Bad Image, System 32 Virus???

Bridget · #1 18th Sep 2009, 10:30

Hi

I started getting a pop up that said the following;

globalroot\systemroot\system32\gasfkynqpqxefv.dll is either not designed to run on Windows or it contains an error. Try installing the programme again using the original installation media or contact your system administrator or the software vendor for support.

this happpened at start up and any time I opened a new programme. I could not run a scan with Norton 360, and the PC would not hibernate or go to sleep and CPU was at c.39%

I followed the steps on the sticky and got the following results;

1] cc cleaner - unfortunately I do not have a log for this but the pop up still happened after running this and CPU still at 39%

2] SuperAntiSpyWare
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/17/2009 at 05:36 PM
Application Version : 4.28.1010
Core Rules Database Version : 4107
Trace Rules Database Version: 2047
Scan type : Complete Scan
Total Scan Time : 01:00:07
Memory items scanned : 837
Memory threats detected : 0
Registry items scanned : 7452
Registry threats detected : 10
File items scanned : 42921
File threats detected : 17
Trojan.Agent/Gen-Downloader[Packed]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}
HKCR\CLSID\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}
HKCR\CLSID\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}
HKCR\CLSID\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}\InprocServer32
HKCR\CLSID\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}\InprocServer32#ThreadingModel
HKCR\CLSID\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}\ProgID
HKCR\CLSID\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}\TypeLib
HKCR\glok
HKCR\TypeLib\{1ABA6D39-508C-483C-8466-9A9E69BC708F}
C:\WINDOWS\SYSTEM32\YXHL0.DLL
HKU\S-1-5-21-2227595457-2267991824-3093425638-1000\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C3D409DF-0316-4FC0-89E2-DBDD885232A0}
Adware.Tracking Cookie
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@ad.yieldmanager[1].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@adviva[1].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@atdmt[2].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@casalemedia[1].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@content.yieldmanager[2].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@content.yieldmanager[3].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@doubleclick[2].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@eas.apm.emediate[2].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@media6degrees[1].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@revsci[2].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@saletrack.co[1].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@server.iad.liveperson[1].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@server.iad.liveperson[3].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@specificclick[1].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@tracking.summitmedia.co[1].txt
C:\Users\Bridget\AppData\Roaming\Microsoft\Windows \Cookies\Low\bridget@www.googleadservices[1].txt

and still had the pop up, and CPU at 39%

3] Malwarebites Anti-Malware
Malwarebytes' Anti-Malware 1.41
Database version: 2816
Windows 6.0.6001 Service Pack 1
17/09/2009 18:37:02
mbam-log-2009-09-17 (18-37-02).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 255926
Time elapsed: 43 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\BILEVSE (Rogue.RegTidy) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\BN (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D1 (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D2 (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D3 (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\gd (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\pr (Trojan.Ambler) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Users\Bridget\AppData\Roaming\BILEVSE (Rogue.RegTidy) -> Quarantined and deleted successfully.
C:\Users\Bridget\AppData\Roaming\BILEVSE\RegistryC onvoy2009 (Rogue.RegTidy) -> Quarantined and deleted successfully.
C:\Users\Bridget\AppData\Roaming\BILEVSE\RegistryC onvoy2009\Backup (Rogue.RegTidy) -> Quarantined and deleted successfully.
C:\Users\Bridget\AppData\Roaming\BILEVSE\RegistryC onvoy2009\Backup\Registry (Rogue.RegTidy) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\Bridget\AppData\Roaming\BILEVSE\RegistryC onvoy2009\Backup\Registry\20090917101407.reg (Rogue.RegTidy) -> Quarantined and deleted successfully.
C:\Users\Bridget\AppData\Roaming\Microsoft\Interne t Explorer\Quick Launch.lnk (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Windows\System32\c2d.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\idm.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\jc.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\q1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\xd.dat (Malware.Trace) -> Quarantined and deleted successfully.

Following this there is no longer a pop up appearing and CPU is normal.

4] HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:03, on 18/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe
C:\Program Files\Radio Downloader\Radio Downloader.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e
C:\Program Files\Radio Downloader\dependencies\lame.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...m=aspire_x3200
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAlaw.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAlaw.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAlaw.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Radio Downloader] "C:\Program Files\Radio Downloader\Radio Downloader.exe" /hidemainwindow
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE15~1.0_1\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE15~1.0_1\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Faerie%20...es/stg_drm.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Burger%20.../armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9a4d9901f2af0) (gupdate1c9a4d9901f2af0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 13448 bytes

I have also done a scan with Norton 360 which did not detect anything.

Has the problem been solved or do I need to do anything else?

Many thanks

**evilfantasy** · #2 18th Sep 2009, 15:51

Welcome to CJ.

Right click HijackThis and choose Run as Administrator

Next select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

Bridget · #3 19th Sep 2009, 01:12

Thanks for the welcome and the help.

ComboFix 09-09-18.02 - Bridget 19/09/2009 8:55.1.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2814.1714 [GMT 1:00]
Running from: c:\users\Bridget\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2227595457-2267991824-3093425638-500
c:\$recycle.bin\S-1-5-21-2760852498-2543259003-1422614318-1000
c:\users\Bridget\AppData\Roaming\.#
c:\users\Bridget\AppData\Roaming\.#\MBX@238C@1D328 E8.###
c:\users\Bridget\AppData\Roaming\.#\MBX@238C@1D329 18.###
c:\users\Bridget\AppData\Roaming\.#\MBX@238C@1D329 48.###
c:\windows\system32\drivers\gasfkywiwwcqku.sys
c:\windows\system32\gasfkybbaekenc.dat
c:\windows\system32\gasfkynqpqxefv.dll
c:\windows\system32\gasfkypoxhuobr.dll
c:\windows\system32\gasfkytexmenis.dat
c:\windows\system32\gasfkyxnvynskt.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_gasfkyppseivtx
-------\Service_gasfkyppseivtx

((((((((((((((((((((((((( Files Created from 2009-08-19 to 2009-09-19 )))))))))))))))))))))))))))))))
.
2009-09-19 08:01 . 2009-09-19 08:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-18 16:54 . 2009-09-18 16:54 -------- d-----w- c:\program files\Trend Micro
2009-09-17 16:50 . 2009-09-17 16:50 -------- d-----w- c:\users\Bridget\AppData\Roaming\Malwarebytes
2009-09-17 16:50 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-17 16:50 . 2009-09-17 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 16:50 . 2009-09-17 16:50 -------- d-----w- c:\programdata\Malwarebytes
2009-09-17 16:50 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-17 15:31 . 2009-09-17 15:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-09-17 15:30 . 2009-09-17 15:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-17 15:30 . 2009-09-17 15:30 -------- d-----w- c:\users\Bridget\AppData\Roaming\SUPERAntiSpyware. com
2009-09-17 15:29 . 2009-09-17 15:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-17 15:21 . 2009-09-17 15:21 -------- d-----w- c:\program files\CCleaner
2009-09-17 09:43 . 2009-09-17 09:43 -------- d-----w- c:\users\Bridget\Documents - Copy (1)
2009-09-17 09:43 . 2009-09-17 09:43 -------- d-----w- c:\users\Bridget\Desktop - Copy (1)
2009-09-17 09:43 . 2009-09-17 09:43 -------- d-----w- c:\users\Bridget\Contacts - Copy (1)
2009-09-17 09:43 . 2009-09-17 09:43 -------- d-----w- c:\users\Bridget\uspy - Copy (1)
2009-09-16 17:58 . 2009-09-16 17:58 -------- d-----w- c:\programdata\WindowsSearch
2009-09-16 11:58 . 2009-09-16 11:58 -------- d-----w- c:\programdata\Playrix Entertainment
2009-09-16 11:21 . 2009-09-16 11:21 -------- d-----w- c:\programdata\Sandlot Games
2009-09-16 11:21 . 2009-09-16 11:21 -------- d-----w- c:\windows\Cake Mania Back to the Bakery
2009-09-16 11:14 . 2009-09-16 11:19 -------- d-----w- c:\programdata\Brainiversity2
2009-09-16 11:13 . 2009-09-16 11:13 -------- d-----w- c:\windows\Brainiversity 2
2009-09-16 09:02 . 2009-09-16 09:06 -------- d-----w- c:\programdata\Nick Chase A Detective Story
2009-09-16 08:54 . 2009-09-16 08:54 -------- d-----w- c:\windows\Nick Chase A Detective Story
2009-09-16 08:53 . 2009-09-16 08:53 -------- d-----w- c:\windows\Nick Chase A Detective Story Strategy Guide
2009-09-15 20:24 . 2009-09-16 20:01 -------- d-----w- c:\users\Bridget\AppData\Roaming\BitZipper
2009-09-15 19:44 . 2009-09-15 19:44 -------- d-----w- c:\windows\Keys to Manhattan
2009-09-15 14:43 . 2009-09-15 14:43 -------- d-----w- c:\program files\GameHouse
2009-09-14 13:30 . 2009-09-14 13:30 -------- d-----w- c:\users\Bridget\AppData\Roaming\Princess Isabella
2009-09-14 12:16 . 2009-09-14 12:16 -------- d-----w- c:\users\Bridget\AppData\Local\Grubby Games
2009-09-14 12:16 . 2009-09-14 13:15 -------- d-----w- c:\program files\My Tribe
2009-09-13 19:00 . 2009-09-13 19:00 -------- d-----w- c:\programdata\Azureus
2009-09-13 19:00 . 2009-09-16 18:19 -------- d-----w- c:\users\Bridget\AppData\Roaming\Azureus
2009-09-13 10:29 . 2009-09-13 10:29 -------- d-----w- c:\users\Bridget\AppData\Local\www.nerdoftheherd.com
2009-09-13 09:28 . 2009-09-13 09:28 -------- d-----w- c:\users\Bridget\AppData\Roaming\www.nerdoftheherd.com
2009-09-13 09:28 . 2009-09-13 09:28 -------- d-----w- c:\program files\Radio Downloader
2009-09-10 15:00 . 2009-09-16 20:04 -------- d-----w- c:\program files\Carl The Caveman
2009-09-10 12:28 . 2009-09-10 12:31 -------- d-----w- c:\users\Bridget\AppData\Roaming\EnchantedCavern
2009-09-10 09:27 . 2009-09-10 09:27 -------- d-----w- c:\programdata\Mysteries of Horus
2009-09-09 16:04 . 2009-09-09 16:07 -------- d-----w- c:\users\Bridget\AppData\Roaming\Faerie Solitaire
2009-09-09 12:59 . 2009-09-09 12:59 -------- d-----w- c:\users\Bridget\AppData\Roaming\Boolat Games
2009-09-09 08:03 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 08:03 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 08:02 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 08:02 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 08:02 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 08:02 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 08:02 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 08:02 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 08:02 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 08:02 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 08:02 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 08:02 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 08:02 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 08:02 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 08:01 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-07 04:37 . 2009-09-07 04:37 -------- d-----w- c:\users\Bridget\AppData\Roaming\V-Games
2009-09-05 16:03 . 2009-09-05 16:42 -------- d-----w- c:\programdata\FarmFrenzy3
2009-09-04 18:31 . 2009-09-04 18:31 -------- d-----w- c:\users\Bridget\AppData\Roaming\Enchanted Katya
2009-09-04 16:32 . 2009-09-04 17:32 -------- d-----w- c:\programdata\VirtualFarm
2009-09-04 14:04 . 2009-09-04 14:05 -------- d-----w- c:\users\Bridget\AppData\Roaming\BeachPartyCraze
2009-09-04 12:38 . 2009-09-05 13:39 -------- d-----w- c:\users\Bridget\AppData\Roaming\Gaijin Ent
2009-09-02 21:44 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 21:44 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 12:27 . 2009-09-02 12:27 -------- d-----w- c:\users\Bridget\AppData\Roaming\Alawar
2009-09-02 10:43 . 2009-09-02 10:43 -------- d-----w- c:\program files\Conduit
2009-09-02 10:43 . 2009-09-02 10:43 -------- d-----w- c:\program files\Alawar.com
2009-09-02 09:00 . 2009-09-02 09:01 -------- d-----w- c:\users\Bridget\AppData\Roaming\SprillRichiEng
2009-09-02 08:57 . 2009-09-02 08:58 -------- d-----w- c:\programdata\DreamFarm
2009-08-30 18:41 . 2009-09-14 21:56 -------- d-----w- c:\programdata\AlawarGameBox
2009-08-30 18:41 . 2009-09-02 10:44 -------- d-----w- c:\programdata\AlawarWrapper
2009-08-30 18:41 . 2009-09-10 16:40 -------- d-----w- c:\program files\Alawar
2009-08-26 11:58 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 13:46 . 2009-08-25 13:46 -------- d-----w- c:\users\Bridget\AppData\Local\7Wonders2
2009-08-23 16:15 . 2009-08-23 16:15 -------- d-----w- c:\users\Bridget\AppData\Local\AlwaysNeat
2009-08-22 20:22 . 2009-08-22 20:58 -------- d-----w- c:\users\Bridget\AppData\Roaming\iWin_JanesRealty
2009-08-22 14:06 . 2009-08-22 14:06 -------- d-----w- c:\programdata\hitpointstudios
2009-08-22 10:37 . 2009-08-22 13:55 -------- d-----w- c:\program files\Chuzzle Deluxe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-19 08:01 . 2009-03-22 10:37 -------- d-----w- c:\programdata\Kontiki
2009-09-19 07:55 . 2009-03-14 19:16 -------- d-----w- c:\programdata\Google Updater
2009-09-19 07:54 . 2009-09-19 07:54 6736 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2009-09-16 19:35 . 2008-04-30 17:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-15 14:43 . 2009-08-13 15:01 -------- d-----w- c:\programdata\HipSoft
2009-09-14 12:42 . 2009-03-10 20:17 -------- d-----w- c:\users\Bridget\AppData\Roaming\Big Fish Games
2009-09-12 18:52 . 2009-03-08 15:05 -------- d-----w- c:\users\Bridget\AppData\Roaming\Spotify
2009-09-10 16:43 . 2008-04-30 18:14 -------- d-----w- c:\program files\Acer GameZone
2009-09-10 16:37 . 2009-08-13 14:52 -------- d-----w- c:\program files\RealArcade
2009-09-10 16:33 . 2009-08-12 11:25 -------- d-----w- c:\programdata\Media Center Programs
2009-09-09 21:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 21:15 . 2009-05-04 20:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 10:48 . 2009-08-03 19:55 -------- d-----w- c:\users\Bridget\AppData\Roaming\YoudaGames
2009-08-25 12:27 . 2009-03-10 21:06 -------- d-----w- c:\programdata\PlayFirst
2009-08-23 17:26 . 2009-08-23 17:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-08-22 16:48 . 2009-03-10 21:06 -------- d-----w- c:\users\Bridget\AppData\Roaming\PlayFirst
2009-08-21 08:05 . 2009-03-19 19:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-19 16:24 . 2009-08-19 16:24 -------- d-----w- c:\program files\ReflexiveArcade
2009-08-19 14:42 . 2009-05-04 22:58 -------- d-----w- c:\programdata\Trymedia
2009-08-18 20:13 . 2009-08-18 20:13 -------- d-----w- c:\users\Bridget\AppData\Roaming\Gamers Digital
2009-08-18 20:13 . 2009-08-18 20:13 -------- d-----w- c:\programdata\Gamers Digital
2009-08-18 17:59 . 2009-08-18 17:59 -------- d-----w- c:\programdata\GameHouse
2009-08-18 15:56 . 2009-08-13 16:26 -------- d-----w- c:\users\Bridget\AppData\Roaming\Flood Light Games
2009-08-18 15:56 . 2009-08-13 16:26 -------- d-----w- c:\programdata\Flood Light Games
2009-08-17 15:43 . 2009-08-17 15:43 -------- d-----w- c:\users\Bridget\AppData\Roaming\RealArcade_Janes_ Realty
2009-08-16 18:41 . 2009-08-16 18:41 -------- d-----w- c:\programdata\Gogii
2009-08-16 16:25 . 2009-08-16 16:25 -------- d-----w- c:\programdata\MumboJumbo
2009-08-16 14:44 . 2009-08-16 14:44 -------- d-----w- c:\users\Bridget\AppData\Roaming\Aveyond 3
2009-08-16 13:41 . 2009-08-16 13:41 -------- d-----w- c:\users\Bridget\AppData\Roaming\SulusGames
2009-08-16 13:41 . 2009-08-16 13:41 -------- d-----w- c:\programdata\SulusGames
2009-08-15 15:38 . 2009-08-15 15:38 -------- d-----w- c:\programdata\PlayfulAge
2009-08-15 15:28 . 2009-08-15 15:28 -------- d-----w- c:\programdata\RealArcade
2009-08-15 15:28 . 2009-08-15 15:28 -------- d-----w- c:\programdata\Zylom
2009-08-15 15:28 . 2009-08-15 15:28 -------- d-----w- c:\program files\Zylom Games
2009-08-15 15:28 . 2009-03-07 19:02 -------- d-----w- c:\program files\Google
2009-08-15 15:26 . 2009-08-15 15:26 -------- d-----w- c:\program files\BBC iPlayer Desktop
2009-08-13 14:48 . 2009-08-13 14:46 -------- d-----w- c:\program files\Retro64 Games
2009-08-11 19:19 . 2009-08-11 19:19 -------- d-----w- c:\users\Bridget\AppData\Roaming\SpinTop
2009-08-11 16:23 . 2009-08-11 16:23 -------- d-----w- c:\users\Bridget\AppData\Roaming\Merscom
2009-08-11 16:23 . 2009-08-11 16:23 -------- d-----w- c:\programdata\Merscom
2009-08-09 17:37 . 2009-03-10 19:22 70 ----a-w- c:\users\Bridget\AppData\Roaming\wklnhst.dat
2009-08-09 10:12 . 2009-03-07 15:09 -------- d-----w- c:\program files\bfgclient
2009-08-08 19:31 . 2009-08-08 19:31 -------- d-----w- c:\programdata\Bilbo
2009-08-02 22:31 . 2009-08-02 22:31 -------- d-----w- c:\programdata\GoBit Games
2009-08-02 16:20 . 2009-03-07 19:02 90376 ----a-w- c:\users\Bridget\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-31 11:33 . 2009-03-08 12:40 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-23 18:01 . 2009-07-23 18:01 124488 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-21 21:52 . 2009-07-29 07:08 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-12 06:42 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-12 06:41 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 06:41 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 06:41 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 06:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{511131f1-4629-4254-a85f-ed7b6d75dd3c}"= "c:\program files\Alawar.com\tbAlaw.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{511131f1-4629-4254-a85f-ed7b6d75dd3c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{511131f1-4629-4254-a85f-ed7b6d75dd3c}]
2008-09-15 05:47 1784856 ----a-w- c:\program files\Alawar.com\tbAlaw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{511131f1-4629-4254-a85f-ed7b6d75dd3c}"= "c:\program files\Alawar.com\tbAlaw.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{511131f1-4629-4254-a85f-ed7b6d75dd3c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{511131F1-4629-4254-A85F-ED7B6D75DD3C}"= "c:\program files\Alawar.com\tbAlaw.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{511131f1-4629-4254-a85f-ed7b6d75dd3c}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-03-07 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-22 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-04-22 92704]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-07 24064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-08 185896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_17\bin\jusched.exe" [2008-11-10 75264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Radio Downloader"="c:\program files\Radio Downloader\Radio Downloader.exe" [2009-09-08 462848]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
c:\users\Bridget\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-8-15 95744]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleD esktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{D3692F7A-3336-4A52-9AC8-D45490E3EB8A}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{243FFA08-5426-4F5B-94BF-3945D214DD96}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{B4A3B392-B908-464C-BFC2-0C417FAA70D9}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{97414256-6445-4A9B-BC74-408604FAB17C}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{4ED16562-0615-48B1-AC8E-05BC3A23E135}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{E1E01B63-F1FB-4B36-BA30-CDB10E548CEC}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{743EA48C-C01F-4597-9052-06834043091D}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{A2E36676-EDED-4A8D-9F3E-8098AFB6529F}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{10C0EEFA-1216-401D-B580-095802BB4A43}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{95CA98DF-615B-42AC-A4A6-1E55EFC6FE3E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{22E82D22-3523-427D-A3B2-DF2CBD1B901F}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{E183FBCF-E24B-487D-97D9-D6A92C780A2C}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7D07127C-6E08-4080-A37C-E6BCCBD40345}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{27599BCC-45B2-4BCD-B02B-D52F4B5715B3}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3C996F5F-2994-490B-A2DF-DB4CFC3E5FA9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{5E83A1B2-0380-45D8-B6A4-8CE998513DBA}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{A35A5E06-5EA8-4FA2-AB82-3F99591BBF11}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{58295DD0-0B24-4017-B00E-E3A667CC1362}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{BC846947-2867-41F8-84F1-80FC4B69273A}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsd efs\20090910.001\IDSvix86.sys [11/09/2009 06:22 272432]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [04/09/2009 14:50 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [04/09/2009 14:49 74480]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [30/04/2008 19:12 269448]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 21:11 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [30/04/2008 19:02 24576]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 20:37 149352]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [26/04/2008 05:36 45056]
R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mo n.sys [13/01/2008 03:32 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [02/09/2009 22:35 102448]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [16/08/2007 07:49 552448]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [30/04/2008 03:28 43552]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symn disv.sys [19/02/2009 13:31 41008]
S2 gupdate1c9a4d9901f2af0;Google Update Service (gupdate1c9a4d9901f2af0);c:\program files\Google\Update\GoogleUpdate.exe [14/03/2009 20:17 133104]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [26/04/2008 05:36 131072]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [07/03/2009 20:02 24064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [23/04/2007 13:54 83208]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [04/09/2009 14:50 7408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-07 22:16]
2009-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 19:17]
2009-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 19:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
.
************************************************** ************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2344)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\NLSData0009.dll
c:\windows\system32\wpdshserviceobj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\bin32\nSvcIp.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
.
************************************************** ************************
.
Completion time: 2009-09-19 9:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-19 08:05
Pre-Run: 220,700,200,960 bytes free
Post-Run: 220,456,841,216 bytes free
342 --- E O F --- 2009-09-09 21:23

HOwever, now when I try to open IE a pop up says
Illegal operation attempted on a registry key that has been marked for deletion.

Also for Norton 360, SuperAnti

Bridget · #4 19th Sep 2009, 01:17

I can run the files as administrator though

Bridget · #5 19th Sep 2009, 03:04

In fact every programme I try to run comes up with

Illegal operation attempted on a registry key that has been marked for deletion.

**evilfantasy** · #6 19th Sep 2009, 14:27

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Bridget · #7 20th Sep 2009, 01:42

DDS (Ver_09-07-30.01) - NTFSx86
Run by Bridget at 9:40:16.31 on 20/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.5.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2814.1702 [GMT 1:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TweetDeck\TweetDeck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Bridget\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Alawar.com Toolbar: {511131f1-4629-4254-a85f-ed7b6d75dd3c} - c:\program files\alawar.com\tbAlaw.dll
mURLSearchHooks: Alawar.com Toolbar: {511131f1-4629-4254-a85f-ed7b6d75dd3c} - c:\program files\alawar.com\tbAlaw.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Alawar.com Toolbar: {511131f1-4629-4254-a85f-ed7b6d75dd3c} - c:\program files\alawar.com\tbAlaw.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_17\bin\ssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\s wg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Alawar.com Toolbar: {511131f1-4629-4254-a85f-ed7b6d75dd3c} - c:\program files\alawar.com\tbAlaw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_17\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Radio Downloader] "c:\program files\radio downloader\Radio Downloader.exe" /hidemainwindow
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\bridget\appdata\roaming\micros~1\windows\ startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\users\bridget\appdata\roaming\micros~1\windows\ startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} - c:\progra~1\java\jre15~1.0_1\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Faerie%20...es/stg_drm.ocx
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Burger%20.../armhelper.ocx
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3. dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsd efs\20090910.001\IDSvix86.sys [2009-9-11 272432]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-4-30 269448]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-30 24576]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-2 102448]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-8-16 552448]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-4-30 43552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symn disv.sys [2009-2-19 41008]
S2 gupdate1c9a4d9901f2af0;Google Update Service (gupdate1c9a4d9901f2af0);c:\program files\google\update\GoogleUpdate.exe [2009-3-14 133104]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mo n.sys [2008-1-13 23888]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-7 24064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
=============== Created Last 30 ================
2009-09-19 09:03 <DIR> --d----- C:\$RECYCLE.BIN
2009-09-19 08:54 229,888 a------- c:\windows\PEV.exe
2009-09-19 08:54 161,792 a------- c:\windows\SWREG.exe
2009-09-19 08:54 98,816 a------- c:\windows\sed.exe
2009-09-18 17:54 <DIR> --d----- c:\program files\Trend Micro
2009-09-17 18:39 225,454,949 a------- c:\windows\MEMORY.DMP
2009-09-17 17:50 <DIR> --d----- c:\users\bridget\appdata\roaming\Malwarebytes
2009-09-17 17:50 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-17 17:50 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-17 17:50 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-17 17:50 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 17:50 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-17 16:31 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-09-17 16:31 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-09-17 16:30 <DIR> --d----- c:\users\bridget\appdata\roaming\SUPERAntiSpyware. com
2009-09-17 16:30 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-17 16:29 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-17 16:21 <DIR> --d----- c:\program files\CCleaner
2009-09-17 10:43 <DIR> --d----- c:\users\bridget\Documents - Copy (1)
2009-09-17 10:43 <DIR> --d----- c:\users\bridget\Desktop - Copy (1)
2009-09-17 10:43 <DIR> --d----- c:\users\bridget\uspy - Copy (1)
2009-09-17 10:43 <DIR> --d----- c:\users\bridget\Contacts - Copy (1)
2009-09-16 21:19 144 a------- c:\windows\system32\hfxsd
2009-09-16 18:58 <DIR> --d----- c:\programdata\WindowsSearch
2009-09-16 12:58 <DIR> --d----- c:\programdata\Playrix Entertainment
2009-09-16 12:58 <DIR> --d----- c:\progra~2\Playrix Entertainment
2009-09-16 12:21 <DIR> --d----- c:\programdata\Sandlot Games
2009-09-16 12:21 <DIR> --d----- c:\progra~2\Sandlot Games
2009-09-16 12:21 <DIR> --d----- c:\windows\Cake Mania Back to the Bakery
2009-09-16 12:14 <DIR> --d----- c:\programdata\Brainiversity2
2009-09-16 12:14 <DIR> --d----- c:\progra~2\Brainiversity2
2009-09-16 12:13 <DIR> --d----- c:\windows\Brainiversity 2
2009-09-16 10:02 <DIR> --d----- c:\programdata\Nick Chase A Detective Story
2009-09-16 10:02 <DIR> --d----- c:\progra~2\Nick Chase A Detective Story
2009-09-16 09:54 <DIR> --d----- c:\windows\Nick Chase A Detective Story
2009-09-16 09:53 <DIR> --d----- c:\windows\Nick Chase A Detective Story Strategy Guide
2009-09-15 21:24 <DIR> --d----- c:\users\bridget\appdata\roaming\BitZipper
2009-09-15 20:44 <DIR> --d----- c:\windows\Keys to Manhattan
2009-09-15 15:43 <DIR> --d----- c:\program files\GameHouse
2009-09-14 14:30 <DIR> --d----- c:\users\bridget\appdata\roaming\Princess Isabella
2009-09-14 13:16 <DIR> --d----- c:\program files\My Tribe
2009-09-13 20:00 <DIR> --d----- c:\programdata\Azureus
2009-09-13 20:00 <DIR> --d----- c:\progra~2\Azureus
2009-09-13 20:00 <DIR> --d----- c:\users\bridget\appdata\roaming\Azureus
2009-09-13 10:28 <DIR> --d----- c:\users\bridget\appdata\roaming\www.nerdoftheherd.com
2009-09-13 10:28 <DIR> --d----- c:\program files\Radio Downloader
2009-09-10 16:00 <DIR> --d----- c:\program files\Carl The Caveman
2009-09-10 13:28 <DIR> --d----- c:\users\bridget\appdata\roaming\EnchantedCavern
2009-09-10 10:27 <DIR> --d----- c:\programdata\Mysteries of Horus
2009-09-10 10:27 <DIR> --d----- c:\progra~2\Mysteries of Horus
2009-09-09 17:04 <DIR> --d----- c:\users\bridget\appdata\roaming\Faerie Solitaire
2009-09-09 13:59 <DIR> --d----- c:\users\bridget\appdata\roaming\Boolat Games
2009-09-09 09:03 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 09:03 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-09 09:01 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-07 05:37 <DIR> --d----- c:\users\bridget\appdata\roaming\V-Games
2009-09-05 17:03 <DIR> --d----- c:\programdata\FarmFrenzy3
2009-09-05 17:03 <DIR> --d----- c:\progra~2\FarmFrenzy3
2009-09-04 19:31 <DIR> --d----- c:\users\bridget\appdata\roaming\Enchanted Katya
2009-09-04 17:32 <DIR> --d----- c:\programdata\VirtualFarm
2009-09-04 17:32 <DIR> --d----- c:\progra~2\VirtualFarm
2009-09-04 15:04 <DIR> --d----- c:\users\bridget\appdata\roaming\BeachPartyCraze
2009-09-04 13:38 <DIR> --d----- c:\users\bridget\appdata\roaming\Gaijin Ent
2009-09-02 22:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 22:44 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 13:27 <DIR> --d----- c:\users\bridget\appdata\roaming\Alawar
2009-09-02 11:43 <DIR> --d----- c:\program files\Conduit
2009-09-02 11:43 <DIR> --d----- c:\program files\Alawar.com
2009-09-02 10:00 <DIR> --d----- c:\users\bridget\appdata\roaming\SprillRichiEng
2009-09-02 09:57 <DIR> --d----- c:\programdata\DreamFarm
2009-09-02 09:57 <DIR> --d----- c:\progra~2\DreamFarm
2009-08-30 19:41 <DIR> --d----- c:\programdata\AlawarGameBox
2009-08-30 19:41 <DIR> --d----- c:\progra~2\AlawarGameBox
2009-08-30 19:41 <DIR> --d----- c:\programdata\AlawarWrapper
2009-08-30 19:41 <DIR> --d----- c:\progra~2\AlawarWrapper
2009-08-30 19:41 <DIR> --d----- c:\program files\Alawar
2009-08-26 12:58 2,048 a------- c:\windows\system32\tzres.dll
2009-08-23 18:26 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-08-22 21:22 <DIR> --d----- c:\users\bridget\appdata\roaming\iWin_JanesRealty
2009-08-22 15:06 <DIR> --d----- c:\programdata\hitpointstudios
2009-08-22 15:06 <DIR> --d----- c:\progra~2\hitpointstudios
2009-08-22 11:37 <DIR> --d----- c:\program files\Chuzzle Deluxe
==================== Find3M ====================
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-14 17:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 15:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 15:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 15:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 15:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 15:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-09 18:37 70 a------- c:\users\bridget\appdata\roaming\wklnhst.dat
2009-07-23 19:01 124,488 a---h--- c:\windows\system32\mlfcache.dat
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-11 20:32 513,024 a------- c:\windows\system32\wlansvc.dll
2009-07-11 20:32 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 20:32 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 20:29 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-06-16 10:25 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-16 10:25 51,200 a------- c:\windows\inf\infpub.dat
2009-06-16 10:25 86,016 a------- c:\windows\inf\infstor.dat
2009-03-07 14:19 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 9:41:01.49 ===============

Bridget · #8 20th Sep 2009, 01:43

DDS (Ver_09-07-30.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/10/2006 08:12:46
System Uptime: 20/09/2009 00:33:54 (9 hours ago)
Motherboard: Acer | | WMCP78M
Processor: AMD Phenom(tm) 8450 Triple-Core Processor | Socket AM2 | 2100/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 291 GiB total, 205.274 GiB free.
D: is FIXED (NTFS) - 292 GiB total, 280.498 GiB free.
E: is Removable
F: is Removable
G: is CDROM (CDFS)
H: is Removable
I: is Removable
J: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================

==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Arcade Live Main Page
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer GameZone Console DTV 2.0.1.1
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
Alawar Game Box
Alawar.com Toolbar
AppCore
Ask.com Search Assistant 1.0.2
AV Input Selection
Aztec Tribe
Backup
BBC iPlayer Desktop
BBC iPlayer Download Manager
Belkin F5D8053 N Wireless USB Adapter
Big Fish Games Client
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon iP4300
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.0
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities WFT-E1/E2 Utility
Canon Utilities ZoomBrowser EX
ccCommon
CCleaner (remove only)
Choice Guard
DivX Web Player
EA Download Manager
EOS IEEE1394 WIA Driver
EOS USB WIA Driver
EPSON Scan
eSobi v2
Farm Frenzy 3
Farm Frenzy Pizza Party
GearDrvs
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Card Games Demo
J2SE Runtime Environment 5.0 Update 17
Kick N Rush
LightScribe 1.4.142.1
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 3.0 Runtime
MONOPOLY Build-a-lot Edition (remove only)
MSVCRT
MSXML 4.0 SP2 (KB954430)
My Craft Studio
My Tribe
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA GAME System Software 2.8.1
Picasa 3
PIXresizer 2.0.4
Radio Downloader
RealArcade
RealPlayer
Realtek High Definition Audio Driver
Restaurant Empire
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
SPBBC 32bit
Spotify
SUPERAntiSpyware Free Edition
Syberia
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
The Sims™ 3
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Web Games Player Plugin
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
ZACEditor
==== End Of File ===========================

tootech · #9 20th Sep 2009, 02:10

Sorry for jumping in, I wondered why you removed this - I couldn't find a way to PM you......

Quote:

Right click HijackThis and choose Run as Administrator

Next select Do a system scan only

Place a check mark next to the following entries: (if there)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.