Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus/Spyware removal [Closed]


  • This topic is locked This topic is locked

#1
EEGADS!

EEGADS!

    New Member

  • Member
  • Pip
  • 7 posts
Hi, i have a Dell inspiron 531, with Vista, and it is infected. Pretty bad. ParetoLogic Anti-Virus PLUS (free trial, so cant use it to fix them..) found these:
Adserv cookie
Live365 cookie
FunWebProducts
MyWebSearch
Viewpoint
MessengerSkinner
Crypt CFI Trojan
Allaple FYL Worm
Onlinegames BII Trojan
Abwu Adware
Allaple CTH Worm
Midgare ACT Trojan
Webtoolbar Mywebsearch ba Trojan

Trend Micro Antivirus (subscription ran out..) found and quarantined these files:

Multiclicker-win.exe

Multiclicker-win.exe

Gvutil.dll

Gvhlp.dll

Gvhlp.dll and Gvutil.dll are from Gamevance, which was previously installed on our computer...but now i cant find the files that are infected. When i go to Program Files, there is no "Gamevance" folder. :)


So anyways...please help! Just walk me through it. Tell me what to do, and i will. Thanks so much!
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello EEGADS!,

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Please download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
So when you return please post
  • MBAM log
  • the two RSIT logs - log.txt and info.txt

Note: Unless otherwise instructed always post the logs in the forum. It is likely these reports will not fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
  • 0

#3
EEGADS!

EEGADS!

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey! Thanks sooo much for helping me i hope we can solve this!

MBAM didn't find anything...

Here's the logs for RSIT:

LOG:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jan at 2009-08-12 00:35:49
Microsoft® Windows Vista™ Home Premium
System drive C: has 185 GB (63%) free of 295 GB
Total RAM: 1982 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:56 AM, on 8/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\VM30xSnap.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\V0470Mon.exe
C:\Program Files\Norton AntiVirus\Engine\17.0.0.111\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jan\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.111\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll (file missing)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] "C:\Windows\WindowsMobile\wmdc.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VM30xSnap] "C:\Windows\VM30xSnap.exe" Vimicro USB PC Camera (ZC030x)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] "C:\Windows\p_981116.exe" /Q:A
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [V0470Mon.exe] "C:\Windows\V0470Mon.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...S/wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....NPUplden-us.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://linksyssuppo...ort/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.0.0.111\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11512 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-551768948-1205786988-3747741992-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-551768948-1205786988-3747741992-1002UA.job
C:\Windows\tasks\ParetoLogic Registration.job
C:\Windows\tasks\User_Feed_Synchronization-{7CE2ADA8-BB6A-4E2D-9B16-D2A09EEC04AB}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-26 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\17.0.0.111\IPSBHO.DLL [2009-07-31 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-11-28 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8260C2B8-E0D1-448a-B062-33D12D468BF0}]
ALOT eMusic Toolbar - C:\Program Files\alot\bin\alot.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-10 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-25 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-26 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8260C2B8-E0D1-448a-B062-33D12D468BF0} - ALOT eMusic Toolbar - C:\Program Files\alot\bin\alot.dll []
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-10 259696]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-28 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-24 4452352]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
""= []
"VM30xSnap"=C:\Windows\VM30xSnap.exe [2007-02-05 53248]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"DXM6Patch_981116"=C:\Windows\p_981116.exe [1998-11-30 497376]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"V0470Mon.exe"=C:\Windows\V0470Mon.exe [2007-06-04 32768]
"SNM"=C:\Program Files\SpyNoMore\SNM.exe /startup []
"MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-03 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-03 92704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-28 68856]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluePoint Personal Edition]
C:\Program Files\BluePoint Security\BluePoint Personal\bluepoint.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-26 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-25 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParetoLogic Anti-Virus PLUS]
C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk -NM -hidesplash []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-05-26 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-08-12 00:35:49 ----D---- C:\rsit
2009-08-11 20:30:38 ----SHD---- C:\Config.Msi
2009-08-10 22:48:19 ----D---- C:\Users\Jan\AppData\Roaming\Roxio
2009-08-10 21:11:06 ----D---- C:\TAKEN
2009-08-06 22:58:21 ----D---- C:\Program Files\Symantec
2009-08-06 22:57:30 ----D---- C:\Program Files\Norton AntiVirus
2009-08-06 22:29:01 ----D---- C:\ProgramData\NortonInstaller
2009-08-06 22:29:01 ----D---- C:\Program Files\NortonInstaller
2009-08-06 22:15:53 ----D---- C:\ProgramData\Norton
2009-08-05 20:41:44 ----D---- C:\Windows\BDOSCAN8
2009-08-05 01:33:06 ----A---- C:\Windows\NIRCMD.exe
2009-08-05 01:33:05 ----A---- C:\Windows\zip.exe
2009-08-05 01:33:05 ----A---- C:\Windows\SWXCACLS.exe
2009-08-05 01:33:05 ----A---- C:\Windows\SWSC.exe
2009-08-05 01:33:05 ----A---- C:\Windows\SWREG.exe
2009-08-05 01:33:05 ----A---- C:\Windows\sed.exe
2009-08-05 01:33:05 ----A---- C:\Windows\PEV.exe
2009-08-05 01:33:05 ----A---- C:\Windows\grep.exe
2009-08-05 01:32:37 ----D---- C:\Windows\ERDNT
2009-08-05 01:32:33 ----SD---- C:\Combo-Fix
2009-08-05 01:32:31 ----A---- C:\Windows\system32\CF5763.exe
2009-08-05 00:28:48 ----D---- C:\Program Files\Windows Live Safety Center
2009-08-04 23:11:45 ----A---- C:\RootRepeal report 08-04-09 (23-11-45).txt
2009-08-04 00:17:25 ----D---- C:\Program Files\BluePoint Security
2009-08-03 23:26:46 ----D---- C:\Program Files\AVG
2009-08-03 23:04:39 ----D---- C:\Users\Jan\AppData\Roaming\Malwarebytes
2009-08-03 23:04:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-03 22:28:57 ----A---- C:\Windows\system32\CF14997.exe
2009-08-03 22:28:52 ----A---- C:\Windows\system32\swsc.exe
2009-08-03 22:26:20 ----D---- C:\Qoobox
2009-07-31 19:22:32 ----A---- C:\rollback.ini
2009-07-31 18:48:29 ----D---- C:\ProgramData\ParetoLogic Anti-Virus PLUS
2009-07-31 18:48:29 ----D---- C:\ProgramData\ParetoLogic
2009-07-31 18:48:29 ----D---- C:\Program Files\Common Files\ParetoLogic
2009-07-29 00:22:10 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 00:22:08 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 00:22:06 ----A---- C:\Windows\system32\mstime.dll
2009-07-29 00:22:05 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-29 00:22:04 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 00:22:03 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 00:22:02 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 00:22:02 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 00:22:02 ----A---- C:\Windows\system32\dxtmsft.dll
2009-07-29 00:22:01 ----A---- C:\Windows\system32\occache.dll
2009-07-29 00:22:01 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 00:22:01 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-29 00:22:00 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-29 00:22:00 ----A---- C:\Windows\system32\ieencode.dll
2009-07-29 00:22:00 ----A---- C:\Windows\system32\icardie.dll
2009-07-29 00:22:00 ----A---- C:\Windows\system32\dxtrans.dll
2009-07-29 00:21:59 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 00:21:58 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 00:21:58 ----A---- C:\Windows\system32\advpack.dll
2009-07-29 00:21:58 ----A---- C:\Windows\system32\admparse.dll
2009-07-29 00:21:57 ----A---- C:\Windows\system32\iesetup.dll
2009-07-29 00:21:57 ----A---- C:\Windows\system32\iernonce.dll
2009-07-29 00:21:56 ----A---- C:\Windows\system32\pngfilt.dll
2009-07-29 00:21:56 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 00:21:56 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-29 00:21:54 ----A---- C:\Windows\system32\ieakui.dll
2009-07-29 00:21:53 ----A---- C:\Windows\system32\mshtmler.dll
2009-07-26 01:27:47 ----D---- C:\Users\Jan\AppData\Roaming\BitDefender
2009-07-26 01:21:25 ----D---- C:\ProgramData\BitDefender
2009-07-26 01:21:24 ----D---- C:\Program Files\BitDefender
2009-07-26 01:16:29 ----D---- C:\Program Files\Common Files\BitDefender
2009-07-25 23:51:38 ----D---- C:\Program Files\Common Files\PC Tools
2009-07-25 23:51:04 ----D---- C:\Program Files\Spyware Doctor
2009-07-15 02:52:35 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 02:52:35 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 02:52:35 ----A---- C:\Windows\system32\atmfd.dll
2009-07-15 02:52:34 ----A---- C:\Windows\system32\lpk.dll
2009-07-15 02:52:34 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 02:52:34 ----A---- C:\Windows\system32\atmlib.dll

======List of files/folders modified in the last 1 months======

2009-08-12 00:35:56 ----D---- C:\Windows\Prefetch
2009-08-12 00:35:51 ----D---- C:\Windows\Temp
2009-08-12 00:27:40 ----HD---- C:\ProgramData
2009-08-12 00:27:39 ----D---- C:\Windows\system32\drivers
2009-08-12 00:27:37 ----AD---- C:\ProgramData\TEMP
2009-08-11 23:57:36 ----D---- C:\Windows\Tasks
2009-08-11 20:31:18 ----SHD---- C:\Windows\Installer
2009-08-11 20:31:04 ----D---- C:\Program Files
2009-08-11 20:30:59 ----D---- C:\Windows\System32
2009-08-11 19:15:11 ----SHD---- C:\System Volume Information
2009-08-11 02:04:16 ----D---- C:\ProgramData\Google Updater
2009-08-10 23:42:37 ----D---- C:\Windows\inf
2009-08-10 23:42:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-10 23:21:11 ----D---- C:\ProgramData\Roxio
2009-08-10 21:29:58 ----D---- C:\ProgramData\DVD Shrink
2009-08-10 19:29:04 ----D---- C:\Users\Jan\AppData\Roaming\Skype
2009-08-10 16:00:26 ----D---- C:\Users\Jan\AppData\Roaming\skypePM
2009-08-08 07:17:14 ----D---- C:\Windows\pss
2009-08-06 23:50:41 ----D---- C:\Windows
2009-08-06 23:49:07 ----A---- C:\Windows\ntbtlog.txt
2009-08-06 23:09:17 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-08-06 23:07:41 ----D---- C:\Program Files\Trend Micro
2009-08-06 22:59:27 ----D---- C:\Windows\system32\Tasks
2009-08-06 22:56:40 ----RD---- C:\Users
2009-08-06 22:30:53 ----D---- C:\Windows\system32\catroot
2009-08-06 22:23:31 ----SD---- C:\Users\Jan\AppData\Roaming\Microsoft
2009-08-05 20:42:45 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-05 20:41:58 ----SD---- C:\Windows\Downloaded Program Files
2009-08-05 01:32:31 ----D---- C:\Windows\system32\en-US
2009-07-31 18:48:29 ----D---- C:\Program Files\Common Files
2009-07-29 03:08:52 ----D---- C:\Windows\system32\migration
2009-07-29 03:08:52 ----D---- C:\Program Files\Internet Explorer
2009-07-29 03:08:51 ----D---- C:\Windows\AppPatch
2009-07-29 03:02:59 ----D---- C:\Windows\winsxs
2009-07-29 00:19:43 ----D---- C:\Windows\system32\catroot2
2009-07-28 01:24:23 ----D---- C:\Users\Jan\AppData\Roaming\Yahoo!
2009-07-28 01:24:23 ----D---- C:\ProgramData\Yahoo!
2009-07-26 18:22:30 ----D---- C:\ProgramData\Yahoo! Companion
2009-07-26 17:24:54 ----D---- C:\Program Files\BitPim
2009-07-26 17:24:41 ----D---- C:\Windows\system32\wbem
2009-07-26 17:23:40 ----D---- C:\Windows\system32\config
2009-07-26 17:23:22 ----D---- C:\Windows\system32\spool
2009-07-26 17:23:21 ----RSD---- C:\Windows\Fonts
2009-07-26 17:23:19 ----D---- C:\ProgramData\Avira
2009-07-26 17:23:19 ----D---- C:\Program Files\Yahoo!
2009-07-26 17:23:19 ----D---- C:\Program Files\WinRAR
2009-07-26 17:23:19 ----D---- C:\Program Files\Viewpoint
2009-07-26 17:23:19 ----D---- C:\Program Files\Print Workshop 2006
2009-07-26 17:23:19 ----D---- C:\Program Files\E.M. DVD Copy
2009-07-26 17:23:19 ----D---- C:\Program Files\DVDVideoSoft
2009-07-26 17:23:19 ----D---- C:\Program Files\DVDFab 6
2009-07-26 17:23:18 ----D---- C:\Program Files\Common Files\Broderbund
2009-07-26 17:23:18 ----D---- C:\Program Files\Common Files\Ahead
2009-07-26 17:23:18 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
2009-07-26 17:23:18 ----D---- C:\Program Files\Avira
2009-07-26 17:23:18 ----D---- C:\Program Files\Ahead
2009-07-26 17:23:15 ----D---- C:\Windows\registration
2009-07-26 16:55:39 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-07-26 16:55:18 ----D---- C:\Users\Jan\AppData\Roaming\Vso
2009-07-15 03:04:25 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2009-05-27 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.111\Definitions\BASHDefs\20090731.001\BHDrvx86.sys [2009-07-31 502320]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NAV\1100000.06F\ccHPx86.sys [2009-07-30 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-10 371760]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.111\Definitions\IPSDefs\20090730.005\IDSVix86.sys [2009-07-31 342064]
R1 KLIF;KLIF; C:\Windows\system32\DRIVERS\klif.sys [2009-02-18 127768]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NAV\1100000.06F\SRTSPX.SYS [2009-07-28 43696]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NAV\1100000.06F\Ironx86.SYS [2009-07-31 114224]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\system32\drivers\NAV\1100000.06F\SYMTDIV.SYS [2009-07-31 338480]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-10 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-10-18 258048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-24 1776480]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-08-03 38160]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.111\Definitions\VirusDefs\20090810.039\NAVENG.SYS [2009-08-05 84784]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.111\Definitions\VirusDefs\20090810.039\NAVEX15.SYS [2009-08-05 1323696]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-15 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-03 7460320]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-06-29 47360]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\system32\drivers\NAV\1100000.06F\SRTSP.SYS [2009-07-28 324144]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-08-06 124976]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
R3 VF0470Vid;Live! Cam Notebook (VF0470); C:\Windows\system32\DRIVERS\V0470Vid.sys [2007-05-09 146720]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
R4 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore.sys []
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2009-05-27 52056]
S3 catchme;catchme; \??\C:\Users\Jan\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device; C:\Windows\system32\DRIVERS\superwebcam.sys [2006-06-27 31872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 VM30xx86;Vimicro USB PC Camera (ZC030x); C:\Windows\System32\Drivers\vm30xx86.sys [2007-01-29 1294336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 NAV;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\17.0.0.111\ccSvcHst.exe [2009-07-30 126392]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-03 118784]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-26 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2008-07-15 394608]

-----------------EOF-----------------



INFO:

info.txt logfile of random's system information tool 1.06 2009-08-12 00:36:01

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitPim 1.0.6-->"C:\Program Files\BitPim\unins000.exe"
Boss Hunter-->MsiExec.exe /X{E3DC3ADE-1DEB-4F54-832F-6AD86927F3B8}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Caesar 3-->C:\Windows\IsUninst.exe -f"C:\Impressions Games\Caesar3\Uninst.isu"
Conexant D850 PCI V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
Creative Live! Cam Notebook Driver (1.01.01.00)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0470.uns -unsext NT -plugin V0470Pin.dll -pluginres CtCamPin.crl
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall
Dell DataSafe Online-->MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab 6.0.2.0 (June 24, 2009)-->"C:\Program Files\DVDFab 6\unins000.exe"
E.M. DVD Copy 2.50-->"C:\Program Files\E.M. DVD Copy\unins000.exe"
Favorit-->c:\users\bronwyn\appdata\local\cfbeyu.bat
Free Natural Text to Speech Reader 2008-->MsiExec.exe /I{3E5DA526-F420-45A6-9F27-D2B5246D6823}
Free YouTube to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Talk Plugin-->MsiExec.exe /I{F6B1D53B-2A68-377D-AC39-C8FD359FF6F1}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.3 (remove only)-->"C:\Program Files\ManyCam 2.3\uninstall.exe"
Math 7 Teaching Textbook -->C:\Program Files\Teaching Textbooks\Math 7\uninst.exe
Mavis Beacon Teaches Typing Deluxe 15-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42C7A1F1-6986-41E6-B0C7-94657FE89301}\SETUP.EXE" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
Nero Media Player-->C:\Windows\UNNMP.exe /UNINSTALL
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NetZero Internet and Voice Offer-->MsiExec.exe /X{8BBA35B6-E1A9-4FE0-892B-8F7980584D52}
Nickelodeon Toon Twister 3-D-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFC7BA3F-3B0E-4BD8-B638-8547F4E841C0}\Setup.exe"
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\3EAA38BF\17.0.0.111\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIANetworkDiagnostic-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EFAD4066-CAF3-4B27-9669-12EED352C376}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Print Workshop 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7217DF28-4855-421F-8FD9-377F50E2B93D}\setup.exe" -l0x9
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Smart Audio Converter Pro-->"C:\Program Files\SmartAudioConverterPro\unins000.exe"
Snake Arena Special Edition-->C:\PROGRA~1\eGames\SNAKEA~1\UNWISE.EXE C:\PROGRA~1\eGames\SNAKEA~1\INSTALL.LOG
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Speedy Eggbert Special Edition-->C:\PROGRA~1\eGames\SPEEDY~1\UNWISE.EXE C:\PROGRA~1\eGames\SPEEDY~1\INSTALL.LOG
SpongeBob SquarePants Employee of the Month-->C:\Windows\IsUninst.exe -f"C:\Program Files\THQ\SpongeBob SquarePants\Employee of the Month\Uninst.isu"
The Sims™ 2 Double Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Double Deluxe\EAUninstall.exe
TWC Customer Controls-->MsiExec.exe /I{F8722041-B63A-47FB-82A8-5F0977E1CF45}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Valspar Signature Series Virtual Painter-->MsiExec.exe /I{D61F8B6C-F49C-4CDB-84B7-BF99CE0FBB78}
VideoSkin.Net-->MsiExec.exe /I{C5135087-07FE-489A-AE4B-8C7C656C7B74}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vimicro USB PC Camera-->C:\Program Files\InstallShield Installation Information\{133EE96D-DBA6-4644-84A4-B2794505D669}\setup.exe -runfromtemp -l0x0009 -removeonly
WebEx-->C:\PROGRA~2\WebEx\atcliun.exe
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll

======Security center information======

AV: BluePoint Security
AV: Avira AntiVir PersonalEdition
AV: Norton AntiVirus
AS: Windows Defender
AS: Norton AntiVirus

======System event log======

Computer Name: Bronwyn-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001AA0717DBA. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 224059
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090811183028.000000-000
Event Type: Warning
User:

Computer Name: Bronwyn-PC
Event Code: 129
Message: Reset to device, \Device\RaidPort0, was issued.
Record Number: 224062
Source Name: nvstor
Time Written: 20090811183222.500000-000
Event Type: Warning
User:

Computer Name: Bronwyn-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 224099
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20090812035907.000000-000
Event Type: Warning
User:

Computer Name: Bronwyn-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 224100
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20090812040220.000000-000
Event Type: Warning
User:

Computer Name: Bronwyn-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 224101
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20090812040220.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Bronwyn-PC
Event Code: 4122
Message: Unable to load file AVPREF.DLL. Returned error code: 1114
Record Number: 31024
Source Name: Avira AntiVir
Time Written: 20090811033730.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Bronwyn-PC
Event Code: 1008
Message: The Open Procedure for service "DFSR" in DLL "C:\Windows\System32\DfsrPerf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Record Number: 31077
Source Name: Microsoft-Windows-Perflib
Time Written: 20090811230300.000000-000
Event Type: Error
User:

Computer Name: Bronwyn-PC
Event Code: 1010
Message: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.
Record Number: 31078
Source Name: Microsoft-Windows-Perflib
Time Written: 20090811230300.000000-000
Event Type: Error
User:

Computer Name: Bronwyn-PC
Event Code: 10010
Message: Application 'C:\Windows\System32\msiexec.exe' (pid 4220) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 31079
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090811230334.141000-000
Event Type: Warning
User: Bronwyn-PC\Jan

