Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Google Installer" Virus/Malware. Need removal help.

Started by intuna , Mar 21 2009 02:40 PM

  • Please log in to reply

#1
intuna
Posted 21 March 2009 - 02:40 PM

intuna

    New Member

  • Member
  • Pip
  • 1 posts
Upon system start up, I get the error message Google Installer cannot continue in what looks like a windows help dialog.
Spybot S&D, mbam setup, and System Restore all will not function.
AdAware did run, found something once, finds nothing now.
AVG is running again and finds nothing so far.

The log files you suggested acquiring are attached.
Am I doomed :-)

OTListIt Extras logfile created on: 3/21/2009 1:12:57 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.62% Memory free
3.35 Gb Paging File | 2.39 Gb Available in Paging File | 71.48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 34.50 Gb Free Space | 29.44% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 173.54 Gb Free Space | 74.52% Space Free | Partition Type: NTFS
Drive E: | 111.79 Gb Total Space | 31.40 Gb Free Space | 28.09% Space Free | Partition Type: NTFS
Drive F: | 117.19 Gb Total Space | 68.82 Gb Free Space | 58.73% Space Free | Partition Type: NTFS
Drive G: | 45.08 Gb Total Space | 29.98 Gb Free Space | 66.51% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 584.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 1.92 Gb Total Space | 0.34 Gb Free Space | 17.51% Space Free | Partition Type: FAT

Computer Name: DAVID-ABC045162
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader: 6112
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 ()
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 ()
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)
C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup (Nero AG)
C:\Documents and Settings\Owner\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup File not found
C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool (Microsoft Corporation)
C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft Corporation)
C:\StarGate\HomeRunner\HomeRunner.exe:*:Enabled:JDS HomeRunner (JDS Technologies)
C:\World of Warcraft\WoW-2.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - c6e08ce8\Launcher.exe:*:Enabled:Blizzard Launcher File not found
C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird (Mozilla Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - e1ddd050\Launcher.exe:*:Enabled:Blizzard Launcher File not found
C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - ec340600\Launcher.exe:*:Enabled:Blizzard Launcher File not found
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath (Skype Technologies S.A.)
C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{053EC7D7-25D6-87DE-FB3C-21EDA3AC1B3D}" = CCC Help Japanese
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09E03881-E349-18A2-2AFC-CADE51DF080E}" = CCC Help Thai
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E70CFA6-93E3-453F-B47C-855196C2589E}" = Logitech Harmony Remote Software 7
"{12C11D57-0E6B-64F2-B99E-E40E785AEB56}" = CCC Help Hungarian
"{152441C1-D4DA-EE78-7E4A-514DD0361256}" = CCC Help Dutch
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{16C291EE-B2F5-1636-D382-FEB776F677BE}" = CCC Help Italian
"{18941178-396B-0CC4-2168-17112315EBB8}" = ccc-utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B3D70BF-F1E5-1548-C1ED-22F0D47BDDD1}" = CCC Help Finnish
"{1B779CC7-5F25-29B3-5150-AF44A6201033}" = Nero 7 Demo
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22CCA04F-DFE0-5337-770C-3CFD2CDCF2D9}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2DDBE461-3A0D-A6C2-6944-92D694AFB12A}" = Catalyst Control Center Localization French
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3373AFA7-672F-407C-68F0-955FB5930A47}" = Catalyst Control Center Localization Turkish
"{35CB8AFB-0376-9D4F-24E5-1EEC1CEE1A4B}" = CCC Help Chinese Standard
"{36417A39-B6A6-BE0F-0AD0-6D9B116985D1}" = CCC Help Swedish
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3FAFEF64-911D-8013-18B5-E0BDF223A5C0}" = CCC Help Korean
"{40E4166C-460E-65F8-F84B-88A2F9EA69F4}" = CCC Help Polish
"{421D1CB2-0C0B-AC1D-06E5-14B0974376B5}" = Catalyst Control Center Localization Korean
"{451CEE76-0FFE-802D-1F5E-615D69BC7007}" = Catalyst Control Center Localization Greek
"{4609F28C-0BDB-F2B2-9DC7-B35A28478312}" = Catalyst Control Center Localization Czech
"{46E1C9E1-9CC6-D432-F2BB-7CFC27B32EC9}" = Catalyst Control Center Localization Russian
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{519118EE-ACFD-16B7-7FEA-6B47D529B50C}" = Catalyst Control Center Core Implementation
"{5325AF31-8FEF-EEA6-084E-6784F834B5C0}" = Catalyst Control Center Graphics Full Existing
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57105084-049B-008E-165A-92AF92B0C60F}" = ccc-core-preinstall
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5DE136A9-DCAE-69D0-08CB-02F07CFC9398}" = CCC Help Spanish
"{5E7AD152-771A-52C9-8394-E2F3BA629E06}" = CCC Help Greek
"{6782B259-804B-301D-0DE9-13000375C2D2}" = Catalyst Control Center Localization Japanese
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D58E839-9E34-3979-7BFD-145BD5E9401C}" = CCC Help Norwegian
"{6FA439F8-EBD8-FF4D-8EE5-A52FE69A4248}" = Catalyst Control Center Localization Finnish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793E79A5-B52D-E287-37F2-398F530D74C7}" = Catalyst Control Center Localization Polish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7F2FF077-4A0C-0F26-717C-617DED010B33}" = CCC Help English
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A819649-7839-11D3-8CAA-00C04F60B374}" = Microsoft Office Spreadsheet Updated Function Reference
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF103B8-8C8E-2246-8C0D-C6C256E5E428}" = CCC Help French
"{8E9BA9AF-6A06-C7AC-5863-4A40CF29CE05}" = Catalyst Control Center Localization German
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90E5D6A9-C373-357B-6659-8BF019E3C1D4}" = Catalyst Control Center Localization Dutch
"{9366C5C6-9434-C4C9-9804-FB4D7142874D}" = Catalyst Control Center Localization Portuguese
"{942DD738-A9F7-BBFA-3960-4558CB0EE272}" = Catalyst Control Center Localization Chinese Standard
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A0857F54-AE2D-F453-4069-C7D65AE36426}" = Catalyst Control Center Localization Chinese Traditional
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2FA61E6-B46A-3489-BD5A-2991144A5BC4}" = CCC Help Portuguese
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA75AFFC-C5F3-2497-FE56-48AA163EFE2B}" = CCC Help Russian
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AFF8387B-A958-48F8-9E1C-2E9485A1985A}" = Retrospect 7.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5C68E1B-A651-33AA-21A6-7CC2D69EEFA2}" = CCC Help Czech
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE2686A1-ECF2-FF0E-9DF5-EC7A806AEED8}" = Catalyst Control Center Localization Thai
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2B8406-F144-3B99-F66E-8D1703C9A9C5}" = Catalyst Control Center Graphics Previews Common
"{D4F3A4D4-84B1-3A40-14AA-422DE60EF96A}" = Skins
"{D51D9840-FABE-390B-24D2-D052332B311A}" = Catalyst Control Center Localization Spanish
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{D9E96902-5743-D105-BCB7-FBD3C0DF3989}" = Catalyst Control Center Localization Swedish
"{DCE27619-6822-0D22-1405-9D2899DC1896}" = Catalyst Control Center Localization Norwegian
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF80DB18-7179-EB18-5818-E7F761DA59AE}" = CCC Help Danish
"{E698F77C-216C-8409-F4DC-E4AAECF5DEFF}" = Catalyst Control Center Localization Italian
"{E7DAAF26-A0B0-1D77-0794-20D1314297F1}" = Catalyst Control Center Graphics Light
"{E8626A59-FD0E-449C-A23A-C52FC0733629}" = Tseries BIOS Update
"{F16A317A-6128-39E2-9607-20B5C70132E6}" = Catalyst Control Center Localization Hungarian
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2B34A83-5345-910F-EC0F-0D92A00D6E3B}" = CCC Help Turkish
"{F2BDC47D-18FA-5B10-58C0-9FFBDBE0B031}" = Catalyst Control Center Graphics Full New
"{F3D677C8-612D-F5A8-A22F-2EF74F44000B}" = CCC Help Chinese Traditional
"{F9AB0D25-0085-8345-3F1A-5E5C714092B9}" = Catalyst Control Center Localization Danish
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD42253B-9B4B-4150-998A-26B16E370EA9}" = StarOffice 8
"{FEFE846E-DF0E-0AC6-0EA0-F85CE63CA275}" = CCC Help German
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.0
"Belarc Advisor" = Belarc Advisor 7.2
"DYMO Label Software" = DYMO Label Software
"EmailStripper_is1" = EmailStripper 2.2
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"Finale NotePad 2008" = Finale NotePad 2008
"Finale PrintMusic 2007" = Finale PrintMusic 2007
"Finale PrintMusic 2008" = Finale PrintMusic 2008
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Fire Screensaver" = Free Fire Screensaver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"JDS HomeRunner v1.2" = JDS HomeRunner v1.2
"JDS Pocket WebX v1.4c for Windows" = JDS Pocket WebX v1.4c for Windows
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCSI" = Prevx CSI
"Picasa2" = Picasa 2
"Smart Defrag_is1" = Smart Defrag 1.11
"ST6UNST #1" = DKP Profiler
"ST6UNST #2" = DKP Profiler (C:\Program Files\DKP Profiler Uploader\)
"StarGate WinEVM 3.10.0" = StarGate WinEVM 3.10.0
"SystemRequirementsLab" = System Requirements Lab
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"UT2004" = Unreal Tournament 2004
"UUDeview for Windows" = UUDeview for Windows
"VLC media player" = VLC media player 0.9.4
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Xpander Firmware Utility" = Web Xpander Firmware Utility
"Web Xpander Labeler" = Web Xpander Labeler
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/21/2009 1:53:51 PM | Computer Name = DAVID-ABC045162 | Source = Application Error | ID = 1000
Description = Faulting application viewpointservice.exe, version 3.6.0.59, faulting
module viewpointservice.exe, version 3.6.0.59, fault address 0x000021f2.

Error - 3/21/2009 2:00:49 PM | Computer Name = DAVID-ABC045162 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 3/21/2009 2:01:45 PM | Computer Name = DAVID-ABC045162 | Source = Application Error | ID = 1001
Description = Fault bucket 912450534.

Error - 3/21/2009 2:02:39 PM | Computer Name = DAVID-ABC045162 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 3/21/2009 2:04:13 PM | Computer Name = DAVID-ABC045162 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 3/21/2009 2:04:25 PM | Computer Name = DAVID-ABC045162 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 3/21/2009 2:04:37 PM | Computer Name = DAVID-ABC045162 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 3/21/2009 2:05:45 PM | Computer Name = DAVID-ABC045162 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 3/21/2009 2:07:23 PM | Computer Name = DAVID-ABC045162 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 3/21/2009 2:32:45 PM | Computer Name = DAVID-ABC045162 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

[ System Events ]
Error - 3/21/2009 2:19:04 PM | Computer Name = DAVID-ABC045162 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/21/2009 2:19:24 PM | Computer Name = DAVID-ABC045162 | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/21/2009 2:20:03 PM | Computer Name = DAVID-ABC045162 | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 3/21/2009 2:20:25 PM | Computer Name = DAVID-ABC045162 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 3/21/2009 2:20:48 PM | Computer Name = DAVID-ABC045162 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 10000
milliseconds: Restart the service.

Error - 3/21/2009 2:22:56 PM | Computer Name = DAVID-ABC045162 | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
3 time(s).

Error - 3/21/2009 2:33:12 PM | Computer Name = DAVID-ABC045162 | Source = Service Control Manager | ID = 7000
Description = The Creative Service for CDROM Access service failed to start due
to the following error: %%2

Error - 3/21/2009 2:33:12 PM | Computer Name = DAVID-ABC045162 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 3/21/2009 2:33:12 PM | Computer Name = DAVID-ABC045162 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 3/21/2009 2:33:12 PM | Computer Name = DAVID-ABC045162 | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Service service failed to start due to the following
error: %%3


< End of report >

Rooter report:
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:120001 Mo/Free:2562 Mo)
D:\ [Fixed] - NTFS - (Total:238473 Mo/Free:1577 Mo)
E:\ [Fixed] - NTFS - (Total:114470 Mo/Free:3478 Mo)
F:\ [Fixed] - NTFS - (Total:120001 Mo/Free:843 Mo)
G:\ [Fixed] - NTFS - (Total:46163 Mo/Free:2029 Mo)
L:\ [CD-Rom] (Total:584 Mo/Free:0 Mo)
M:\ [Removable] (Total:1966 Mo/Free:344 Mo)

Sat 03/21/2009|13:06

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\MsPMSPSv.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
---------- C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\CTHELPER.EXE
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\Program Files\DKP Profiler Uploader\DKPProfilerUploader.exe
---------- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Skype\Phone\Skype.exe
---------- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
---------- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
---------- C:\PROGRA~1\MI3AA1~1\rapimgr.exe
---------- C:\Program Files\TClockLight\tclock.exe
---------- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
---------- C:\Program Files\Prevx\prevx.exe
---------- C:\Program Files\Prevx\prevx.exe
---------- C:\Program Files\AVG\AVG8\avgscanx.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\WINDOWS\system32\restore\rstrui.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\Java\jre6\bin\java.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
---------- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
---------- C:\WINDOWS\system32\SearchProtocolHost.exe
---------- C:\WINDOWS\system32\SearchFilterHost.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 03/21/2009|13:07

----------------------\\ Scan completed at 13:07

Attached Files


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP