Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

winspyware protect? hijack logs included [RESOLVED]

Started by T5house , Jun 20 2008 02:58 PM

  • This topic is locked This topic is locked

#1
T5house
Posted 20 June 2008 - 02:58 PM

T5house

    Member

  • Member
  • PipPip
  • 10 posts
Hey guys.......great site. I'm totally new to this so please be gentle. I think I have winspywareprotect.....who knows? That's why I'm here......basically I got this blue screen with warning that spyware protect is on my machine.....HELP!

Here are my hijack logs and the uninstall logs....

HJ logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:30 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Owner\Desktop\VundoFix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P35 "EPSON Stylus CX4600 Series (Copy 1)" /O5 "LPT1:" /M "Stylus CX4600"
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P35 "EPSON Stylus CX4600 Series (Copy 2)" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WinSpywareProtect] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - Startup: AlphaWipe Tracks Cleaner.lnk = C:\Program Files\AlphaWipe Tracks Cleaner 2008\alphawipe.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


And now the Uninstall Logs:

Adobe Flash Player ActiveX
Adobe Reader 7.0.9
AlphaWipe Tracks Cleaner 2008
AOL You've Got Pictures Screensaver
AppCore
ArcSoft Software Suite
AT&T Yahoo! Applications
AV
avast! Antivirus
AXPDefender
BigFix
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 1.0
Canon MP470 series
Canon MP470 series User Registration
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
ccCommon
Clifford Phonics
Digital Media Reader
Disney's Active Play, A Bug's Life Demo
Disney's Dinosaur
Drome Racers
Emperors New Groove
EPSON CardMonitor
EPSON Copy Utility 3
EPSON CX4600 Reference Guide
EPSON PhotoStarter3.2
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
GameSpy Arcade
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
InterActual Player
Learn2 Player (Uninstall Only)
LiveUpdate 3.2 (Symantec Corporation)
Luxor (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Midnight Outlaw Illegal Street Drag Nitro Edition
MP4-based Video Downloader
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Napster
Napster Burn Engine
Nero BurnRights
Nero OEM
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
Phonics 4 Kids
PhoTags Express
PIXMA Extended Survey Program
Polar Bowler from WildGames (remove only)
Polar Golfer from WildGames (remove only)
PowerDVD
QuickTime
Reader Rabbit 1
RealPlayer Basic
Realtek AC'97 Audio
Recovery Software Suite eMachines
ScanSoft OmniPage SE 4
ScanToWeb
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
SoftV92 Data Fax Modem with SmartCP
SPBBC 32bit
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VGA Dual Camera
Viewpoint Media Player
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
  • 0

Advertisements

#2
Essexboy
Posted 08 July 2008 - 03:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, could I have a fresh look at your system

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Essexboy
Posted 13 July 2008 - 05:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Essexboy
Posted 14 July 2008 - 01:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#5
T5house
Posted 15 July 2008 - 01:39 PM

T5house

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I've been trying to run the DSS and my system keeps bringing up an error stating that an error has occured and gives me an option to send or not to send in the error log. It wont let my run the DSS.

This may be a stupid question.........Can I run this in safe mode?
  • 0

#6
Essexboy
Posted 15 July 2008 - 02:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes you can .. Or you can try this analysis programme

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • Reg - Disabled MS Config Items
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#7
T5house
Posted 16 July 2008 - 07:34 PM

T5house

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Attached File  OTScanIt.Txt   197.14KB   116 downloads
  • 0

#8
Essexboy
Posted 17 July 2008 - 01:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok that let me see what is amiss :)