Computer Name: Bronwyn-PC
Event Code: 0
Message:
Record Number: 31091
Source Name: pctsSvc.exe
Time Written: 20090812042627.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Bronwyn-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 27884
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090812042634.624000-000
Event Type: Audit Success
User:

Computer Name: Bronwyn-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS
Record Number: 27885
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090812042953.105000-000
Event Type: Audit Failure
User:

Computer Name: Bronwyn-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS
Record Number: 27886
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090812042953.158000-000
Event Type: Audit Failure
User:

Computer Name: Bronwyn-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS
Record Number: 27887
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090812042953.217000-000
Event Type: Audit Failure
User:

Computer Name: Bronwyn-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS
Record Number: 27888
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090812042953.266000-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------


Also..just to clarify...GameVance was previously installed on my computer, i uninstalled it..but the virus is still there--in two files. gvutil.dll and gvhlp.dll. I cant find these files though, because when i go to program files there is no gamevance file because i uninstalled it! ahh! :)

Anyways thankksss for helping me! Waiting for you reply!
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again EEGADS!,

I see you have a number of anti-virus programs and bits and pieces there. There are remnants of AVG8, Norton is running, Avira is running and you have part of Bitdefender.

Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Please uninstall either of Norton or Avira. If Norton is out of it's paid period I would uninstall that.

Then

Download AVG removal tool.

http://www.avg.com/download-tools

Use one at the top of the list Avg Remover.exe (32 bit).

After that

If you decided to uninstall Norton. Do this after you have uninstalled it.

Go here Norton Removal Tool to remove left over bits of the Norton AntiVirus Program. Choose the link for the version you had and then download and run the removal progam. If you don't know the version just proceed, it should still work.

Now

Please go to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:

Viewpoint, Viewpoint Manager, Viewpoint Media Player.:

Viewpoint Manager is considered to be foistware. You can go to the link below to read about it.

http://www.clickz.com/news/article.php/3561546

Step 2

Your Java is out of date, older versions are vunerable to attack.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Step 3

Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html

Step 4

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll (file missing)
O3 - Toolbar: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll (file missing)

Close all windows other than HiJackThis, then click Fix Checked.

Close HiJackThis.

Finally in this post

You have used ComboFix. Please look in C:\Qoobox\ComboFix.txt) and pasting the contents of the text file back here. There may be more than one ComboFix.txt. They should be numbered. Just post the last one.

So when you return please post
  • ComboFix.txt
  • a new HijackThis log

  • 0

#5
EEGADS!

EEGADS!

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey, thanks so much for the fast reply, and for everything you've done!! Sorry i didn't reply last night, but i was too tired. Anyways...

I did everything you said, except, when i tried to download the JavaRa, i got this message:

Error 403 - Forbidden
You tried to access a document for which you don't have privileges.


So yeah... :)

Anyways, i had tried to run combofix before, but it didn't finish because i had to stop it in the middle. So there was no txt file. So i ran it again, and it seemed to complete, but then i was getting an error message when i try to run a program:

An illegal operation attempted on a registry key that has been marked for deletion.

So i restarted the computer, and now it is working fine..but i cant find the log file!

This is the only thing close to a logfile i could find:

it was under C:\Qoobox\Combofix-quarantinedfiles

2009-08-13 03:32:35 . 2009-08-13 03:32:36 136 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SNM.reg.dat
2009-08-13 03:32:34 . 2009-08-13 03:32:34 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2009-08-13 03:32:30 . 2009-08-13 03:32:30 366 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2009-08-12 06:37:28 . 2009-08-13 03:29:37 5,048 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-08-05 05:32:40 . 2009-08-13 03:24:34 211 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-06-29 19:11:03 . 2009-06-29 19:11:03 87,608 ----a-w- C:\Qoobox\Quarantine\C\Users\Jan\AppData\Roaming\inst.exe.vir
2008-10-01 22:55:12 . 2008-10-01 22:55:12 13,431,808 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\1affd1.msi.vir


Dont know if that will help you at all..but..yeah.

Anyways..thanks again soooo much for all of your help!! Waiting on your reply!!
  • 0

#6
EEGADS!

EEGADS!

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
AHH! SORRY I *TOTALLY* FORGOT TO GIVE YOU THE HJT LOG!! WELL HERE IT IS!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:59 AM, on 8/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\VM30xSnap.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\V0470Mon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll (file missing)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] "C:\Windows\WindowsMobile\wmdc.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VM30xSnap] "C:\Windows\VM30xSnap.exe" Vimicro USB PC Camera (ZC030x)
O4 - HKLM\..\Run: [DXM6Patch_981116] "C:\Windows\p_981116.exe" /Q:A
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [V0470Mon.exe] "C:\Windows\V0470Mon.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...S/wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....NPUplden-us.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://linksyssuppo...ort/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10783 bytes


Well srry and thanksss...!! Waiting on your reply!!
  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello EEGADS!,

I did everything you said, except, when i tried to download the JavaRa, i got this message:


Okay, let's try another way.

Please follow these steps:


Now

For that ComboFix log check these.

Right click on Start > Explore and navigate to:

C:\QooBox\LastRun\ <--Data from failed CF runs are stored here.

You should be able to find the data for a failed run there.

Alternatively C:\Qoobox\ComboFix.txt. Note ComboFix.txt may be numbered like this ComboFix2.txt.

Copy and past the contents of the text file back here.
  • 0

#8
EEGADS!

EEGADS!

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, sooo sorry for replying so late! I have been really busy...thanks for your help!

Anyways,

I installed the java thing successfully...so that's good..

When i go to that location, the onlyy things that are under "Qoobox" are

BackEnv
Quarantine
Add - Remove Programs
ComboFix-quarantined-files
[email protected]


BUT, just now, i found a notepad file named ComboFix stored under Computer > OS(C:)

Is this it?

ComboFix 09-08-10.06 - Jan 08/12/2009 23:25.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1258 [GMT -4:00]
Running from: c:\users\Jan\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: BluePoint Security *On-access scanning enabled* (Updated) {b9171357-d4e9-40f0-97ab-c13e6d5d03fd}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-551768948-1205786988-3747741992-500
c:\users\Jan\AppData\Roaming\inst.exe
c:\windows\Installer\1affd1.msi



.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 03:31 . 2009-08-13 03:31 -------- d-----w- c:\users\Jan\AppData\Local\temp
2009-08-13 03:31 . 2009-08-13 03:31 -------- d-----w- c:\users\Don\AppData\Local\temp
2009-08-13 03:31 . 2009-08-13 03:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-13 03:31 . 2009-08-13 03:31 -------- d-----w- c:\users\Bronwyn\AppData\Local\temp
2009-08-12 06:04 . 2009-02-12 09:35 38208 ----a-w- c:\users\Jan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-12 06:04 . 2009-08-12 06:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-12 06:02 . 2009-08-12 06:02 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-08-12 06:02 . 2009-08-12 06:21 -------- d-----w- c:\programdata\NOS
2009-08-12 06:02 . 2009-08-12 06:21 -------- d-----w- c:\program files\NOS
2009-08-12 04:35 . 2009-08-12 04:36 -------- d-----w- C:\rsit
2009-08-11 02:48 . 2009-08-11 03:00 -------- d-----w- c:\users\Jan\AppData\Roaming\Roxio
2009-08-11 01:11 . 2009-08-11 01:11 -------- d-----w- C:\TAKEN
2009-08-07 13:48 . 2009-08-12 03:58 7052 ----a-w- c:\users\Jan\AppData\Local\d3d9caps.dat
2009-08-07 02:29 . 2009-08-12 05:55 -------- d-----w- c:\programdata\NortonInstaller
2009-08-07 02:15 . 2009-08-12 05:50 -------- d-----w- c:\programdata\Norton
2009-08-06 00:41 . 2009-08-06 03:21 -------- d-----w- c:\windows\BDOSCAN8
2009-08-05 05:32 . 2009-08-05 05:37 -------- d-s---w- C:\Combo-Fix
2009-08-05 04:28 . 2009-08-05 04:34 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-04 04:17 . 2009-08-04 04:17 -------- d-----w- c:\program files\BluePoint Security
2009-08-04 03:26 . 2009-08-04 03:26 -------- d-----w- c:\program files\AVG
2009-08-04 03:04 . 2009-08-04 03:04 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes
2009-08-04 03:04 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 03:04 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 03:04 . 2009-08-12 04:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 06:00 . 2009-08-12 06:19 15672864 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-31 22:48 . 2009-08-12 00:31 -------- d-----w- c:\programdata\ParetoLogic
2009-07-31 22:48 . 2009-08-12 00:31 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-07-31 22:48 . 2009-07-31 22:48 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2009-07-31 22:45 . 2009-07-31 22:45 -------- d-----w- c:\users\Jan\AppData\Local\Downloaded Installations
2009-07-29 04:21 . 2009-07-18 12:07 72704 ----a-w- c:\windows\system32\admparse.dll
2009-07-29 04:21 . 2009-07-18 12:10 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-07-29 04:21 . 2009-07-18 10:00 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-29 04:21 . 2009-07-18 08:34 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-07-26 05:27 . 2009-07-26 05:27 -------- d-----w- c:\users\Jan\AppData\Roaming\BitDefender
2009-07-26 05:21 . 2009-07-26 05:27 -------- d-----w- c:\programdata\BitDefender
2009-07-26 05:21 . 2009-07-26 05:21 -------- d-----w- c:\program files\BitDefender
2009-07-26 05:16 . 2009-07-26 05:23 -------- d-----w- c:\program files\Common Files\BitDefender
2009-07-15 06:52 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 06:52 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 06:52 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 06:52 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 06:52 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 06:52 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 07:05 . 2008-05-11 01:09 -------- d-----w- c:\programdata\Google Updater
2009-08-12 06:19 . 2009-08-01 06:00 202016 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-12 06:19 . 2007-11-28 08:07 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-12 06:08 . 2008-03-01 20:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-12 06:00 . 2009-04-15 03:49 -------- d-----w- c:\programdata\Viewpoint
2009-08-11 03:21 . 2007-11-28 08:14 -------- d-----w- c:\programdata\Roxio
2009-08-11 01:29 . 2009-06-30 05:00 -------- d-----w- c:\programdata\DVD Shrink
2009-08-10 23:29 . 2008-07-02 02:56 -------- d-----w- c:\users\Jan\AppData\Roaming\Skype
2009-08-10 20:00 . 2009-06-28 00:35 -------- d-----w- c:\users\Jan\AppData\Roaming\skypePM
2009-08-07 03:07 . 2007-11-28 08:15 -------- d-----w- c:\program files\Trend Micro
2009-08-06 00:42 . 2007-11-28 08:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 05:24 . 2008-05-25 21:08 -------- d-----w- c:\users\Jan\AppData\Roaming\Yahoo!
2009-07-28 05:24 . 2008-05-10 16:46 -------- d-----w- c:\programdata\Yahoo!
2009-07-26 22:22 . 2008-05-10 17:42 -------- d-----w- c:\programdata\Yahoo! Companion
2009-07-26 21:24 . 2009-06-30 21:49 -------- d-----w- c:\program files\BitPim
2009-07-26 21:23 . 2007-12-25 08:06 -------- d-----w- c:\windows\Fonts\FONTS
2009-07-26 21:23 . 2009-07-10 00:58 -------- d-----w- c:\program files\DVDVideoSoft
2009-07-26 21:23 . 2009-06-29 19:10 -------- d-----w- c:\program files\DVDFab 6
2009-07-26 21:23 . 2009-06-28 23:25 -------- d-----w- c:\program files\E.M. DVD Copy
2009-07-26 21:23 . 2008-07-30 02:44 -------- d-----w- c:\programdata\Avira
2009-07-26 21:23 . 2007-12-25 08:05 -------- d-----w- c:\program files\Print Workshop 2006
2009-07-26 21:23 . 2007-11-28 08:23 -------- d-----w- c:\program files\Yahoo!
2009-07-26 21:23 . 2009-06-30 05:44 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-26 21:23 . 2009-06-30 05:44 -------- d-----w- c:\program files\Ahead
2009-07-26 21:23 . 2009-06-22 23:18 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-07-26 21:23 . 2008-07-30 02:44 -------- d-----w- c:\program files\Avira
2009-07-26 21:23 . 2007-12-18 02:07 -------- d-----w- c:\program files\Common Files\Broderbund
2009-07-26 20:55 . 2008-05-28 02:30 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-07-26 20:55 . 2009-06-29 19:11 -------- d-----w- c:\users\Jan\AppData\Roaming\Vso
2009-07-18 12:17 . 2009-07-29 04:22 827392 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 12:10 . 2009-07-29 04:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-15 07:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-30 21:55 . 2009-06-30 21:55 -------- d-----w- c:\program files\LG Electronics
2009-06-30 05:41 . 2009-06-30 04:50 -------- d-----w- c:\users\Jan\AppData\Roaming\RipIt4Me
2009-06-30 04:59 . 2009-06-30 04:59 -------- d-----w- c:\program files\DVD Shrink
2009-06-30 04:50 . 2009-06-30 04:50 643072 ----a-w- c:\users\Jan\AppData\Roaming\RipIt4Me\updater\ri4mupdater.exe
2009-06-29 19:11 . 2009-06-29 19:11 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-29 19:11 . 2009-06-29 19:11 47360 ----a-w- c:\users\Jan\AppData\Roaming\pcouffin.sys
2009-06-29 19:11 . 2009-06-29 19:11 47360 ----a-w- c:\users\Jan\AppData\Roaming\pcouffin.sys
2009-06-29 19:05 . 2009-06-29 19:05 -------- d-----w- c:\program files\DVD Decrypter
2009-06-28 23:29 . 2009-06-28 23:29 -------- d-----w- c:\users\Jan\AppData\Roaming\dvdcss
2009-06-28 10:03 . 2009-06-28 10:03 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-28 00:33 . 2009-06-28 00:33 -------- d-----w- c:\program files\Common Files\Skype
2009-06-28 00:33 . 2009-06-28 00:33 -------- d-----r- c:\program files\Skype
2009-06-28 00:33 . 2008-07-01 19:25 -------- d-----w- c:\programdata\Skype
2009-06-22 23:18 . 2009-06-22 23:18 -------- d-----w- c:\program files\Common Files\Scanner
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\users\Jan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-06-10 15:18 . 2009-06-10 15:18 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA047.tmp.exe
2009-06-01 02:26 . 2007-12-07 03:42 142288 ----a-w- c:\users\Bronwyn\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 01:24 . 2007-12-08 01:07 142288 ----a-w- c:\users\Don\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-29 05:43 . 2007-12-08 15:43 142288 ----a-w- c:\users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-27 19:02 . 2008-07-30 02:44 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-16 12:19 . 2009-05-16 12:19 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2008-07-26 04:19 . 2008-07-26 04:19 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-07-07 19:57 . 2008-05-13 00:30 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-07-07 19:57 . 2008-05-13 00:30 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-07-07 19:57 . 2008-05-13 00:30 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-07-07 19:57 . 2008-05-13 00:30 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-07-07 19:57 . 2008-05-13 00:30 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-03-20 03:57 . 2009-03-20 03:57 2 --shatr- c:\windows\winstart.bat
2007-11-28 15:53 . 2007-11-28 15:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-28 1006264]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2007-09-24 4452352]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"VM30xSnap"="c:\windows\VM30xSnap.exe" [2007-02-05 53248]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-04 32768]
"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{895A39EA-A8C6-48EB-8F0F-6D03A2BB73E2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6AEECD95-5BDE-417C-AD13-6BBAF3A47F8B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FE6E0C42-E4DE-40D2-9B96-8FB12FD4687F}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{95FE6877-82F7-4635-8781-7ACEC5574F30}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{379F708C-7734-4C39-BEB9-5725F2632B75}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BD06D212-E60D-455C-881A-65BD95EAAF2E}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{727487DA-39E1-4EDE-A345-E2BFEEA5EF25}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{ABB16A8A-819B-4657-940C-190D2C5D370C}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{E7C2B2F8-06DB-42CB-8DBC-55770440F38D}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{E360A094-25ED-49D1-A324-C2E62BD46077}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"TCP Query User{7875ECFB-772B-475F-A549-244027F0EDB1}c:\\program files\\msn\\msncorefiles\\msn.exe"= UDP:c:\program files\msn\msncorefiles\msn.exe:msn
"UDP Query User{6CECD9F2-F322-45D6-9F1D-35792D67D440}c:\\program files\\msn\\msncorefiles\\msn.exe"= TCP:c:\program files\msn\msncorefiles\msn.exe:msn
"{0EF9A5FB-B0F2-4A1A-8354-11EFA5B762DC}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{935A1F9A-8252-4CBB-9423-2E8C67E2DE64}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3FC3187C-75CD-4808-8224-5FBDB70FBC5B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{EBA44915-A346-4D29-B818-4FD64DBC6E4E}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{A0E8C512-59F8-49A5-BDC2-BB1210EF41E8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CF9385A7-8DE0-402A-A3AE-2089E8EB112D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{CD619ED4-D48D-4E65-BEF6-D4FCDDBE4266}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2086046B-812F-4A83-AF66-A6A95AF7A9A9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{60C3B1B6-12B4-4004-B9D9-00F93AB90816}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2BE6C2F7-27ED-4AA1-AC1E-A4C2F17ACB25}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{79851B86-0C9C-4B27-A6AE-62C765C5A017}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{E471EDC0-6BA8-4FD0-9440-DA60C0AA2F74}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{CC2E58AF-3C46-4D52-A0B3-2072E426D941}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7357BE05-166F-4B3F-BF40-A08CECB74389}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A5DA432D-F957-4CC4-A356-EC09BD0E9708}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{4B7B5293-A0C1-4BC9-BAB3-B712C285D251}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{9F90D449-C7B2-45F5-89B8-62103DD829AC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{51DD13AB-1FA3-41B5-AC5E-C0576F93B1B2}"= UDP:c:\users\Jan\AppData\Local\Temp\7zSD355.tmp\SymNRT.exe:Norton Removal Tool
"{61BB4F1A-EC5A-4639-8C13-FFE46A9334CD}"= TCP:c:\users\Jan\AppData\Local\Temp\7zSD355.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\System32\drivers\V0470Vid.sys [8/11/2008 9:43 PM 146720]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/28/2007 4:27 AM 29744]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\System32\drivers\superwebcam.sys [7/20/2008 1:53 AM 31872]
S3 VM30xx86;Vimicro USB PC Camera (ZC030x);c:\windows\System32\drivers\vm30xx86.sys [1/8/2008 11:04 PM 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-08-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-28 13:46]

2009-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-551768948-1205786988-3747741992-1002Core.job
- c:\users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-26 02:33]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-551768948-1205786988-3747741992-1002UA.job
- c:\users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-26 02:33]

2009-08-13 c:\windows\Tasks\User_Feed_Synchronization-{7CE2ADA8-BB6A-4E2D-9B16-D2A09EEC04AB}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071128
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\p3auxd50.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com...{moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com...{moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com...owsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 23:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-13 23:33
ComboFix-quarantined-files.txt 2009-08-13 03:33

Pre-Run: 200,368,386,048 bytes free
Post-Run: 200,281,518,080 bytes free

317 --- E O F --- 2009-08-03 17:18



THANKS! :)
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi EEGADS!,

That looks like a log from ComboFix alright but I am thinking it is quite old and really we need to know what's happening now.

Please delete your version of ComboFix, including the folders C:\Qoobox and C:\Combofix, and download a new version of Combofix.

Download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without asupervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#10
EEGADS!

EEGADS!

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi,


Sorry, I dont think Combofix is gonna work..i went to uninstall it, and when i searched for Combofix nothing came up. When i run it, at the start, i get an error message that

BluePoint security (which i uninstalled, i thought..)
and
AntivirPE classic (Which i cant successfully uninstall but i cant run either because it says the file's missing!

Are running. So...yeah. Maybe we could use another tool?

Thanks!
  • 0

#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Have you tried running ComboFix anyway?
  • 0

#12
EEGADS!

EEGADS!

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Yes, but it fails and then afterwards my computer is kinda messed up and i have to repair the internet and restart the computer...so is there another tool we could use?
  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Yes, but it fails and then afterwards my computer is kinda messed up and i have to repair the internet and restart the computer...so is there another tool we could use?


One of the reasons ComboFix should be run under supervision is to make sure it is used correctly and removed properly at the end. It does make changes to your machine one of which is to disconnect from the internet. It is designed to reconnect as it goes through its work but sometimes if there is something awry in a machine this has to be done manually.

As to other tools, hmm... MBAM didn't find anything. Perhaps we can have a look for possible rootkits.

Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP