Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SystemErrorFix Malware [RESOLVED]


  • This topic is locked This topic is locked

#1
nickjill

nickjill

    New Member

  • Member
  • Pip
  • 7 posts
Hi everyone. I was hoping that someone could help me remove this particularly annoying problem. I received a popup asking to install, of course I clicked no, but it downloaded anyway. I am new to this, so please bear with me. I appreciate your time and any help you can offer.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets have a look to see what is on your system

Download & Run HijackThis.exe

  • Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


THEN

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
nickjill

nickjill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Heres the info you asked for..... again thanks for your time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:23 AM, on 4/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TB&M=M-1625
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.n...newsroom.portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TB&M=M-1625
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TB&M=M-1625
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TB&M=M-1625
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\nickjill\AppData\Local\Temp\bYOEWQkL.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\nickjill\AppData\Local\Temp\vtUnopmm.dll,c
O4 - HKCU\..\Run: [2c39767c] rundll32.exe "C:\Users\nickjill\AppData\Local\Temp\thtdntgx.dll",b
O4 - HKCU\..\Run: [BM2f0a45e0] Rundll32.exe "C:\Users\nickjill\AppData\Local\Temp\whnnfhjr.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8145 bytes

I am going to run DSS now. Thanks again.
  • 0

#4
nickjill

nickjill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Heres the DSS results

Deckard's System Scanner v20071014.68
Run by nickjill on 2008-04-26 10:14:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
6: 2008-04-24 00:24:38 UTC - RP41 - Removed Napster Burn Engine
5: 2008-04-24 00:24:20 UTC - RP40 - Removed Napster
4: 2008-04-24 00:14:17 UTC - RP38 - Windows Update
3: 2008-04-22 15:12:56 UTC - RP37 - Windows Update
2: 2008-04-22 11:55:47 UTC - RP36 - Windows Update


-- First Restore Point --
1: 2008-04-16 22:04:48 UTC - RP35 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as nickjill.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:15 AM, on 4/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\explorer.exe
C:\Users\nickjill\Desktop\dss.exe
c:\windows\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\nickjill.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TB&M=M-1625
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.n...newsroom.portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TB&M=M-1625
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TB&M=M-1625
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TB&M=M-1625
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\nickjill\AppData\Local\Temp\bYOEWQkL.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\nickjill\AppData\Local\Temp\vtUnopmm.dll,c
O4 - HKCU\..\Run: [2c39767c] rundll32.exe "C:\Users\nickjill\AppData\Local\Temp\thtdntgx.dll",b
O4 - HKCU\..\Run: [BM2f0a45e0] Rundll32.exe "C:\Users\nickjill\AppData\Local\Temp\whnnfhjr.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8111 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 rpcnet (Remote Procedure Call (RPC) Net) - c:\windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
R2 STacSV (SigmaTel Audio Service) - c:\program files\idt\wdm\stacsv.exe <Not Verified; IDT, Inc.; IDT Audio>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-14 10:45:01 552 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - nickjill.job


-- Files created between 2008-03-26 and 2008-04-26 -----------------------------

2008-04-26 10:08:02 0 d-------- C:\Program Files\Trend Micro
2008-04-24 22:15:03 3066 --a------ C:\Windows\system32\tmp.reg
2008-04-22 08:42:09 232074 --a------ C:\Windows\Burn4Free_Toolbar_Uninstaller_2315.exe <Not Verified; Burn4Free; Burn4Free CD and DVD>
2008-04-22 08:42:06 0 d-------- C:\Program Files\Burn4Free Toolbar
2008-04-22 08:42:01 0 d-------- C:\Program Files\Burn4Free
2008-04-21 16:52:21 0 d-------- C:\Program Files\GameSpy Arcade
2008-04-21 16:52:00 0 d-------- C:\Program Files\MSXML 4.0
2008-04-21 14:02:03 0 d-------- C:\Windows\system32\vso_loc
2008-04-21 12:54:40 45056 --a------ C:\Windows\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-04-21 12:54:40 16877 --a------ C:\Windows\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-04-21 12:54:40 0 d-------- C:\Program Files\Free Create-Burn ISO Image
2008-04-21 11:23:48 0 d-------- C:\Program Files\LimeWire
2008-04-20 21:43:40 0 d-------- C:\Users\All Users\DVD Shrink
2008-04-20 21:43:38 0 d-------- C:\Program Files\DVD Shrink
2008-04-20 21:42:38 0 d-------- C:\Program Files\dvdshrink32setup
2008-04-20 21:30:46 0 d-------- C:\Program Files\vso
2008-04-20 20:31:50 0 d-------- C:\Program Files\DVD Decrypter
2008-04-20 19:26:30 0 d-------- C:\DVD Temp
2008-04-20 18:18:46 0 d-------- C:\Program Files\Roms
2008-04-16 18:20:57 47104 --a------ C:\Windows\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-04-16 18:20:26 47104 --a------ C:\Windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-04-13 16:19:29 0 dr------- C:\Users\nickjill\Searches
2008-04-13 16:19:16 0 dr------- C:\Users\nickjill\Contacts
2008-04-13 16:19:07 0 dr------- C:\Users\nickjill\Videos
2008-04-13 16:19:07 0 d--hs---- C:\Users\nickjill\Templates
2008-04-13 16:19:07 0 d--hs---- C:\Users\nickjill\Start Menu
2008-04-13 16:19:07 0 d--hs---- C:\Users\nickjill\SendTo
2008-04-13 16:19:07 0 dr------- C:\Users\nickjill\Saved Games
2008-04-13 16:19:07 0 d--hs---- C:\Users\nickjill\Recent
2008-04-13 16:19:07 0 d--hs---- C:\Users\nickjill\PrintHood
2008-04-13 16:19:07 0 dr------- C:\Users\nickjill\Pictures
2008-04-13 16:19:07 1310720 --ahs---- C:\Users\nickjill\NTUSER.DAT
2008-04-13 16:19:07 0 d--hs---- C:\Users\nickjill\NetHood
2008-04-13 16:19:07 0 d--hs---- C:\Users\nickjill\My Documents
2008-04-13 16:19:07 0 dr------- C:\Users\nickjill\Music
2008-04-13 16:19:07 0 d--hs---- C:\Users\nickjill\Local Settings
2008-04-13 16:19:07 0 dr------- C:\Users\nickjill\Links
2008-04-13 16:19:07 0 dr------- C:\Users\nickjill\Favorites
2008-04-13 16:19:07 0 dr------- C:\Users\nickjill\Downloads
2008-04-13 16:19:07 0 dr------- C:\Users\nickjill\Documents
2008-04-13 16:19:07 0 dr------- C:\Users\nickjill\Desktop
2008-04-13 16:19:07 0 d--hs---- C:\Users\nickjill\Cookies
2008-04-13 16:19:07 0 d--hs---- C:\Users\nickjill\Application Data
2008-04-13 16:19:07 0 d--h----- C:\Users\nickjill\AppData
2008-04-13 16:15:24 0 d--hs---- C:\Users\Default\Templates
2008-04-13 16:15:24 0 d--hs---- C:\Users\Default\Start Menu
2008-04-13 16:15:24 0 d--hs---- C:\Users\Default\SendTo
2008-04-13 16:15:24 0 d--hs---- C:\Users\Default\Recent
2008-04-13 16:15:24 0 d--hs---- C:\Users\Default\Local Settings
2008-04-13 16:15:24 0 d--hs---- C:\Users\All Users\Templates
2008-04-13 16:15:24 0 d--hs---- C:\Users\All Users\Start Menu
2008-04-13 16:15:24 0 d--hs---- C:\Users\All Users\Favorites
2008-04-13 16:15:24 0 d--hs---- C:\Users\All Users\Documents
2008-04-13 16:15:24 0 d--hs---- C:\Users\All Users\Desktop
2008-04-13 16:15:24 0 d--hs---- C:\Users\All Users\Application Data
2008-04-13 16:15:24 0 d--hs---- C:\Documents and Settings
2008-04-13 16:15:23 0 d--hs---- C:\Users\Default\PrintHood
2008-04-13 16:15:23 0 d--hs---- C:\Users\Default\NetHood
2008-04-13 16:15:23 0 d--hs---- C:\Users\Default\My Documents
2008-04-13 16:15:23 0 d--hs---- C:\Users\Default\Cookies
2008-04-13 16:15:23 0 d--hs---- C:\Users\Default\Application Data


-- Find3M Report ---------------------------------------------------------------

2008-04-26 10:00:27 17408 --a------ C:\Windows\system32\rpcnetp.exe
2008-04-23 20:46:26 0 d-------- C:\Program Files\Google
2008-04-23 20:26:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-23 20:25:53 0 d-------- C:\Program Files\Common Files
2008-04-21 16:46:31 0 d-------- C:\Program Files\Microsoft Games
2008-04-21 16:08:58 0 d-------- C:\Users\nickjill\AppData\Roaming\LimeWire
2008-04-16 18:18:42 17408 --a------ C:\Windows\system32\rpcnetp.dll
2008-04-16 18:17:23 0 d-------- C:\Program Files\Norton Internet Security
2008-04-16 18:17:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-16 18:16:19 0 d-------- C:\Program Files\Windows Mail
2008-04-16 18:13:12 0 d-------- C:\Program Files\Symantec
2008-04-16 18:09:33 0 d-------- C:\Program Files\Java
2008-04-14 16:28:44 0 d-------- C:\Users\nickjill\AppData\Roaming\Move Networks
2008-04-14 13:37:38 0 d-------- C:\Users\nickjill\AppData\Roaming\Adobe
2008-04-14 10:02:29 0 d-------- C:\Users\nickjill\AppData\Roaming\Macromedia
2008-04-13 19:35:21 0 d-------- C:\Users\nickjill\AppData\Roaming\SampleView
2008-04-13 16:29:40 0 d-------- C:\Users\nickjill\AppData\Roaming\WildTangent
2008-04-13 16:22:17 0 d-------- C:\Users\nickjill\AppData\Roaming\Google
2008-04-13 16:19:58 0 d-------- C:\Users\nickjill\AppData\Roaming\ATI
2008-04-13 16:19:51 0 d-------- C:\Users\nickjill\AppData\Roaming\Symantec
2008-04-13 16:19:19 0 d-------- C:\Users\nickjill\AppData\Roaming\Identities
2008-03-10 12:23:01 223744 --a------ C:\Windows\system32\b4fm.dll
2008-02-28 06:20:09 0 --a------ C:\Windows\ativpsrm.bin
2008-02-28 06:16:11 0 d-------- C:\Program Files\Gateway Games
2008-02-28 06:12:02 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-28 06:11:12 0 d-------- C:\Program Files\Microsoft Money 2007
2008-02-28 06:08:57 0 d-------- C:\Program Files\MSN Messenger
2008-02-28 06:08:47 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-02-28 06:08:24 0 d-------- C:\Program Files\NetZero
2008-02-28 06:08:21 0 d-------- C:\Program Files\Acceller
2008-02-28 06:07:12 0 d-------- C:\Program Files\Common Files\Java
2008-02-28 06:05:39 0 d-------- C:\Program Files\Microsoft.NET
2008-02-28 06:03:03 0 d-------- C:\Program Files\BigFix
2008-02-28 06:02:25 0 d-------- C:\Program Files\CyberLink
2008-02-28 06:01:47 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-28 05:59:48 0 d-------- C:\Program Files\Microsoft Works
2008-02-28 05:58:21 0 d-------- C:\Program Files\eBay
2008-02-28 05:58:17 0 d-------- C:\Program Files\AOL 9.0
2008-02-28 05:57:15 0 d-------- C:\Program Files\ATI Technologies
2008-02-28 05:54:47 0 d-------- C:\Program Files\ATI
2008-02-28 05:53:38 0 d-------- C:\Program Files\Camera Assistant Software for Gateway
2008-02-28 05:52:18 0 d-------- C:\Program Files\Synaptics
2008-02-28 05:51:12 0 d-------- C:\Program Files\REALTEK USB Wireless LAN Driver
2008-02-28 05:49:35 0 d-------- C:\Program Files\Realtek
2008-02-28 05:48:13 0 d-------- C:\Program Files\IDT
2008-02-28 05:48:03 0 d-------- C:\Program Files\Sigmatel


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 07:51 AM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
04/14/2008 10:26 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
04/22/2008 08:42 AM 806912 --a------ C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 07:51 AM 316784]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll [04/22/2008 08:42 AM 806912]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[-HKEY_CLASSES_ROOT\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/20/2008 10:23 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/14/2008 11:01 AM]
"SigmatelSysTrayApp"="sttray.exe" [09/06/2007 10:23 PM C:\Windows\sttray.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/26/2007 05:38 AM]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Gateway\traybar.exe" [09/13/2007 06:09 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 04:35 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/12/2008 02:16 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/20/2008 10:25 PM]
"MSServer"="C:\Users\nickjill\AppData\Local\Temp\bYOEWQkL.dll,#1" []
"cmds"="C:\Users\nickjill\AppData\Local\Temp\vtUnopmm.dll,c" []
"2c39767c"="C:\Users\nickjill\AppData\Local\Temp\thtdntgx.dll,b" []
"BM2f0a45e0"="C:\Users\nickjill\AppData\Local\Temp\whnnfhjr.dll,s" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2/28/2008 6:03:03 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-26 10:18:50 ------------

And heres the Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-60
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1917.38 MiB / 1245.24 MiB
Pagefile Memory (total/avail): 4079.3 MiB / 3141.49 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.73 MiB

C: is Fixed (NTFS) - 221.84 GiB total, 191.36 GiB free.
D: is Fixed (NTFS) - 11.04 GiB total, 5.23 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500BEVS-22UST0 ATA Device - 232.88 GiB - 2 partitions
\PARTITION0 - Installable File System - 11.04 GiB - D:
\PARTITION1 (bootable) - Installable File System - 221.84 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton Internet Security v15.0.0.60 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\nickjill\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=POOPYHEAD
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\nickjill
LOCALAPPDATA=C:\Users\nickjill\AppData\Local
LOGONSERVER=\\POOPYHEAD
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\nickjill\AppData\Local\Temp
TMP=C:\Users\nickjill\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
USERDOMAIN=poopyhead
USERNAME=nickjill
USERPROFILE=C:\Users\nickjill
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

nickjill


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\Gateway Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\Gateway Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\Gateway Games\Build-a-lot\Uninstall.exe"
--> "C:\Program Files\Gateway Games\FATE\Uninstall.exe"
--> "C:\Program Files\Gateway Games\Gateway Game Console\Uninstall.exe"
--> "C:\Program Files\Gateway Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\Gateway Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\Gateway Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\Gateway Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\Gateway Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Agere Systems HDA Modem --> agrsmdel
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
BigFix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Browser Address Error Redirector --> regsvr32 /u /s "c:\windows\system32\BAE.dll"
Burn4Free CD and DVD --> "C:\Program Files\Burn4Free\uninstall.exe"
Burn4Free Toolbar --> "C:\Windows\Burn4Free_Toolbar_Uninstaller_2315.exe" _?=C:\Program Files\Burn4Free Toolbar
Camera Assistant Software for Gateway --> C:\Program Files\InstallShield Installation Information\{39098402-3F7A-4257-A4AE-FC1181D1B40B}\setup.exe -runfromtemp -l0x0009
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
CopyToDVD --> "C:\Program Files\vso\CopyToDVD\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Free Create-Burn ISO Image v2.0 --> "C:\Program Files\Free Create-Burn ISO Image\unins000.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Gateway Connect --> MsiExec.exe /I{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}
Gateway Games --> "C:\Program Files\Gateway Games\Uninstall.exe"
Gateway Recovery Center Installer --> MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IDT Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07D8511D-C9FE-4A93-933F-EAA5C8F20095}\setup.exe" -l0x9 -remove -removeonly
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LabelPrint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Money Essentials --> "C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries --> MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Move Networks Media Player for Internet Explorer --> C:\Users\nickjill\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek USB 2.0 Card Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
REALTEK USB Wireless LAN Driver --> C:\Program Files\InstallShield Installation Information\{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}


-- Application Event Log -------------------------------------------------------

Event Record #/Type2607 / Error
Event Submitted/Written: 04/26/2008 10:18:27 AM
Event ID/Source: 11 / Microsoft-Windows-CAPI2
Event Description:
http://www.download....hrootstl.cabThe data is invalid.

Event Record #/Type2606 / Error
Event Submitted/Written: 04/26/2008 10:18:26 AM
Event ID/Source: 11 / Microsoft-Windows-CAPI2
Event Description:
http://www.download....hrootstl.cabThe data is invalid.

Event Record #/Type2605 / Error
Event Submitted/Written: 04/26/2008 10:18:26 AM
Event ID/Source: 11 / Microsoft-Windows-CAPI2
Event Description:
http://www.download....hrootstl.cabThe data is invalid.

Event Record #/Type2604 / Error
Event Submitted/Written: 04/26/2008 10:18:26 AM
Event ID/Source: 11 / Microsoft-Windows-CAPI2
Event Description:
http://www.download....hrootstl.cabThe data is invalid.

Event Record #/Type2603 / Error
Event Submitted/Written: 04/26/2008 10:18:25 AM
Event ID/Source: 11 / Microsoft-Windows-CAPI2
Event Description:
http://www.download....hrootstl.cabThe data is invalid.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7905 / Warning
Event Submitted/Written: 04/26/2008 10:02:07 AM
Event ID/Source: 19 / Microsoft-Windows-WHEA-Logger
Event Description:
10x030xc8000000000001a30x00x0902561025632561730435045520102FFFFFFFF0300020000000
2000000C206000005020E001A04081400000000000000000000000000000000000000000000000000
00000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBEEF
98ACEA5A7C80100000000000000000000000000000000000000000000000058010000C00000000102
000001000000ADCC7698B447DB4BB65E16F193C4F3DB0000000000000000000000000000000002000
000000000000000000000000000000000000000000018020000920200000102000000000000D5560F
3986CA494695C473A408AE58340000000000000000000000000000000002000000000000000000000
0000000000000000000000000AA040000180200000102000000000000E95412E7B9C14049AB769097
03A4320F0000000000000000000000000000000002000000000000000000000000000000000000000
0000000FF01000000000000000001000C030000820F06000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000007010000000000
0000000000000000000008020001200000FFFB8B17B015C2810000000000000000000000000000000
000000000000000000000000000000000F50157A5EFE3DE43AC72249B573FAD2C0300000000000000
9F00E8200000000087FFFF67830000000000000000000000000000000000000000000000000000000
100080080010000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000457250740000000018020000000100000000000000000000000000000000000000000000020
00000000000000100000000000000020000000000000000000000FF01000000000000000001000C03
0000820F0600000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000001000000920300000
100000001000000359FF81BA6A7C80101000000000000000300000000000000A3010000000000C800
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000

Event Record #/Type7901 / Warning
Event Submitted/Written: 04/26/2008 10:01:08 AM
Event ID/Source: 19 / Microsoft-Windows-WHEA-Logger
Event Description:
10x120x960000000003811c0x8367ffff870x093256125602561730435045520102FFFFFFFF03000
200000002000000C206000005010E001A040814000000000000000000000000000000000000000000
0000000000000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14
913BBEDF98ACEA5A7C80100000000000000000000000000000000000000000000000058010000C000
00000102000001000000ADCC7698B447DB4BB65E16F193C4F3DB00000000000000000000000000000
000020000000000000000000000000000000000000000000000180200009202000001020000000000
00D5560F3986CA494695C473A408AE583400000000000000000000000000000000020000000000000
000000000000000000000000000000000AA040000180200000102000000000000E95412E7B9C14049
AB76909703A4320F00000000000000000000000000000000020000000000000000000000000000000
000000000000000FF010000000000000000010008000000820F060000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000001000
000000000000000000000000000000000000000000000000000000000000000000000000000070100
000000000001000000000000000008020101200000FFFB8B17B015C28100000000000000000000000
00000000000000000000000000000000000000000F50157A5EFE3DE43AC72249B573FAD2C03000000
000000009F0007020000000087FFFF678300000000000000000000000000000000000000000000000
000000001000800800100000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000004572507400000000180200000001000000000000000000000000000000000000000
0000002000000000000000100000000000000020000000100000000000000FF010000000000000000
010008000000820F06000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000100000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000010000009
20300000100000001000000A5D539F8A5A7C801010000000000000002000000000000001C81030000
00009687FFFF678300000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000

Event Record #/Type7866 / Error
Event Submitted/Written: 04/26/2008 10:00:56 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type7823 / Warning
Event Submitted/Written: 04/26/2008 10:00:25 AM
Event ID/Source: 19 / Microsoft-Windows-WHEA-Logger
Event Description:
10x110xfffdffff000000fe0xfff3e0f2ffcfe01f0x08325625625622561730435045520102FFFFF
FFF03000200000002000000C206000005000E001A0408140000000000000000000000000000000000
000000000000000000000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8
865ABE14913BBECF98ACEA5A7C8010200000000000000000000000000000000000000000000005801
0000C00000000102000001000000ADCC7698B447DB4BB65E16F193C4F3DB000000000000000000000
000000000000200000000000000000000000000000000000000000000001802000092020000010200
0000000000D5560F3986CA494695C473A408AE5834000000000000000000000000000000000200000
00000000000000000000000000000000000000000AA040000180200000102000000000000E95412E7
B9C14049AB76909703A4320F000000000000000000000000000000000200000000000000000000000
00000000000000000000000E7010000000000000000020004020000820F060000000000414D442054
7572696F6E28746D29203634205832204D6F62696C6520546563686E6F6C6F677920544C2D3630000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000010000000000000000000000000000000000000000000000000000000000000000000000000000
00070100000000000001000000000000000008020101200000FFFB8B1790176D84000000000000000
000000000000000000000000000000000000000000000000035B506FC1F5E62459F250A3B9ADB63C3
03000000000000009D008326000000001FE0CFFFF2E0F3FF000000000000000000000000000000000
000000000000000010008008001000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000045725074010000001802000092030000000000000000000000000000000
000000000000002000000000000000000000000000000020000000100000000000000E70100000000
00000000020004020000820F060000000000414D4420547572696F6E28746D29203634205832204D6
F62696C6520546563686E6F6C6F677920544C2D363000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000001000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
1000000920300000100000001000000E7E674D4A5A7C80101000000000000000100000000000000FE
000000FFFFFDFF1FE0CFFFF2E0F3FF000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000

Event Record #/Type7822 / Error
Event Submitted/Written: 04/26/2008 10:00:25 AM
Event ID/Source: 1002 / Microsoft-Windows-ResourcePublication
Event Description:
Provider\Microsoft.Base.Publication/Publication/Computer



-- End of Deckard's System Scanner: finished at 2008-04-26 10:18:50 ------------
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As a Vista user I will require that all the programmes I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programmes may fail to do their job properly

I can see a few bits that need removing there

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\nickjill\AppData\Local\Temp\bYOEWQkL.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\nickjill\AppData\Local\Temp\vtUnopmm.dll,c
O4 - HKCU\..\Run: [2c39767c] rundll32.exe "C:\Users\nickjill\AppData\Local\Temp\thtdntgx.dll",b
O4 - HKCU\..\Run: [BM2f0a45e0] Rundll32.exe "C:\Users\nickjill\AppData\Local\Temp\whnnfhjr.dll",s

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Users\nickjill\AppData\Local\Temp\bYOEWQkL.dll
    C:\Users\nickjill\AppData\Local\Temp\vtUnopmm.dll
    C:\Users\nickjill\AppData\Local\Temp\thtdntgx.dll
    C:\Users\nickjill\AppData\Local\Temp\whnnfhjr.dll
    Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Logs required : OTMoveit and Combofix
  • 0

#6
nickjill

nickjill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OT move it---

File/Folder C:\Users\nickjill\AppData\Local\Temp\bYOEWQkL.dll not found.
File/Folder C:\Users\nickjill\AppData\Local\Temp\vtUnopmm.dll not found.
File/Folder C:\Users\nickjill\AppData\Local\Temp\thtdntgx.dll not found.
File/Folder C:\Users\nickjill\AppData\Local\Temp\whnnfhjr.dll not found.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04262008_144335

Going to do combofix now...
  • 0

#7
nickjill

nickjill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Heres the uploaded combofix details and new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:54 PM, on 4/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.n...newsroom.portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TB&M=M-1625
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6459 bytes

Thanks again for your help

Attached Files


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That does not look too bad lets do a registry sweep now

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#9
nickjill

nickjill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Heres the results from MBAM....

Malwarebytes' Anti-Malware 1.11
Database version: 687

Scan type: Quick Scan
Objects scanned: 30503
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks again for your time.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nicely done :) I hereby declare .....................

Now the best part of the day ----- Your log now appears clean :)

Double click OTMoveIt2 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt2 wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP