Virus Alert on taskbar

Question

fuzzy_monkey 0 Newbie Poster

16 Years Ago

Hi all. I believe i have a virus and malware/adware on my machine that i cannot get rid of. I have preformed lots of scans with kaspersky 7.0 and used antispyware which finds things, quarentines them and i dont know what it does after.

The virus popped up with a red background saying my privacy is in danger, i ran antispyware whihc seems to have removed this but i still keep getting virus alert popping up.

I have looked at other peoples threads and got a hijack this log, but totally unsure about what to remove and how to do it

Any help is much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11: VIRUS ALERT!, on 03/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\AVG\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
F:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\OneStepSearch\onestep.exe
F:\Program Files\CyberLink\Shared Files\RichVideo.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\OneStepSearch\onestep.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Analog Devices\SoundMAX\Smax4.exe
F:\Program Files\ASUS\Ai Gear\GearHelp.exe
F:\Program Files\ASUS\AI Booster\OverClk.exe
F:\Program Files\XpertVision\TBPanel.exe
F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
F:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\WINDOWS\System32\DLA\DLACTRLW.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
F:\PROGRA~1\MICROS~3\rapimgr.exe
F:\documents and settings\mark thurston\local settings\application data\skuyy.exe
F:\Program Files\Antispyware\Antispyware.exe
F:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
W:\Firefox\firefox.exe
F:\WINDOWS\system32\notepad.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: fdkowvbp - {54EF0797-AF80-4CF5-AB0C-7E87CCEC3E0B} - F:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [SoundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Gear Help] "F:\Program Files\ASUS\Ai Gear\GearHelp.exe"
O4 - HKLM\..\Run: [Ai Nap] "F:\Program Files\ASUS\Ai Nap\AiNap.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "F:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [Gainward] F:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LanguageShortcut] "F:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DLA] F:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVP] "F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "F:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ISUSPM] "F:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MobileConnect.EXE] F:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [skuyy] f:\documents and settings\mark thurston\local settings\application data\skuyy.exe skuyy
O4 - HKCU\..\Run: [Antispyware] F:\Program Files\Antispyware\Antispyware.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\AVG\ANTI-V~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = F:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = F:\Program Files\WinTV\Ir.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\FROMPH~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: eqvwamkl - {55AE4FAC-8B30-4FD2-BF20-7F9D5CBB6D57} - F:\WINDOWS\eqvwamkl.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\AVG\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - F:\Program Files\OneStepSearch\onestep.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9266 bytes

windows-virus

5 Contributors
16 Replies
328 Views
1 Year Discussion Span
Latest Post 15 Years Ago Latest Post by crunchie

jholland1964 650 Posting Expert

16 Years Ago

Please follow the steps as given and run all the programs noted in this sticky
Read me before posting a request for assistance. Then post back here with all the requested logs and maybe we will better be able to offer more steps if needed. The steps given in the sticky may very well clean everything up. Run only those programs noted in that sticky. Ok?

jholland1964 650 Posting Expert

16 Years Ago

Can you tell me why you did not allow the Malwarebytes program to fix everything found?

Talonis 34 Light Poster

16 Years Ago

Sounds like a Vundo to me

jholland1964 650 Posting Expert

16 Years Ago

the thread didn't say so but later it says for another program not to fix or remove anything - it can do that at a later time if needed?
Should i run it again and get it to fix problems?

I beg your pardon the instructions for Malwarebytes Anti-Malware DO say the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
You need to run this program again IMMEDIATELY and follow those instructions to the letter. You will NOT get the system clean by just cleaning a portion of items found you have to Select Everything bad that is found and Remove.
Then REBOOT the computer.

Run the ESET ONLINE scanner again, following the instructions exactly and have it Fix everything found.
Reboot the system. Run HJT again. Then post back here with those three new logs.

Talonis= Sounds like a Vundo to me

Among many other things.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

fuzzy_monkey 0 Newbie Poster · Answer 1 · 2008-08-05T22:46:04+00:00

Ok i have completed the steps mentioned in the last thread. Having done so teh virus alert notice in the task bar has gone although i still have messages flashing up saying i need to update whatever and the automatic updates is permantently disabled - each time i try to enable it the system freezes. the machine is also running incredibly slowly and icons for windows word, powerpoint publisher and excel are missing along with photoshop and firefox?

Here are the logs

Malwarebytes

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2

19:17:01 04/08/2008
mbam-log-8-4-2008 (19-17-01).txt

Scan type: Full Scan (F:\|W:\|X:\|Y:\|Z:\|)
Objects scanned: 179200
Time elapsed: 1 hour(s), 22 minute(s), 18 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 7
Registry Keys Infected: 24
Registry Values Infected: 5
Registry Data Items Infected: 16
Folders Infected: 4
Files Infected: 38

Memory Processes Infected:
F:\documents and settings\mark thurston\local settings\application data\skuyy.exe (Adware.Navipromo) -> Not selected for removal.
F:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Not selected for removal.
F:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Not selected for removal.

Memory Modules Infected:
F:\WINDOWS\system32\nnnoOiIc.dll (Trojan.Vundo) -> Not selected for removal.
F:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Not selected for removal.
F:\Program Files\Antispyware\SpyCleaner.dll (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\TCL.dll (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\zlib.dll (Rogue.Antispyware) -> Not selected for removal.
F:\WINDOWS\system32\jkkKEwXp.dll (Trojan.Vundo) -> Delete on reboot.
F:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32260c36-31c9-4508-8b5d-13740859d618} (Trojan.Vundo) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{32260c36-31c9-4508-8b5d-13740859d618} (Trojan.Vundo) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.BHO) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.BHO) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestepsearch (Adware.OneStepSearch) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OneStep Search Service (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkkewxp (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{55ae4fac-8b30-4fd2-bf20-7f9d5cbb6d57} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{41fd62bf-793c-4f2b-8080-4c09bd9381b9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{000d1e46-c588-4fa1-8bd6-42f4e6e9d1f1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54ef0797-af80-4cf5-ab0c-7e87ccec3e0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{06e100ad-f529-473b-a0d1-77a05be33c62} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{404a4bf6-491e-440a-bffa-aeda915b1e0a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8a0819b4-6101-46e2-b50a-a854bdc92a8d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51dc7a06-2251-4795-a863-421782966ec9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51dc7a06-2251-4795-a863-421782966ec9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.bxwo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f06e2abe-3a50-4079-be25-fc100d9eaa25} (Trojan.Zlob) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{54ef0797-af80-4cf5-ab0c-7e87ccec3e0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: f:\windows\system32\nnnooiic -> Not selected for removal.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: f:\windows\system32\nnnooiic -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76477-OEM-0059293-36124) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
F:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Not selected for removal.
F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\FilterDrv (Rogue.Antispyware) -> Not selected for removal.

Files Infected:
F:\WINDOWS\system32\nnnoOiIc.dll (Trojan.Vundo) -> Not selected for removal.
F:\WINDOWS\system32\cIiOonnn.ini (Trojan.Vundo) -> Not selected for removal.
F:\WINDOWS\system32\cIiOonnn.ini2 (Trojan.Vundo) -> Not selected for removal.
F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy_navps.dat (Adware.Navipromo) -> Not selected for removal.
F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy_nav.dat (Adware.Navipromo) -> Not selected for removal.
F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy.dat (Adware.Navipromo) -> Not selected for removal.
F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy.exe (Adware.Navipromo) -> Not selected for removal.
F:\WINDOWS\system32\jkkKEwXp.dll (Trojan.BHO) -> Not selected for removal.
F:\WINDOWS\elfv.exe (Trojan.FakeAlert) -> Not selected for removal.
F:\WINDOWS\wnslvxtf.dll (Trojan.Zlob) -> Not selected for removal.
W:\Disk Cleaner\glk12.tmp (Rogue.EvidenceEliminator) -> Not selected for removal.
F:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> Not selected for removal.
F:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Not selected for removal.
F:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Not selected for removal.
F:\Program Files\OneStepSearch\osopt.exe (Adware.OneStepSearch) -> Not selected for removal.
F:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> Not selected for removal.
F:\Program Files\OneStepSearch\uninstall.exe (Adware.OneStepSearch) -> Not selected for removal.
F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware on the Web.lnk (Rogue.Antispyware) -> Not selected for removal.
F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware.lnk (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\Antispyware.url (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\DataBase.ref (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\Difxapi.dll (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\SpyCleaner.dll (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\TCL.dll (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\vistaCPtasks.xml (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\zlib.dll (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\FilterDrv\Antispyware.amd64.sys (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\FilterDrv\Antispyware.cat (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\FilterDrv\Antispyware.inf (Rogue.Antispyware) -> Not selected for removal.
F:\Program Files\Antispyware\FilterDrv\Antispyware.x86.sys (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Desktop\Antispyware.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
F:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot.
F:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\WINDOWS\nfavxwdbvdf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

Eset Scanner

version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3325 (20080804)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=1d9eca08d50b114ea86fd016adaaaa85
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-08-04 11:41:07
# local_time=2008-08-05 12:41:07 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=358543
# found=5
# scan_time=4291
W:\Internet\New Folder\gtnightdayxs.exe multiple infiltrations B5ECD7A635FD8CB2461C74A45D4F15DE
W:\Internet\New Folder\gtnightdayxs.exe »WISE »oswdvaz118.exe Win32/Adware.OneStep application 00000000000000000000000000000000
W:\Internet\New Folder\gtnightdayxs.exe »WISE »rkinstaller.exe Win32/Adware.Relevant application 00000000000000000000000000000000
W:\Internet\New Folder\gtscarystoryxs.exe Win32/Adware.OneStep application C5F6F5C9B329DD2F456361469303B308
W:\Internet\New Folder\gtscarystoryxs.exe »WISE »oswdvaz118.exe Win32/Adware.OneStep application 00000000000000000000000000000000

Deckards - main.txt

ckard's System Scanner v20071014.68
Run by Mark Thurston on 2008-08-05 12:14:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Mark Thurston.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:52, on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\AVG\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
F:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\CyberLink\Shared Files\RichVideo.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Analog Devices\SoundMAX\Smax4.exe
F:\Program Files\ASUS\Ai Gear\GearHelp.exe
F:\Program Files\ASUS\Ai Nap\AiNap.exe
F:\Program Files\XpertVision\TBPanel.exe
F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
F:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\WINDOWS\System32\DLA\DLACTRLW.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
F:\PROGRA~1\MICROS~3\rapimgr.exe
F:\WINDOWS\system32\wscntfy.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
F:\documents and settings\mark thurston\local settings\application data\skuyy.exe
F:\Program Files\Antispyware\Antispyware.exe
F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
F:\Documents and Settings\Mark Thurston\Desktop\dss.exe
F:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
F:\WINDOWS\system32\rundll32.exe
F:\Documents and Settings\Mark Thurston\Desktop\dss.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\MARKTH~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {4EC66E48-B863-4413-BC91-463D9CCA093B} - F:\WINDOWS\system32\jkkKEwXp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {95BE23E7-B9F6-479C-A017-126548A89E87} - F:\WINDOWS\system32\nnnoOiIc.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Gear Help] "F:\Program Files\ASUS\Ai Gear\GearHelp.exe"
O4 - HKLM\..\Run: [Ai Nap] "F:\Program Files\ASUS\Ai Nap\AiNap.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "F:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [Gainward] F:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LanguageShortcut] "F:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DLA] F:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVP] "F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "F:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ISUSPM] "F:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MobileConnect.EXE] F:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [skuyy] f:\documents and settings\mark thurston\local settings\application data\skuyy.exe skuyy
O4 - HKCU\..\Run: [Antispyware] F:\Program Files\Antispyware\Antispyware.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\AVG\ANTI-V~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = F:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = F:\Program Files\WinTV\Ir.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\FROMPH~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkKEwXp - F:\WINDOWS\SYSTEM32\jkkKEwXp.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\AVG\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9580 bytes

-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-04 20:49:14 0 d-------- F:\Program Files\EsetOnlineScanner
2008-08-04 12:14:52 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\Malwarebytes
2008-08-04 12:13:35 0 d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-04 12:13:27 0 d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-08-03 22:11:36 0 d-------- F:\Program Files\Trend Micro
2008-08-01 16:12:09 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\Antispyware
2008-08-01 16:12:04 0 d-------- F:\Program Files\Antispyware
2008-08-01 12:39:37 0 d-------- F:\Program Files\temp
2008-08-01 12:39:09 96559 --a------ F:\WINDOWS\system32\drivers\klin.dat
2008-08-01 12:39:09 87855 --a------ F:\WINDOWS\system32\drivers\klick.dat
2008-08-01 12:38:48 18720 --ahs---- F:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-01 12:38:48 17310752 --ahs---- F:\WINDOWS\system32\drivers\fidbox.dat
2008-08-01 12:38:48 0 d-------- F:\Program Files\Kaspersky Lab
2008-08-01 12:38:48 0 d-------- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-31 21:52:55 0 d-------- F:\Program Files\Panda Security
2008-07-31 21:31:59 51869 --ahs---- F:\WINDOWS\system32\cIiOonnn.ini2
2008-07-31 21:31:54 323328 --a------ F:\WINDOWS\system32\nnnoOiIc.dll
2008-07-31 18:43:49 34176 --a------ F:\WINDOWS\system32\jkkKEwXp.dll
2008-07-31 18:43:17 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\TmpRecentIcons
2008-07-31 18:43:09 233472 --a------ F:\WINDOWS\wnslvxtf.dll
2008-07-31 18:43:09 94208 --a------ F:\WINDOWS\elfv.exe
2008-07-24 20:56:47 0 d-------- F:\Documents and Settings\All Users\Application Data\Codemasters
2008-07-24 20:56:28 0 d-------- F:\Program Files\OpenAL
2008-07-06 11:54:27 187392 --a------ F:\WINDOWS\system32\JPGUtils.dll
2008-07-06 11:54:26 0 d-------- F:\Program Files\WinCustomize
2008-07-06 11:54:26 0 d-------- F:\Program Files\Common Files\Stardock

-- Find3M Report ---------------------------------------------------------------

2008-08-01 12:33:37 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\AVG7
2008-07-31 19:03:34 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\LimeWire
2008-07-28 20:20:34 0 d--h----- F:\Program Files\InstallShield Installation Information
2008-07-28 12:44:46 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\AdobeUM
2008-07-17 13:02:50 2752512 --a------ F:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 23:28:19 0 d-------- F:\Program Files\OneStepSearch
2008-07-15 16:38:58 0 d-------- F:\Program Files\WinTV
2008-07-15 16:38:57 0 d-------- F:\Program Files\Windows Media Connect 2
2008-07-15 16:38:57 0 d-------- F:\Program Files\Messenger
2008-07-15 16:38:56 0 d-------- F:\Program Files\ASUS WiFi-AP Solo
2008-07-09 23:05:26 0 d-------- F:\Program Files\Video Converter
2008-07-06 11:54:26 0 d-------- F:\Program Files\Common Files
2008-07-01 17:24:11 16 --a------ F:\WINDOWS\popcinfo.dat
2008-07-01 17:22:39 0 d-------- F:\Documents and Settings\Mark Thurston\Application Data\.Torrent Swapper
2008-06-21 00:55:54 0 d-------- F:\Program Files\FileSubmit
2008-06-18 22:31:44 0 d-------- F:\Program Files\Object Desktop

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EC66E48-B863-4413-BC91-463D9CCA093B}]
31/07/2008 18:43 34176 --a------ F:\WINDOWS\system32\jkkKEwXp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95BE23E7-B9F6-479C-A017-126548A89E87}]
31/07/2008 21:31 323328 --a------ F:\WINDOWS\system32\nnnoOiIc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [13/07/2006 07:12]
"Ai Gear Help"="F:\Program Files\ASUS\Ai Gear\GearHelp.exe" [27/07/2006 20:39]
"Ai Nap"="F:\Program Files\ASUS\Ai Nap\AiNap.exe" [30/11/2006 11:23]
"Launch Ai Booster"="F:\Program Files\ASUS\AI Booster\OverClk.exe" [08/12/2006 15:24]
"Gainward"="F:\Program Files\XpertVision\TBPanel.exe" [23/04/2007 19:20]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [11/05/2007 06:03]
"nwiz"="nwiz.exe" [11/05/2007 06:03 F:\WINDOWS\system32\nwiz.exe]
"CloneCDTray"="F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [19/05/2005 14:47]
"LanguageShortcut"="F:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [05/12/2006 22:55]
"NeroFilterCheck"="F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"SoundMAXPnP"="F:\Program Files\Analog Devices\Core\smax4pnp.exe" [18/12/2006 14:34]
"DLA"="F:\WINDOWS\System32\DLA\DLACTRLW.EXE" [13/06/2006 06:20]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [11/05/2007 06:03]
"LogonStudio"="F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [03/09/2002 18:38]
"AVP"="F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [08/02/2008 18:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="F:\Program Files\Microsoft ActiveSync\wcescomm.exe" [20/06/2006 22:36]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"EPSON Stylus DX7400 Series"="F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [12/04/2007 07:00]
"ISUSPM"="F:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [29/03/2007 15:41]
"MobileConnect.EXE"="F:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" []
"Yahoo! Pager"="F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 17:43]
"skuyy"="f:\documents and settings\mark thurston\local settings\application data\skuyy.exe" [29/07/2008 21:33]
"Antispyware"="F:\Program Files\Antispyware\Antispyware.exe" [31/07/2008 17:01]

F:\Documents and Settings\Mark Thurston\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - F:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [04/02/2008 13:55:14]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [15/08/2007 15:24:45]
Adobe Reader Speed Launch.lnk - F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4EC66E48-B863-4413-BC91-463D9CCA093B}"= F:\WINDOWS\system32\jkkKEwXp.dll [31/07/2008 18:43 34176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKEwXp]
jkkKEwXp.dll 31/07/2008 18:43 34176 F:\WINDOWS\system32\jkkKEwXp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
F:\Program Files\Object Desktop\WindowBlinds\WindowBlinds\wbsrv.dll 29/04/2008 21:58 210168 F:\Program Files\Object Desktop\WindowBlinds\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 F:\WINDOWS\system32\nnnoOiIc

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbi06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winel53.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42abf856-1b96-11dd-8390-0015af220735}]
AutoRun\command- G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81afdec2-1b97-11dd-8391-0015af220735}]
AutoRun\command- G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81afdec3-1b97-11dd-8391-0015af220735}]
AutoRun\command- G:\StartVMCLite.exe

-- End of Deckard's System Scanner: finished at 2008-08-05 12:48:18 ------------

Deckards - extra.txt

kard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 2046.42 MiB / 1219.26 MiB
Pagefile Memory (total/avail): 3938.75 MiB / 3363.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.71 MiB

A: is Removable (No Media)
C: is Removable (No Media)
D: is CDROM (UDF)
E: is CDROM (CDFS)
F: is Fixed (NTFS) - 226.48 GiB total, 202.01 GiB free.
H: is Removable (No Media)
W: is Fixed (NTFS) - 14.65 GiB total, 12.97 GiB free.
X: is Fixed (NTFS) - 39.07 GiB total, 32.26 GiB free.
Y: is Fixed (NTFS) - 39.07 GiB total, 30.19 GiB free.
Z: is Fixed (NTFS) - 146.49 GiB total, 72.36 GiB free.

\\.\PHYSICALDRIVE0 - SAMSUNG HD501LJ - 465.76 GiB - 5 partitions
\PARTITION0 (bootable) - Installable File System - 226.48 GiB - F:
\PARTITION1 - Extended w/Extended Int 13 - 239.28 GiB - W: - X: - Y: - Z:

\\.\PHYSICALDRIVE1 - VIA-P VT6205-DevB USB Device

\\.\PHYSICALDRIVE2 - VIA-P VT6205-DevM USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Kaspersky Anti-Virus v7.0.1.325 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="F:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Mark Thurston\Application Data
CLIENTNAME=Console
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=MARK
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Mark Thurston
LOGONSERVER=\\MARK
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=F:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\MARKTH~1\LOCALS~1\Temp
TMP=F:\DOCUME~1\MARKTH~1\LOCALS~1\Temp
USERDOMAIN=MARK
USERNAME=Mark Thurston
USERPROFILE=F:\Documents and Settings\Mark Thurston
windir=F:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Mark Thurston (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "F:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> F:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> F:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> F:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> F:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> F:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> F:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FA7621DC-7144-4A24-973C-B9BC0E945628}\setup.exe" -l0x9
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe" -l0x9 -removeonly
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9 -removeonly
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe" -l0x9 -removeonly
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Across Lite Mobile - Pocket PC Edition 2.0.1.0 --> F:\Program Files\Binaryfish\Across Lite Mobile - Pocket PC Edition\uninst.exe
Adobe Flash Player 9 ActiveX --> F:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0 --> F:\WINDOWS\ISUNINST.EXE -f"F:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"F:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> F:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE F:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced Disk Cleaner --> MsiExec.exe /X{6C2EDF63-C83B-4AAD-AC26-1784660F618B}
AI Booster --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\setup.exe" -l0x9
AI Gear --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6B568B64-0BDE-4FB2-A1AB-8A41DF033C57}\setup.exe" -l0x9
AI Nap --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{E2216699-EA02-4B85-BAB1-1DF34C4BDF9D}\setup.exe" -l0x9
Antispyware --> MsiExec.exe /X{B5A97A4C-BBB8-4494-914E-F68C420B0B4F}
AnyDVD --> "F:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="F:\Program Files\SlySoft\AnyDVD"
Ashampoo ClipFinder 1.38 --> "F:\Program Files\Ashampoo\Ashampoo ClipFinder\unins000.exe"
Ashampoo Internet Accelerator 2.00 --> "F:\Program Files\Ashampoo\Ashampoo Internet Accelerator 2\unins000.exe"
Ashampoo StartUp Tuner 2.00 --> "F:\Program Files\Ashampoo\StartUp Tuner 2\unins000.exe"
Assassin's Creed --> F:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
ASUS WiFi-AP Solo --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE
ASUSUpdate --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
AVG Anti-Spyware 7.5 --> F:\Program Files\AVG\Anti-Spyware\AVG Anti-Spyware 7.5\Uninstall.exe
Bejeweled 2 Deluxe --> F:\WINDOWS\iun6002ev.exe "F:\Program Files\Games\Bejeweled 2 Deluxe\irunin.ini"
Brian Lara International Cricket 2005 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B157A698-7515-4AB0-95A0-072A305B52A8}\setup.exe" -l0x9
Call of Duty(R) 4 - Modern Warfare(TM) --> F:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Camera RAW Plug-In for EPSON Creativity Suite --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x9 UNINST
CloneCD --> "F:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="F:\Program Files\SlySoft\CloneCD"
CloneDVD2 --> "F:\Program Files\SlySoft\CloneDVD2\CloneDVD2-uninst.exe" /D="F:\Program Files\SlySoft\CloneDVD2"
Company of Heroes --> "Z:\Company Of Heroes\Company Of Heroes\Data\Uninstall_English.exe"
Company of Heroes - FAKEMSI --> MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Cool & Quiet --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
Dawn of War - Dark Crusade --> F:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
Dawn of War - Soulstorm --> "F:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Drive Erase Pro --> F:\Program Files\Nova Development\Drive Erase Pro\MediaBuilder.exe -uninstall
DVD Suite --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EA SPORTS Rugby 2005 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{38420AB3-8788-4DA2-A296-E8B6F328876F}\Setup.exe" -l0x9
EPSON Attach To Email --> F:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Printer Software --> F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> F:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual --> F:\Program Files\EPSON\TPMANUAL\ES_CX_DX\ENG\USE_G\DOCUNINS.EXE
EPSON Web-To-Page --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESET Online Scanner --> F:\WINDOWS\system32\OnlineScannerUninstaller.exe
EVGA Display Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
Far Cry --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l2057
Full Spectrum Warrior --> MsiExec.exe /I{0153A77C-A981-4A1F-BAA9-16A80FBC358A}
Gears of War --> F:\Program Files\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\Setup.exe -runfromtemp -l0x0409
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
GRID --> "F:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly
Hauppauge English Help Files and Resources --> F:\PROGRA~1\WinTV\UNHLPeng.EXE F:\PROGRA~1\WinTV\WTV2Keng.LOG
Hauppauge WinTV DVB-T EPG Service --> F:\WINDOWS\system32\UNWISE.EXE F:\WINDOWS\system32\UNEPGS~1.LOG
Hauppauge WinTV Infrared Remote --> F:\PROGRA~1\WinTV\UNir32.EXE F:\PROGRA~1\WinTV\ir32.LOG
Hauppauge WinTV Scheduler --> F:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.exe F:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.log
Hauppauge WinTV2000 --> F:\PROGRA~1\WinTV\UNTV32.EXE F:\PROGRA~1\WinTV\WINTV2K.LOG
High Definition Audio Driver Package - KB888111 --> F:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "F:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ImTOO MOV Converter --> F:\Program Files\Video Converter\Uninstall.exe
InterVideo FilterSDK for Hauppauge --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL
InterVideo MediaOne Gallery --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{34F0D55F-C386-4195-9A5B-961D3F6ACD46}\setup.exe" REMOVEALL
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
LimeWire 4.14.8 --> "W:\Limewire\uninstall.exe"
LogonStudio --> F:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE F:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP --> "F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
Microsoft Motocross Madness 2 --> "Z:\Moto Madness 2\Data\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Outlook 2007 --> MsiExec.exe /X{91120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook 2007 Trial --> "F:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOKR /dll OSETUP.DLL
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.16) --> W:\Firefox\uninstall\helper.exe
Music Alarm --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{4999E00F-EB5E-402E-B5AE-BB5710F77EEB}\setup.exe" -l0x9
Nero 7 Essentials --> MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641033}
Night and Day --> F:\PROGRA~1\FILESU~1\NIGHTA~1\UNWISE.EXE F:\PROGRA~1\FILESU~1\NIGHTA~1\INSTALL.LOG
NVIDIA ForceWare Network Access Manager --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
OneStep Search 1.0 build 174 --> F:\Program Files\OneStepSearch\uninstall.exe
Online Manuals for WinTV (English) --> F:\PROGRA~1\WinTV\UNTVmans.exe F:\PROGRA~1\WinTV\WinTVMan.LOG
OpenAL --> "F:\Program Files\OpenAL\OalinstGridRelease.exe" /U
Panda ActiveScan 2.0 --> F:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Probe II --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
POW --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CD277B3E-8043-496E-B83B-D53186A072AB} /l1033
PowerDVD --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerQuest PartitionMagic 8.0 --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QStart --> MsiExec.exe /I{E5867550-4146-4B75-BE3D-D34F279D90B1}
Rome - Total War - Gold Edition --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x9 -removeonly
Rugby Challenge 2006 --> Z:\Rugby Challenge\Data\uninstall.exe
Scary Story --> F:\PROGRA~1\FILESU~1\SCARYS~1\UNWISE.EXE F:\PROGRA~1\FILESU~1\SCARYS~1\INSTALL.LOG
Shockwave --> F:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE F:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic UDF Reader --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sony Picture Utility --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SoundMAX --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spb Full Screen Keyboard --> F:\Program Files\Microsoft ActiveSync\Spb Full Screen Keyboard\Uninstall.exe Spb Full Screen Keyboard
System Requirements Lab --> F:\Program Files\SystemRequirementsLab\Uninstall.exe
THE SETTLERS - Heritage of Kings (all products) --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}\setup.exe" -l0x9 -removeonly
The Sims 2 --> Z:\The Sims 2\Data\EAUninstall.exe
TrackMania United 0.2.0.8 --> "Z:\TrackMania United\Data\unins000.exe"
WindowBlinds --> F:\PROGRA~1\OBJECT~1\WINDOW~1\WINDOW~1\UNWISE.EXE F:\PROGRA~1\OBJECT~1\WINDOW~1\WINDOW~1\INSTALL.LOG
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> F:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u F:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Media Format 11 runtime --> "F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> F:\Program Files\WinRAR\uninstall.exe
Xpand Rally Xtreme --> F:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{025D4907-5D2E-4146-95F7-54E18BE087DA} /Z"UNINSTALL"
XpertVision 5.1 --> "F:\Program Files\XpertVision\unins000.exe"
Yahoo! Internet Mail --> F:\WINDOWS\system32\regsvr32 /u /s F:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> F:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U F:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type3785 / Error
Event Submitted/Written: 08/05/2008 07:04:02 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x088b0a7f.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type3784 / Error
Event Submitted/Written: 08/04/2008 11:32:06 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3783 / Error
Event Submitted/Written: 08/04/2008 08:15:51 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3773 / Error
Event Submitted/Written: 08/04/2008 07:47:51 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WCESMgr.exe, version 4.2.4875.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3764 / Error
Event Submitted/Written: 08/03/2008 09:46:32 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type20486 / Error
Event Submitted/Written: 08/05/2008 07:02:36 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type20485 / Error
Event Submitted/Written: 08/05/2008 07:02:15 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type20484 / Error
Event Submitted/Written: 08/05/2008 07:01:54 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission

fuzzy_monkey 0 Newbie Poster · Answer 2 · 2008-08-05T23:02:34+00:00

the thread didn't say so but later it says for another program not to fix or remove anything - it can do that at a later time if needed?

Should i run it again and get it to fix problems?

fuzzy_monkey 0 Newbie Poster · Answer 3 · 2008-08-06T16:51:16+00:00

Here is the new log from malwarebytes after removing selected

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2

07:37:51 06/08/2008
mbam-log-8-6-2008 (07-37-51).txt

Scan type: Full Scan (F:\|W:\|X:\|Y:\|Z:\|)
Objects scanned: 179501
Time elapsed: 1 hour(s), 29 minute(s), 17 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 5
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 30

Memory Processes Infected:
F:\documents and settings\mark thurston\local settings\application data\skuyy.exe (Adware.Navipromo) -> Unloaded process successfully.
F:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Unloaded process successfully.

Memory Modules Infected:
F:\WINDOWS\system32\nnnoOiIc.dll (Trojan.Vundo) -> Delete on reboot.
F:\Program Files\Antispyware\SpyCleaner.dll (Rogue.Antispyware) -> Delete on reboot.
F:\Program Files\Antispyware\TCL.dll (Rogue.Antispyware) -> Delete on reboot.
F:\Program Files\Antispyware\zlib.dll (Rogue.Antispyware) -> Delete on reboot.
F:\WINDOWS\system32\jkkKEwXp.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b6a1092-4221-4e60-a634-cbcc38772ae0} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5b6a1092-4221-4e60-a634-cbcc38772ae0} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestepsearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkkewxp (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f06e2abe-3a50-4079-be25-fc100d9eaa25} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4ec66e48-b863-4413-bc91-463d9cca093b} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: f:\windows\system32\nnnooiic -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: f:\windows\system32\nnnooiic -> Delete on reboot.

Folders Infected:
F:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Program Files\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Program Files\Antispyware\FilterDrv (Rogue.Antispyware) -> Quarantined and deleted successfully.

Files Infected:
F:\WINDOWS\system32\nnnoOiIc.dll (Trojan.Vundo) -> Delete on reboot.
F:\WINDOWS\system32\cIiOonnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\cIiOonnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy_navps.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy_nav.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
F:\Documents and Settings\Mark Thurston\Local Settings\Application Data\skuyy.exe (Adware.Navipromo) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\jkkKEwXp.dll (Trojan.BHO) -> Delete on reboot.
F:\WINDOWS\elfv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\WINDOWS\wnslvxtf.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
W:\Disk Cleaner\glk12.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
F:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully.
F:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Quarantined and deleted successfully.
F:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
F:\Program Files\OneStepSearch\osopt.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
F:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully.
F:\Program Files\OneStepSearch\uninstall.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware on the Web.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Program Files\Antispyware\Antispyware.url (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Program Files\Antispyware\DataBase.ref (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Program Files\Antispyware\Difxapi.dll (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Program Files\Antispyware\SpyCleaner.dll (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Program Files\Antispyware\TCL.dll (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Program Files\Antispyware\vistaCPtasks.xml (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Program Files\Antispyware\zlib.dll (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Program Files\Antispyware\FilterDrv\Antispyware.amd64.sys (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Program Files\Antispyware\FilterDrv\Antispyware.cat (Rogue.Antispyware) -> Quarantined and deleted successfully.
F:\Program Files\Antispyware\FilterDrv\Antispyware.inf (Rogue.Antispyware) -> Quarantined and deleted successfully.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 4 · 2008-08-06T17:37:13+00:00

You still need to reboot and run hijackthis again and post the log as jholland1964 requested.

fuzzy_monkey 0 Newbie Poster · Answer 5 · 2008-08-06T17:47:39+00:00

Here is the log from malwarebytes with the remove selected button pressed - sorry!