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ~EmptyValue -> []
YN -> AXPDefender -> %ProgramFiles%\AXPDefender\AXPDefender.exe [C:\Program Files\AXPDefender\AXPDefender.exe]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> WinSpywareProtect -> %AllUsersProfile%\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe ["C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun]
< Run [HKEY_USERS\S-1-5-21-3134751512-523052640-1245156356-1003\] > -> HKEY_USERS\S-1-5-21-3134751512-523052640-1245156356-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> WinSpywareProtect -> %AllUsersProfile%\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe ["C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe[Virtools WebPlayer Class]
[Files/Folders - Created Within 90 days]
NY -> ctfmonb.bmp -> %SystemRoot%\System32\ctfmonb.bmp
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> Adsl Software Limited -> %AllUsersProfile%\Application Data\Adsl Software Limited
NY -> AXPDefender -> %AppData%\AXPDefender
NY -> AXPDefender -> %ProgramFiles%\AXPDefender
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> Adsl Software Limited -> %AllUsersProfile%\Application Data\Adsl Software Limited
NY -> AXPDefender -> %AppData%\AXPDefender
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

THEN

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : OTScanit report and MBAM
  • 0

#9
T5house
Posted 18 July 2008 - 05:42 PM

T5house

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
WOW thanks....that was fast.........the only issue I had was uploading the logs back into this reply. Kept getting an error that I did not have permission to upload this type of file.............soooooooo......I pasted them below.

Another OTScan log: Hijack log below

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\~EmptyValue deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AXPDefender deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinSpywareProtect deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3134751512-523052640-1245156356-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinSpywareProtect not found.
Starting removal of ActiveX control {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}\ deleted successfully.
[Files/Folders - Created Within 90 days]
C:\WINDOWS\System32\ctfmonb.bmp moved successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\BASE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Packages folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender folder moved successfully.
C:\Program Files\AXPDefender folder moved successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\All Users\Application Data\Adsl Software Limited not found!
File C:\Documents and Settings\Owner\Application Data\AXPDefender not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_dd0.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_698.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 07182008_182812

Files moved on Reboot...
File C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_dd0.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_698.dat not found!

HIJACK LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:22 PM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P35 "EPSON Stylus CX4600 Series (Copy 1)" /O5 "LPT1:" /M "Stylus CX4600"
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P35 "EPSON Stylus CX4600 Series (Copy 2)" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9974 bytes
  • 0

#10
T5house
Posted 18 July 2008 - 05:57 PM

T5house

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
MBAM LOG:

Malwarebytes' Anti-Malware 1.20
Database version: 965
Windows 5.1.2600 Service Pack 2

6:55:39 PM 7/18/2008
mbam-log-7-18-2008 (18-55-39).txt

Scan type: Quick Scan
Objects scanned: 49844
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 311

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alphawipe tracks cleaner 2008_is1 (Rogue.AlphaWipe) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AlphaWipe Tracks Cleaner 2008 (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Download (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\interface (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AlphaWipe Tracks Cleaner 2008 (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Data (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Data\run_backup (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Logs (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Settings (Rogue.PrivacyKit) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\alphawipe.url (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\pkill.exe (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\pv.dat (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\unins000.dat (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\up.dat (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\upd.exe (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\interface\English.lng (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ebay_tb.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ebay_tb.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\googl.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\googl_10.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\googl_10.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\googl_11.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\googl_11.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\googl_deskbar.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\googl_deskbar.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\groups.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie7_autocomplete.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie7_autocomplete.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_autocomplete.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_autocomplete.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_bho.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_bho.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_cache.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_cache.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_cookies.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_cookies.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_ext.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_ext.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_favorites.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_favorites.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_menuext.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_menuext.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_pubwiz.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_pubwiz.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_sassist.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_sassist.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_typedurls.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\ie_typedurls.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_bookmarks.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_bookmarks.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_cache.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_cache.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_cookies.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_cookies.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_formhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_formhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_gtb.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_gtb.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_lochistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_lochistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_signons.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\mozilla_signons.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\msn_tb.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\msn_tb.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_autocomplete.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_autocomplete.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_bookmarks.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_bookmarks.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_cache.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_cache.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_contacts.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_contacts.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_cookies.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_cookies.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_notes.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera9_notes.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_autocomplete.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_autocomplete.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_bookmarks.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_bookmarks.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_cache.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_cache.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_contacts.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_contacts.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_cookies.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_cookies.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_notes.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\opera_notes.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\tb_googl.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\tb_yahoo.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\tb_yahoo.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\yahoo_mess.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\yahoo_mess.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\yahoo_tb.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\browsers\yahoo_tb.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee30_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee30_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee30_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee40_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee40_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee40_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee50_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee50_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee50_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee60_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee60_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee60_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee70_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee70_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee70_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee80_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee80_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acdsee80_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acroread40_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acroread40_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acroread40_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acroread50_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acroread50_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acroread50_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acroread60_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acroread60_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\acroread60_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\aftp_rhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\aftp_rhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\aim60.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\aim60.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\aim60.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\aph60_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\aph60_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\aph60_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\aph70_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\aph70_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\aph70_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\axiaw_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\axiaw_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\ccftp_rhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\ccftp_rhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\ccga_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\ccga_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\cftphe_rhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\cftphe_rhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\cftppe_rhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\cftppe_rhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\cftp_rhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\cftp_rhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\divx.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\divx.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\dm.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\dm.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\dm.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\emule_logs.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\emule_logs.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\emule_logs.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\far.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\far.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\far.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\frontpage_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\frontpage_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\gr.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\gr.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\groups.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\htmlhelp.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\htmlhelp_cfiles_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\htmlhelp_cfiles_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\htmlhelp_pfiles_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\htmlhelp_pfiles_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\htmlhelp_rfiles_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\htmlhelp_rfiles_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\icq2002a.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\icq2002a.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\icq2003a.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\icq2003a.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\icq2003b.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\icq2003b.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\im.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\innosetup_mru.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\innosetup_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\innosetup_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\mdw30.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\mdw30.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\mdw40.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\mdw40.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\mdwmx.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\mdwmx.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\mfmx.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\mfmx.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\mfwmx.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\mfwmx.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\miranda.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\miranda.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\miranda.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\mphe30_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\mphe30_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\mphe30_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\msnm_rf.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\msnm_rf.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\msnm_rf.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\nerobr_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\nerobr_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\nerobr_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\oe.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\oe.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\oe_dbx.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\oe_dbx.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\picozip_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\picozip_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\vdub_mru.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\vdub_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\vdub_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wa.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wa.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wa.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wace_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wace_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\winace_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\winace_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wmp.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wmp_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wmp_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wrar_archistory.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wrar_archistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wrar_archistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wrar_dialogedithistory.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wrar_dialogedithistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wrar_dialogedithistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wzip_archistory.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wzip_archistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wzip_archistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wzip_dirhistory.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wzip_dirhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\wzip_dirhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\za_logs.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\za_logs.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\zipmagic_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\zipmagic_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\msoffice\zl.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_compdesc.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_compdesc.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_lastvisitedmru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_lastvisitedmru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_logonuname.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_logonuname.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_mapnetdrivemru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_mapnetdrivemru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_opensavemru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_opensavemru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_openwithhist.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_openwithhist.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_recentdocs.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_recentdocs.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_run.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_run.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_streammru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_streammru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_userassist.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_userassist.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_wallpapermru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_wallpapermru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_wgcrawlerprinters.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_wgcrawlerprinters.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_wgcrawlershares.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\e_wgcrawlershares.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\groups.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\r_run.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\r_run.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\t_bitbucket.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\t_bitbucket.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\t_temp.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\t_temp.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\w_arpcache.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\w_arpcache.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\w_bagmru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\w_bagmru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\w_muicache.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Plugins\windows\w_muicache.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AlphaWipe Tracks Cleaner 2008\AlphaWipe Tracks Cleaner 2008 on the Web.lnk (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AlphaWipe Tracks Cleaner 2008\AlphaWipe Tracks Cleaner 2008.lnk (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AlphaWipe Tracks Cleaner 2008\Uninstall AlphaWipe Tracks Cleaner 2008.lnk (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Logs\08_06_2008_10_17_25_562.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Logs\08_06_2008_10_35_47_968.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Logs\08_06_2008_18_50_15_425.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Logs\08_06_2008_21_51_20_93.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Logs\08_06_2008_22_14_46_312.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Logs\08_06_2008_22_18_51_421.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Logs\09_07_2008_13_49_14_359.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Logs\12_06_2008_21_24_14_593.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Logs\14_06_2008_15_45_30_312.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Logs\15_06_2008_09_05_49_234.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Logs\15_06_2008_10_23_44_453.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Logs\21_06_2008_08_36_17_703.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_25_30.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_26_40.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_27_18.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_27_57.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_28_29.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_28_59.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_29_48.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_30_59.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_31_55.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_32_51.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_36_19.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_36_37.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_36_56.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Quarantine\12_06_2008_21_37_10.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\AlphaWipe\Settings\psettings.txt (Rogue.PrivacyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\AlphaWipe Tracks Cleaner 2008.lnk (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AlphaWipe Tracks Cleaner 2008.lnk (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
  • 0

Advertisements

#11
Essexboy
Posted 19 July 2008 - 04:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now try DSS again

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#12
T5house
Posted 21 July 2008 - 04:46 PM

T5house

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 1518.73 MiB / 946.92 MiB
Pagefile Memory (total/avail): 2115.3 MiB / 1610.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.73 MiB

C: is Fixed (NTFS) - 89.86 GiB total, 78.81 GiB free.
D: is Fixed (FAT32) - 3.3 GiB total, 1.13 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3100011A - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 89.86 GiB - C:
\PARTITION1 - Unknown - 3.3 GiB - D:

\\.\PHYSICALDRIVE5 - Canon MP470 series USB Device

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Security Online v2007 (Symantec Corporation)
AV: Norton Security Online v2007 (Symantec Corporation)
AV: avast! antivirus 4.8.1201 [VPS 080721-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SISSY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\SISSY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=SISSY
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
T-DOG (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP470 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series /L0x0009
Canon MP470 series User Registration --> C:\Program Files\Canon\IJEREG\MP470 series\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Clifford Phonics --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}\Setup.exe" -l0x9
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Disney's Active Play, A Bug's Life Demo --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\DISNEY~1\DeIsL1.isu
Disney's Dinosaur --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\Dinosaur\DeIsL1.isu
Drome Racers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}\Setup.exe" -l0x9
Emperors New Groove --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\EMPERO~1\DeIsL1.isu
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x9 -UnInstall
EPSON CX4600 Reference Guide --> C:\Program Files\epson\guide\cx4600_e\uninstall.exe
EPSON PhotoStarter3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE704636-ECD0-426C-952E-05B8DABD1949}\Setup.exe" -l0x9 uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Luxor (remove only) --> "C:\Program Files\MumboJumbo\Luxor\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Midnight Outlaw Illegal Street Drag Nitro Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{750CDE2E-BC67-4032-A71C-72F7B093731E}\setup.exe"
MP4-based Video Downloader --> MsiExec.exe /X{600CF34A-89F8-4A30-9039-BF5C20C5E84E}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\Setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Phonics 4 Kids --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Phonics\DeIsL2.isu" -cC:\PROGRA~1\Phonics\_ISREG32.DLL
PhoTags Express --> C:\PROGRA~1\PHOTAG~1\Setup.exe /remove
PIXMA Extended Survey Program --> C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Polar Bowler from WildGames (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\023782E7-308A-4278-9762-947348D4DF34\Uninstall.exe"
Polar Golfer from WildGames (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\169E7C03-35E3-4E8A-855F-225246CE3E5E\Uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Reader Rabbit 1 --> C:\WINDOWS\uninst.exe -fC:\tlcwin\rr1\uninstal\DeIsL1.isu
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Recovery Software Suite eMachines --> MsiExec.exe /I{15377C3E-9655-400F-B441-E69F0A6BEAFE}
ScanSoft OmniPage SE 4 --> MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
VGA Dual Camera --> MsiExec.exe /X{44E75850-B838-43D2-8F37-84D3FB71FF6E}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type9984 / Error
Event Submitted/Written: 07/19/2008 09:47:53 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type9983 / Error
Event Submitted/Written: 07/19/2008 09:47:53 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type9982 / Error
Event Submitted/Written: 07/19/2008 09:47:53 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type9981 / Error
Event Submitted/Written: 07/19/2008 09:47:52 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type9888 / Error
Event Submitted/Written: 07/15/2008 08:37:51 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 538819053.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type19614 / Error
Event Submitted/Written: 07/18/2008 06:28:09 PM
Event ID/Source: 6161 / Print
Event Description:
The document http://www.geekstogo...t-hijack-logs-i owned by Owner failed to print on printer Canon MP470 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 2359296. Number of bytes printed: 1991884. Total number of pages in the document: 9. Number of pages printed: 0. Client machine: \\SISSY. Win32 error code returned by the print processor: http://www.geekstogo...-hijack-logs-i0. http://www.geekstogo...-hijack-logs-i1

Event Record #/Type19585 / Error
Event Submitted/Written: 07/16/2008 09:58:36 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type19582 / Error
Event Submitted/Written: 07/16/2008 09:57:38 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSP
eeCtrl
Fips
intelppm
SPBBCDrv
SRTSPX
SYMTDI

Event Record #/Type19581 / Error
Event Submitted/Written: 07/16/2008 09:56:23 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-07-21 17:43:25 ------------



-Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-21 17:40:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
6: 2008-07-15 13:27:40 UTC - RP301 - Deckard's System Scanner Restore Point
5: 2008-07-09 18:54:35 UTC - RP300 - Software Distribution Service 3.0
4: 2008-06-21 14:22:05 UTC - RP299 - Software Distribution Service 3.0
3: 2008-06-13 02:38:11 UTC - RP298 - Software Distribution Service 3.0
2: 2008-06-08 15:37:07 UTC - RP297 - Last good restore point


-- First Restore Point --
1: 2008-06-08 15:36:54 UTC - RP296 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:35 PM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P35 "EPSON Stylus CX4600 Series (Copy 1)" /O5 "LPT1:" /M "Stylus CX4600"
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P35 "EPSON Stylus CX4600 Series (Copy 2)" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10433 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 IJPLMSVC (PIXMA Extended Survey Program) - c:\program files\canon\ijplm\ijplmsvc.exe <Not Verified; ; IJPLMSVC>

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-02 21:18:17 576 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Owner.job


-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-18 18:45:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-18 18:45:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-18 18:45:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware


-- Find3M Report ---------------------------------------------------------------

2008-07-21 17:42:11 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-14 16:00:59 0 d-------- C:\Program Files\Trend Micro
2008-06-08 21:23:24 0 d-------- C:\Program Files\Alwil Software
2008-06-08 19:20:50 0 d-------- C:\Program Files\Enigma Software Group
2008-06-08 10:23:27 2778 --a------ C:\Documents and Settings\Owner\Application Data\update.log
2008-05-29 12:52:06 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-15 16:58:38 1596 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 05:04 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/11/2005 11:23 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 05:55 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 05:51 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 10:24 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"EPSON Stylus CX4600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.exe" [03/04/2004 04:00 AM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 02:00 PM]
"EPSON Stylus CX4600 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.exe" [03/04/2004 04:00 AM]
"EPSON Stylus CX4600 Series (Copy 2)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.exe" [03/04/2004 04:00 AM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 04:42 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 02:11 AM]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" [03/28/2005 08:24 PM]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [05/14/2007 08:01 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 10:03 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [02/04/2007 01:02 PM]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/03/2007 08:50 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"OOBEDDDemise"=cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [5/11/2005 11:15:25 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [5/11/2005 11:24:13 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-07-21 17:43:25 ------------
  • 0

#13
Essexboy
Posted 22 July 2008 - 11:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The big question now - How is your system running ?
  • 0

#14
T5house
Posted 22 July 2008 - 01:56 PM

T5house

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
My system is running alot better than it was with all the bugs on there! It was a little slow last night.

You have been a HUGE help in this matter. From the logs...........does the virus seem to be completely gone?
  • 0

#15
Essexboy
Posted 22 July 2008 - 02:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

Double click OTScanit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTScanit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)

If you follow that up with a drive defrag you should be hot to trot
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP