\osopt.exe (Adware.OneStepSearch) -> Not selected for removal. F:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> Not selected for removal. F:\Program Files\OneStepSearch\uninstall.exe (Adware.OneStepSearch) -> Not selected for removal. F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware on the Web.lnk (Rogue.Antispyware) -> Not selected for removal. F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware.lnk (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\Antispyware.url (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\DataBase.ref (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\Difxapi.dll (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\SpyCleaner.dll (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\TCL.dll (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\vistaCPtasks.xml (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\zlib.dll (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\FilterDrv\Antispyware.amd64.sys (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\FilterDrv\Antispyware.cat (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\FilterDrv\Antispyware.inf (Rogue.Antispyware) -> Not selected for removal. F:\Program Files\Antispyware\FilterDrv\Antispyware.x86.sys (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Documents and Settings\All Users\Desktop\Antispyware.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. F:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot. F:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. F:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. F:\WINDOWS\nfavxwdbvdf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. F:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully. Eset Scanner version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3325 (20080804) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=1d9eca08d50b114ea86fd016adaaaa85 # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2008-08-04 11:41:07 # local_time=2008-08-05 12:41:07 (+0000, GMT Standard Time) # country="United Kingdom" # osver=5.1.2600 NT Service Pack 2 # scanned=358543 # found=5 # scan_time=4291 W:\Internet\New Folder\gtnightdayxs.exe multiple infiltrations B5ECD7A635FD8CB2461C74A45D4F15DE W:\Internet\New Folder\gtnightdayxs.exe »WISE »oswdvaz118.exe Win32/Adware.OneStep application 00000000000000000000000000000000 W:\Internet\New Folder\gtnightdayxs.exe »WISE »rkinstaller.exe Win32/Adware.Relevant application 00000000000000000000000000000000 W:\Internet\New Folder\gtscarystoryxs.exe Win32/Adware.OneStep application C5F6F5C9B329DD2F456361469303B308 W:\Internet\New Folder\gtscarystoryxs.exe »WISE »oswdvaz118.exe Win32/Adware.OneStep application 00000000000000000000000000000000 Deckards - main.txt ckard's System Scanner v20071014.68 Run by Mark Thurston on 2008-08-05 12:14:51 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Mark Thurston.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:16:52, on 05/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\AVG\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe F:\Program Files\Common Files\LightScribe\LSSrvc.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe F:\WINDOWS\system32\nvsvc32.exe F:\Program Files\CyberLink\Shared Files\RichVideo.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Analog Devices\SoundMAX\Smax4.exe F:\Program Files\ASUS\Ai Gear\GearHelp.exe F:\Program Files\ASUS\Ai Nap\AiNap.exe F:\Program Files\XpertVision\TBPanel.exe F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe F:\Program Files\Analog Devices\Core\smax4pnp.exe F:\WINDOWS\System32\DLA\DLACTRLW.EXE F:\WINDOWS\system32\RUNDLL32.EXE F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe F:\Program Files\Microsoft ActiveSync\wcescomm.exe F:\WINDOWS\system32\ctfmon.exe F:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe F:\PROGRA~1\MICROS~3\rapimgr.exe F:\WINDOWS\system32\wscntfy.exe F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE F:\documents and settings\mark thurston\local settings\application data\skuyy.exe F:\Program Files\Antispyware\Antispyware.exe F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe F:\Documents and Settings\Mark Thurston\Desktop\dss.exe F:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe F:\WINDOWS\system32\rundll32.exe F:\Documents and Settings\Mark Thurston\Desktop\dss.exe F:\PROGRA~1\TRENDM~1\HIJACK~1\MARKTH~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {4EC66E48-B863-4413-BC91-463D9CCA093B} - F:\WINDOWS\system32\jkkKEwXp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {95BE23E7-B9F6-479C-A017-126548A89E87} - F:\WINDOWS\system32\nnnoOiIc.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [SoundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Ai Gear Help] "F:\Program Files\ASUS\Ai Gear\GearHelp.exe" O4 - HKLM\..\Run: [Ai Nap] "F:\Program Files\ASUS\Ai Nap\AiNap.exe" O4 - HKLM\..\Run: [Launch Ai Booster] "F:\Program Files\ASUS\AI Booster\OverClk.exe" O4 - HKLM\..\Run: [Gainward] F:\Program Files\XpertVision\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [LanguageShortcut] "F:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [DLA] F:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [AVP] "F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "F:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ISUSPM] "F:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [MobileConnect.EXE] F:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [skuyy] f:\documents and settings\mark thurston\local settings\application data\skuyy.exe skuyy O4 - HKCU\..\Run: [Antispyware] F:\Program Files\Antispyware\Antispyware.exe -boot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\AVG\ANTI-V~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = F:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoStart IR.lnk = F:\Program Files\WinTV\Ir.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\FROMPH~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: jkkKEwXp - F:\WINDOWS\SYSTEM32\jkkKEwXp.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\AVG\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9580 bytes -- Files created between 2008-07-05 and 2008-08-05 ----------------------------- 2008-08-04 20:49:14 0 d-------- F:\Program Files\EsetOnlineScanner 2008-08-04 12:14:52 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\Malwarebytes 2008-08-04 12:13:35 0 d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-04 12:13:27 0 d-------- F:\Program Files\Malwarebytes' Anti-Malware 2008-08-03 22:11:36 0 d-------- F:\Program Files\Trend Micro 2008-08-01 16:12:09 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\Antispyware 2008-08-01 16:12:04 0 d-------- F:\Program Files\Antispyware 2008-08-01 12:39:37 0 d-------- F:\Program Files\temp 2008-08-01 12:39:09 96559 --a------ F:\WINDOWS\system32\drivers\klin.dat 2008-08-01 12:39:09 87855 --a------ F:\WINDOWS\system32\drivers\klick.dat 2008-08-01 12:38:48 18720 --ahs---- F:\WINDOWS\system32\drivers\fidbox2.dat 2008-08-01 12:38:48 17310752 --ahs---- F:\WINDOWS\system32\drivers\fidbox.dat 2008-08-01 12:38:48 0 d-------- F:\Program Files\Kaspersky Lab 2008-08-01 12:38:48 0 d-------- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-07-31 21:52:55 0 d-------- F:\Program Files\Panda Security 2008-07-31 21:31:59 51869 --ahs---- F:\WINDOWS\system32\cIiOonnn.ini2 2008-07-31 21:31:54 323328 --a------ F:\WINDOWS\system32\nnnoOiIc.dll 2008-07-31 18:43:49 34176 --a------ F:\WINDOWS\system32\jkkKEwXp.dll 2008-07-31 18:43:17 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\TmpRecentIcons 2008-07-31 18:43:09 233472 --a------ F:\WINDOWS\wnslvxtf.dll 2008-07-31 18:43:09 94208 --a------ F:\WINDOWS\elfv.exe 2008-07-24 20:56:47 0 d-------- F:\Documents and Settings\All Users\Application Data\Codemasters 2008-07-24 20:56:28 0 d-------- F:\Program Files\OpenAL 2008-07-06 11:54:27 187392 --a------ F:\WINDOWS\system32\JPGUtils.dll 2008-07-06 11:54:26 0 d-------- F:\Program Files\WinCustomize 2008-07-06 11:54:26 0 d-------- F:\Program Files\Common Files\Stardock -- Find3M Report --------------------------------------------------------------- 2008-08-01 12:33:37 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\AVG7 2008-07-31 19:03:34 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\LimeWire 2008-07-28 20:20:34 0 d--h----- F:\Program Files\InstallShield Installation Information 2008-07-28 12:44:46 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\AdobeUM 2008-07-17 13:02:50 2752512 --a------ F:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-07-16 23:28:19 0 d-------- F:\Program Files\OneStepSearch 2008-07-15 16:38:58 0 d-------- F:\Program Files\WinTV 2008-07-15 16:38:57 0 d-------- F:\Program Files\Windows Media Connect 2 2008-07-15 16:38:57 0 d-------- F:\Program Files\Messenger 2008-07-15 16:38:56 0 d-------- F:\Program Files\ASUS WiFi-AP Solo 2008-07-09 23:05:26 0 d-------- F:\Program Files\Video Converter 2008-07-06 11:54:26 0 d-------- F:\Program Files\Common Files 2008-07-01 17:24:11 16 --a------ F:\WINDOWS\popcinfo.dat 2008-07-01 17:22:39 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\.Torrent Swapper 2008-06-21 00:55:54 0 d-------- F:\Program Files\FileSubmit 2008-06-18 22:31:44 0 d-------- F:\Program Files\Object Desktop -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EC66E48-B863-4413-BC91-463D9CCA093B}] 31/07/2008 18:43 34176 --a------ F:\WINDOWS\system32\jkkKEwXp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95BE23E7-B9F6-479C-A017-126548A89E87}] 31/07/2008 21:31 323328 --a------ F:\WINDOWS\system32\nnnoOiIc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAX"="F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [13/07/2006 07:12] "Ai Gear Help"="F:\Program Files\ASUS\Ai Gear\GearHelp.exe" [27/07/2006 20:39] "Ai Nap"="F:\Program Files\ASUS\Ai Nap\AiNap.exe" [30/11/2006 11:23] "Launch Ai Booster"="F:\Program Files\ASUS\AI Booster\OverClk.exe" [08/12/2006 15:24] "Gainward"="F:\Program Files\XpertVision\TBPanel.exe" [23/04/2007 19:20] "NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [11/05/2007 06:03] "nwiz"="nwiz.exe" [11/05/2007 06:03 F:\WINDOWS\system32\nwiz.exe] "CloneCDTray"="F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [19/05/2005 14:47] "LanguageShortcut"="F:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [05/12/2006 22:55] "NeroFilterCheck"="F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40] "SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00] "SoundMAXPnP"="F:\Program Files\Analog Devices\Core\smax4pnp.exe" [18/12/2006 14:34] "DLA"="F:\WINDOWS\System32\DLA\DLACTRLW.EXE" [13/06/2006 06:20] "NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [11/05/2007 06:03] "LogonStudio"="F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [03/09/2002 18:38] "AVP"="F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [08/02/2008 18:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="F:\Program Files\Microsoft ActiveSync\wcescomm.exe" [20/06/2006 22:36] "ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00] "EPSON Stylus DX7400 Series"="F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [12/04/2007 07:00] "ISUSPM"="F:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [29/03/2007 15:41] "MobileConnect.EXE"="F:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" [] "Yahoo! Pager"="F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 17:43] "skuyy"="f:\documents and settings\mark thurston\local settings\application data\skuyy.exe" [29/07/2008 21:33] "Antispyware"="F:\Program Files\Antispyware\Antispyware.exe" [31/07/2008 17:01] F:\Documents and Settings\Mark Thurston\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - F:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [04/02/2008 13:55:14] F:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [15/08/2007 15:24:45] Adobe Reader Speed Launch.lnk - F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) "NoDispCPL"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWindowsUpdate"=0 (0x0) "NoStartMenuMorePrograms"=0 (0x0) "StartMenuLogOff"=0 (0x0) "NoToolbarCustomize"=0 (0x0) "NoSetFolders"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{4EC66E48-B863-4413-BC91-463D9CCA093B}"= F:\WINDOWS\system32\jkkKEwXp.dll [31/07/2008 18:43 34176] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKEwXp] jkkKEwXp.dll 31/07/2008 18:43 34176 F:\WINDOWS\system32\jkkKEwXp.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] F:\Program Files\Object Desktop\WindowBlinds\WindowBlinds\wbsrv.dll 29/04/2008 21:58 210168 F:\Program Files\Object Desktop\WindowBlinds\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 F:\WINDOWS\system32\nnnoOiIc [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbi06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winel53.sys] @="Driver" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42abf856-1b96-11dd-8390-0015af220735}] AutoRun\command- G:\StartVMCLite.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81afdec2-1b97-11dd-8391-0015af220735}] AutoRun\command- G:\StartVMCLite.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81afdec3-1b97-11dd-8391-0015af220735}] AutoRun\command- G:\StartVMCLite.exe -- End of Deckard's System Scanner: finished at 2008-08-05 12:48:18 ------------ Deckards - extra.txt kard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ Percentage of Memory in Use: 40% Physical Memory (total/avail): 2046.42 MiB / 1219.26 MiB Pagefile Memory (total/avail): 3938.75 MiB / 3363.66 MiB Virtual Memory (total/avail): 2047.88 MiB / 1934.71 MiB A: is Removable (No Media) C: is Removable (No Media) D: is CDROM (UDF) E: is CDROM (CDFS) F: is Fixed (NTFS) - 226.48 GiB total, 202.01 GiB free. H: is Removable (No Media) W: is Fixed (NTFS) - 14.65 GiB total, 12.97 GiB free. X: is Fixed (NTFS) - 39.07 GiB total, 32.26 GiB free. Y: is Fixed (NTFS) - 39.07 GiB total, 30.19 GiB free. Z: is Fixed (NTFS) - 146.49 GiB total, 72.36 GiB free. \\.\PHYSICALDRIVE0 - SAMSUNG HD501LJ - 465.76 GiB - 5 partitions \PARTITION0 (bootable) - Installable File System - 226.48 GiB - F: \PARTITION1 - Extended w/Extended Int 13 - 239.28 GiB - W: - X: - Y: - Z: \\.\PHYSICALDRIVE1 - VIA-P VT6205-DevB USB Device \\.\PHYSICALDRIVE2 - VIA-P VT6205-DevM USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: Kaspersky Anti-Virus v7.0.1.325 (Kaspersky Lab) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager" "F:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="F:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus" "F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=F:\Documents and Settings\All Users APPDATA=F:\Documents and Settings\Mark Thurston\Application Data CLIENTNAME=Console CommonProgramFiles=F:\Program Files\Common Files COMPUTERNAME=MARK ComSpec=F:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=F: HOMEPATH=\Documents and Settings\Mark Thurston LOGONSERVER=\\MARK NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4303 ProgramFiles=F:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=F: SystemRoot=F:\WINDOWS TEMP=F:\DOCUME~1\MARKTH~1\LOCALS~1\Temp TMP=F:\DOCUME~1\MARKTH~1\LOCALS~1\Temp USERDOMAIN=MARK USERNAME=Mark Thurston USERPROFILE=F:\Documents and Settings\Mark Thurston windir=F:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Mark Thurston (admin) -- Add/Remove Programs --------------------------------------------------------- --> "F:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA} --> F:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> F:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> F:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> F:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> F:\WINDOWS\UNNeroVision.exe /UNINSTALL --> F:\WINDOWS\UNRecode.exe /UNINSTALL --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FA7621DC-7144-4A24-973C-B9BC0E945628}\setup.exe" -l0x9 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe" -l0x9 -removeonly --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9 -removeonly --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe" -l0x9 -removeonly --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe" -l0x9 -removeonly --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Across Lite Mobile - Pocket PC Edition 2.0.1.0 --> F:\Program Files\Binaryfish\Across Lite Mobile - Pocket PC Edition\uninst.exe Adobe Flash Player 9 ActiveX --> F:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player ActiveX --> F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop 7.0 --> F:\WINDOWS\ISUNINST.EXE -f"F:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"F:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player --> F:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE F:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Advanced Disk Cleaner --> MsiExec.exe /X{6C2EDF63-C83B-4AAD-AC26-1784660F618B} AI Booster --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\setup.exe" -l0x9 AI Gear --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6B568B64-0BDE-4FB2-A1AB-8A41DF033C57}\setup.exe" -l0x9 AI Nap --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{E2216699-EA02-4B85-BAB1-1DF34C4BDF9D}\setup.exe" -l0x9 Antispyware --> MsiExec.exe /X{B5A97A4C-BBB8-4494-914E-F68C420B0B4F} AnyDVD --> "F:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="F:\Program Files\SlySoft\AnyDVD" Ashampoo ClipFinder 1.38 --> "F:\Program Files\Ashampoo\Ashampoo ClipFinder\unins000.exe" Ashampoo Internet Accelerator 2.00 --> "F:\Program Files\Ashampoo\Ashampoo Internet Accelerator 2\unins000.exe" Ashampoo StartUp Tuner 2.00 --> "F:\Program Files\Ashampoo\StartUp Tuner 2\unins000.exe" Assassin's Creed --> F:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly ASUS WiFi-AP Solo --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE ASUSUpdate --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9 AVG Anti-Spyware 7.5 --> F:\Program Files\AVG\Anti-Spyware\AVG Anti-Spyware 7.5\Uninstall.exe Bejeweled 2 Deluxe --> F:\WINDOWS\iun6002ev.exe "F:\Program Files\Games\Bejeweled 2 Deluxe\irunin.ini" Brian Lara International Cricket 2005 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B157A698-7515-4AB0-95A0-072A305B52A8}\setup.exe" -l0x9 Call of Duty(R) 4 - Modern Warfare(TM) --> F:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409 Camera RAW Plug-In for EPSON Creativity Suite --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x9 UNINST CloneCD --> "F:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="F:\Program Files\SlySoft\CloneCD" CloneDVD2 --> "F:\Program Files\SlySoft\CloneDVD2\CloneDVD2-uninst.exe" /D="F:\Program Files\SlySoft\CloneDVD2" Company of Heroes --> "Z:\Company Of Heroes\Company Of Heroes\Data\Uninstall_English.exe" Company of Heroes - FAKEMSI --> MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35} Company of Heroes - FAKEMSI --> MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18} Company of Heroes - FAKEMSI --> MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1} Company of Heroes - FAKEMSI --> MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D} Company of Heroes - FAKEMSI --> MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98} Company of Heroes - FAKEMSI --> MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379} Company of Heroes - FAKEMSI --> MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F} Company of Heroes - FAKEMSI --> MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3} Company of Heroes - FAKEMSI --> MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D} Company of Heroes - FAKEMSI --> MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1} Company of Heroes - FAKEMSI --> MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E} Company of Heroes - FAKEMSI --> MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519} Company of Heroes - FAKEMSI --> MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671} Company of Heroes - FAKEMSI --> MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F} Cool & Quiet --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9 Dawn of War - Dark Crusade --> F:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly Dawn of War - Soulstorm --> "F:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -removeonly Drive Erase Pro --> F:\Program Files\Nova Development\Drive Erase Pro\MediaBuilder.exe -uninstall DVD Suite --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall EA SPORTS Rugby 2005 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{38420AB3-8788-4DA2-A296-E8B6F328876F}\Setup.exe" -l0x9 EPSON Attach To Email --> F:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG EPSON Copy Utility 3 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall EPSON Easy Photo Print --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x9 UNINST EPSON File Manager --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST EPSON Printer Software --> F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan --> F:\Program Files\epson\escndv\setup\setup.exe /r EPSON Scan Assistant --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual --> F:\Program Files\EPSON\TPMANUAL\ES_CX_DX\ENG\USE_G\DOCUNINS.EXE EPSON Web-To-Page --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything ESET Online Scanner --> F:\WINDOWS\system32\OnlineScannerUninstaller.exe EVGA Display Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly Far Cry --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l2057 Full Spectrum Warrior --> MsiExec.exe /I{0153A77C-A981-4A1F-BAA9-16A80FBC358A} Gears of War --> F:\Program Files\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\Setup.exe -runfromtemp -l0x0409 Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C} GRID --> "F:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly Hauppauge English Help Files and Resources --> F:\PROGRA~1\WinTV\UNHLPeng.EXE F:\PROGRA~1\WinTV\WTV2Keng.LOG Hauppauge WinTV DVB-T EPG Service --> F:\WINDOWS\system32\UNWISE.EXE F:\WINDOWS\system32\UNEPGS~1.LOG Hauppauge WinTV Infrared Remote --> F:\PROGRA~1\WinTV\UNir32.EXE F:\PROGRA~1\WinTV\ir32.LOG Hauppauge WinTV Scheduler --> F:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.exe F:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.log Hauppauge WinTV2000 --> F:\PROGRA~1\WinTV\UNTV32.EXE F:\PROGRA~1\WinTV\WINTV2K.LOG High Definition Audio Driver Package - KB888111 --> F:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe HijackThis 2.0.2 --> "F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "F:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" ImTOO MOV Converter --> F:\Program Files\Video Converter\Uninstall.exe InterVideo FilterSDK for Hauppauge --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL InterVideo MediaOne Gallery --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{34F0D55F-C386-4195-9A5B-961D3F6ACD46}\setup.exe" REMOVEALL Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F} Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F} LimeWire 4.14.8 --> "W:\Limewire\uninstall.exe" LogonStudio --> F:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE F:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG Malwarebytes' Anti-Malware --> "F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E} Microsoft Compression Client Pack 1.0 for Windows XP --> "F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57} Microsoft Motocross Madness 2 --> "Z:\Moto Madness 2\Data\UNINSTAL.EXE" /runtemp /addremove Microsoft Office Outlook 2007 --> MsiExec.exe /X{91120000-001A-0000-0000-0000000FF1CE} Microsoft Office Outlook 2007 Trial --> "F:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOKR /dll OSETUP.DLL Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (2.0.0.16) --> W:\Firefox\uninstall\helper.exe Music Alarm --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{4999E00F-EB5E-402E-B5AE-BB5710F77EEB}\setup.exe" -l0x9 Nero 7 Essentials --> MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641033} Night and Day --> F:\PROGRA~1\FILESU~1\NIGHTA~1\UNWISE.EXE F:\PROGRA~1\FILESU~1\NIGHTA~1\INSTALL.LOG NVIDIA ForceWare Network Access Manager --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033 OneStep Search 1.0 build 174 --> F:\Program Files\OneStepSearch\uninstall.exe Online Manuals for WinTV (English) --> F:\PROGRA~1\WinTV\UNTVmans.exe F:\PROGRA~1\WinTV\WinTVMan.LOG OpenAL --> "F:\Program Files\OpenAL\OalinstGridRelease.exe" /U Panda ActiveScan 2.0 --> F:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PC Probe II --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9 POW --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CD277B3E-8043-496E-B83B-D53186A072AB} /l1033 PowerDVD --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerQuest PartitionMagic 8.0 --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} QStart --> MsiExec.exe /I{E5867550-4146-4B75-BE3D-D34F279D90B1} Rome - Total War - Gold Edition --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x9 -removeonly Rugby Challenge 2006 --> Z:\Rugby Challenge\Data\uninstall.exe Scary Story --> F:\PROGRA~1\FILESU~1\SCARYS~1\UNWISE.EXE F:\PROGRA~1\FILESU~1\SCARYS~1\INSTALL.LOG Shockwave --> F:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE F:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Sonic UDF Reader --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sony Picture Utility --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly Sony USB Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly SoundMAX --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly Spb Full Screen Keyboard --> F:\Program Files\Microsoft ActiveSync\Spb Full Screen Keyboard\Uninstall.exe Spb Full Screen Keyboard System Requirements Lab --> F:\Program Files\SystemRequirementsLab\Uninstall.exe THE SETTLERS - Heritage of Kings (all products) --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}\setup.exe" -l0x9 -removeonly The Sims 2 --> Z:\The Sims 2\Data\EAUninstall.exe TrackMania United 0.2.0.8 --> "Z:\TrackMania United\Data\unins000.exe" WindowBlinds --> F:\PROGRA~1\OBJECT~1\WINDOW~1\WINDOW~1\UNWISE.EXE F:\PROGRA~1\OBJECT~1\WINDOW~1\WINDOW~1\INSTALL.LOG Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> F:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u F:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf Windows Media Format 11 runtime --> "F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> F:\Program Files\WinRAR\uninstall.exe Xpand Rally Xtreme --> F:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{025D4907-5D2E-4146-95F7-54E18BE087DA} /Z"UNINSTALL" XpertVision 5.1 --> "F:\Program Files\XpertVision\unins000.exe" Yahoo! Internet Mail --> F:\WINDOWS\system32\regsvr32 /u /s F:\PROGRA~1\Yahoo!\Common\ymmapi.dll Yahoo! Messenger --> F:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U F:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG -- Application Event Log ------------------------------------------------------- Event Record #/Type3785 / Error Event Submitted/Written: 08/05/2008 07:04:02 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x088b0a7f. Processing media-specific event for [iexplore.exe!ws!] Event Record #/Type3784 / Error Event Submitted/Written: 08/04/2008 11:32:06 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type3783 / Error Event Submitted/Written: 08/04/2008 08:15:51 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type3773 / Error Event Submitted/Written: 08/04/2008 07:47:51 AM Event ID/Source: 1002 / Application Hang Event Description: Hanging application WCESMgr.exe, version 4.2.4875.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type3764 / Error Event Submitted/Written: 08/03/2008 09:46:32 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type20486 / Error Event Submitted/Written: 08/05/2008 07:02:36 AM Event ID/Source: 10016 / DCOM Event Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. Event Record #/Type20485 / Error Event Submitted/Written: 08/05/2008 07:02:15 AM Event ID/Source: 10016 / DCOM Event Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. Event Record #/Type20484 / Error Event Submitted/Written: 08/05/2008 07:01:54 AM Event ID/Source: 10016 / DCOM Event Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. Event Record #/Type20483 / Error Event Submitted/Written: 08/05/2008 07:01:32 AM Event ID/Source: 10016 / DCOM Event Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. Event Record #/Type20482 / Error Event Submitted/Written: 08/05/2008 07:01:11 AM Event ID/Source: 10016 / DCOM Event Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. -- End of Deckard's System Scanner: finished at 2008-08-05 07:12:02 ------------ The uninstall list did not pop up or come up with any options for saving I hope this helps and thanks for any assistance |
| ||
| Re: Virus Alert on taskbar Can you tell me why you did not allow the Malwarebytes program to fix everything found? |
| ||
| Re: Virus Alert on taskbar the thread didn't say so but later it says for another program not to fix or remove anything - it can do that at a later time if needed? Should i run it again and get it to fix problems? |
| ||
| Re: Virus Alert on taskbar Sounds like a Vundo to me |
| ||
| Re: Virus Alert on taskbar Quote:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop. * DoubleClick mbam-setup.exe and follow the prompts to install MBA-M. * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt. You need to run this program again IMMEDIATELY and follow those instructions to the letter. You will NOT get the system clean by just cleaning a portion of items found you have to Select Everything bad that is found and Remove. Then REBOOT the computer. Run the ESET ONLINE scanner again, following the instructions exactly and have it Fix everything found. Reboot the system. Run HJT again. Then post back here with those three new logs. Quote:
|
| ||
| Re: Virus Alert on taskbar Here is the new log from malwarebytes after removing selected Malwarebytes' Anti-Malware 1.24 Database version: 1012 Windows 5.1.2600 Service Pack 2 07:37:51 06/08/2008 mbam-log-8-6-2008 (07-37-51).txt Scan type: Full Scan (F:\|W:\|X:\|Y:\|Z:\|) Objects scanned: 179501 Time elapsed: 1 hour(s), 29 minute(s), 17 second(s) Memory Processes Infected: 2 Memory Modules Infected: 5 Registry Keys Infected: 10 Registry Values Infected: 3 Registry Data Items Infected: 2 Folders Infected: 4 Files Infected: 30 Memory Processes Infected: F:\documents and settings\mark thurston\local settings\application data\skuyy.exe (Adware.Navipromo) -> Unloaded process successfully. F:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Unloaded process successfully. Memory Modules Infected: F:\WINDOWS\system32\nnnoOiIc.dll (Trojan.Vundo) -> Delete on reboot. F:\Program Files\Antispyware\SpyCleaner.dll (Rogue.Antispyware) -> Delete on reboot. F:\Program Files\Antispyware\TCL.dll (Rogue.Antispyware) -> Delete on reboot. F:\Program Files\Antispyware\zlib.dll (Rogue.Antispyware) -> Delete on reboot. F:\WINDOWS\system32\jkkKEwXp.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b6a1092-4221-4e60-a634-cbcc38772ae0} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{5b6a1092-4221-4e60-a634-cbcc38772ae0} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.BHO) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.BHO) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestepsearch (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkkewxp (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f06e2abe-3a50-4079-be25-fc100d9eaa25} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.Vundo) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: f:\windows\system32\nnnooiic -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: f:\windows\system32\nnnooiic -> Delete on reboot. Folders Infected: F:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\FilterDrv (Rogue.Antispyware) -> Quarantined and deleted successfully. Files Infected: F:\WINDOWS\system32\nnnoOiIc.dll (Trojan.Vundo) -> Delete on reboot. F:\WINDOWS\system32\cIiOonnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\cIiOonnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy_navps.dat (Adware.Navipromo) -> Quarantined and deleted successfully. F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy_nav.dat (Adware.Navipromo) -> Quarantined and deleted successfully. F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy.dat (Adware.Navipromo) -> Quarantined and deleted successfully. F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy.exe (Adware.Navipromo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\jkkKEwXp.dll (Trojan.BHO) -> Delete on reboot. F:\WINDOWS\elfv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. F:\WINDOWS\wnslvxtf.dll (Trojan.Zlob) -> Quarantined and deleted successfully. W:\Disk Cleaner\glk12.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. F:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Program Files\OneStepSearch\osopt.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Program Files\OneStepSearch\uninstall.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware on the Web.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\Antispyware.url (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\DataBase.ref (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\Difxapi.dll (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\SpyCleaner.dll (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\TCL.dll (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\vistaCPtasks.xml (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\zlib.dll (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\FilterDrv\Antispyware.amd64.sys (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\FilterDrv\Antispyware.cat (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\FilterDrv\Antispyware.inf (Rogue.Antispyware) -> Quarantined and deleted successfully. |
| ||
| Re: Virus Alert on taskbar You still need to reboot and run hijackthis again and post the log as jholland1964 requested. |
| ||
| Re: Virus Alert on taskbar Here is the log from malwarebytes with the remove selected button pressed - sorry! Malwarebytes' Anti-Malware 1.24 Database version: 1012 Windows 5.1.2600 Service Pack 2 07:37:51 06/08/2008 mbam-log-8-6-2008 (07-37-51).txt Scan type: Full Scan (F:\|W:\|X:\|Y:\|Z:\|) Objects scanned: 179501 Time elapsed: 1 hour(s), 29 minute(s), 17 second(s) Memory Processes Infected: 2 Memory Modules Infected: 5 Registry Keys Infected: 10 Registry Values Infected: 3 Registry Data Items Infected: 2 Folders Infected: 4 Files Infected: 30 Memory Processes Infected: F:\documents and settings\mark thurston\local settings\application data\skuyy.exe (Adware.Navipromo) -> Unloaded process successfully. F:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Unloaded process successfully. Memory Modules Infected: F:\WINDOWS\system32\nnnoOiIc.dll (Trojan.Vundo) -> Delete on reboot. F:\Program Files\Antispyware\SpyCleaner.dll (Rogue.Antispyware) -> Delete on reboot. F:\Program Files\Antispyware\TCL.dll (Rogue.Antispyware) -> Delete on reboot. F:\Program Files\Antispyware\zlib.dll (Rogue.Antispyware) -> Delete on reboot. F:\WINDOWS\system32\jkkKEwXp.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b6a1092-4221-4e60-a634-cbcc38772ae0} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{5b6a1092-4221-4e60-a634-cbcc38772ae0} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.BHO) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.BHO) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestepsearch (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkkewxp (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f06e2abe-3a50-4079-be25-fc100d9eaa25} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.Vundo) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: f:\windows\system32\nnnooiic -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: f:\windows\system32\nnnooiic -> Delete on reboot. Folders Infected: F:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\FilterDrv (Rogue.Antispyware) -> Quarantined and deleted successfully. Files Infected: F:\WINDOWS\system32\nnnoOiIc.dll (Trojan.Vundo) -> Delete on reboot. F:\WINDOWS\system32\cIiOonnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\cIiOonnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy_navps.dat (Adware.Navipromo) -> Quarantined and deleted successfully. F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy_nav.dat (Adware.Navipromo) -> Quarantined and deleted successfully. F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy.dat (Adware.Navipromo) -> Quarantined and deleted successfully. F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy.exe (Adware.Navipromo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\jkkKEwXp.dll (Trojan.BHO) -> Delete on reboot. F:\WINDOWS\elfv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. F:\WINDOWS\wnslvxtf.dll (Trojan.Zlob) -> Quarantined and deleted successfully. W:\Disk Cleaner\glk12.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. F:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Program Files\OneStepSearch\osopt.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Program Files\OneStepSearch\uninstall.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully. F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware on the Web.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\Antispyware.url (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\DataBase.ref (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\Difxapi.dll (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\SpyCleaner.dll (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\TCL.dll (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\vistaCPtasks.xml (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\zlib.dll (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\FilterDrv\Antispyware.amd64.sys (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\FilterDrv\Antispyware.cat (Rogue.Antispyware) -> Quarantined and deleted successfully. F:\Program Files\Antispyware\FilterDrv\Antispyware.inf (Rogue.Antispyware) -> Quarantined and deleted successfully. |
| All times are GMT -4. The time now is 12:32 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC