• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
Sign in to follow this  
Followers 0
cold10me

Slow and Laggy Computer when gaming etc...

10 posts in this topic

Hi all!

 

I have been having some issue with lagging in my computer when gaming and surfing the net etc.

 

So i am suspecting that i might be infected with virus or spyware and i ran my malwarebyte which scanned 8 worms autorun inside.... However, it seems that my computer is still rather slow after they reported that they have cleared the worms...i will send in my malwarebyte report log which i found the worms and also the hijackthis report.

 

29/11/2009 5:57:35 PM

mbam-log-2009-11-29 (17-57-35).txt

 

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 266613

Time elapsed: 46 minute(s), 46 second(s)

 

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 3

 

Memory Processes Infected:

C:\Windows\AppPatch\smss.exe (Worm.AutoRun) -> Unloaded process successfully.

C:\Windows\Help\svchost.exe (Worm.AutoRun) -> Unloaded process successfully.

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Worm.AutoRun) -> Data: c:\windows\apppatch\lsass.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Worm.AutoRun) -> Data: c:\windows\apppatch\smss.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (Userinit.exe,C:\Windows\AppPatch\smss.exe,C:\Windows\AppPatch\lsass.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Windows\AppPatch\lsass.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\Windows\AppPatch\smss.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\Windows\Help\svchost.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

 

 

 

My hijackthis report..

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:59:20 PM, on 29/11/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18319)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Symantec AntiVirus\SmcGui.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

C:\Program Files\Republic Poly\UTClient\UTAgent.exe

C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myrp.sg

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myrp.sg

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myrp.sg

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Republic Polytechnic

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ISA-Firewall.rp.sg:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')

O4 - .DEFAULT User Startup: MediaRing Talk.lnk = C:\Program Files\MediaRing\MediaRing Talk\mrtalk.exe (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

O4 - Global Startup: UTAgent.lnk = C:\Program Files\Republic Poly\UTClient\UTAgent.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg

O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg

O17 - HKLM\System\CCS\Services\Tcpip\..\{7E6131E8-F561-440B-9E08-8B22C005B81F}: NameServer = 202.156.1.48,202.156.1.68

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Genesis Streaming Service - Unknown owner - C:\Program Files\WOW Vision\Genesis Client\WPGApplicationLauncher.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: EgisTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 14669 bytes

Edited by cold10me

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

 

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

I'm nasdaq and will be helping you.

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

 

Click on Fix Checked when finished and exit HijackThis.

 

Restart the computer normally.

===

 

Download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Link 1

Link 2

 

**Note: It is important that it is saved directly to your desktop**

 

--------------------------------------------------------------------

IMPORTANT....

 

1. Close any open browsers.

 

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

3. Do not install any other programs until this if fixed.

 

How to : Disable Anti-virus and Firewall...

http://www.bleepingcomputer.com/forums/topic114351.html

--------------------------------------------------------------------

 

Double click on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Note:

Do not mouse click combofix's window while it's running. That may cause it to stall

Share this post


Link to post
Share on other sites

Thanks for the reply!

 

Sorry for the late reply, i have been pretty busy this few days with my own things and i haven got a chance to reply.

 

I have done what you have asked and for some reason, my internet driver got changed or has an issue after the Combofix program began deleting those infected files.

 

So i wasn't able to log into the internet and just recently i ran up my computer for a check to my IT helper at school and he told me that Combofix wasn't a suitable program for window vista

 

And to be honest, my laptop is configured on school and also has a virtual private network and also a group policy inside. And i am afraid that Combofix might not actually work.

 

However, everything is fine now since the IT helper identify that the worms have been affecting the network driver and re-roll everything back to normal.

 

 

Here is my hijackthis and combofix log file

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:27:49 PM, on 7/12/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18319)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Symantec AntiVirus\SmcGui.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

C:\Program Files\Republic Poly\UTClient\UTAgent.exe

C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\conime.exe

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE

C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myrp.sg

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ISA-Firewall.rp.sg:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')

O4 - .DEFAULT User Startup: MediaRing Talk.lnk = C:\Program Files\MediaRing\MediaRing Talk\mrtalk.exe (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

O4 - Global Startup: UTAgent.lnk = C:\Program Files\Republic Poly\UTClient\UTAgent.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg

O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg

O17 - HKLM\System\CCS\Services\Tcpip\..\{53DBF748-65FA-4B46-AE6A-62DF45DEEA7A}: NameServer = 202.156.1.48,202.156.1.68

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Genesis Streaming Service - Unknown owner - C:\Program Files\WOW Vision\Genesis Client\WPGApplicationLauncher.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: EgisTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 13968 bytes

 

 

 

 

ComboFix 09-12-02.05 - 86231 03/12/2009 17:47.1.2 - x86

Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.65.1033.18.3069.1951 [GMT 8:00]

Running from: c:\users\86231\Desktop\ComboFix.exe

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-130138720-939633000-316282223-500

c:\$recycle.bin\S-1-5-21-1436248576-1388695247-3648145191-1004

c:\$recycle.bin\S-1-5-21-1436248576-1388695247-3648145191-500

c:\$recycle.bin\S-1-5-21-2355309310-2553440573-3268197911-500

c:\$recycle.bin\S-1-5-21-390594101-3682926270-3459795654-1003

c:\$recycle.bin\S-1-5-21-839522115-1801674531-725345543-155004

c:\$recycle.bin\S-1-5-21-987923836-387288360-3016216022-1003

C:\LOG.TXT

c:\windows\csrss.log

c:\windows\Suyin.reg

c:\windows\system32\drivers\ndisrd.sys

 

----- BITS: Possible infected sites -----

 

hxxp://rpsms2003.rp.edu.sg:80

hxxp://webmail1.rp.edu.sg

hxxp://rpsus2

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Ndisrd

 

 

((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))))

.

 

2009-12-02 16:04 . 2009-12-02 16:04 -------- d-----w- c:\users\86231\AppData\Local\Blizzard Entertainment

2009-11-29 09:30 . 2009-11-29 09:30 -------- d-----w- c:\program files\Trend Micro

2009-11-29 04:10 . 2007-09-29 12:00 2653184 ----a-w- c:\windows\Recycled.scr

2009-11-28 11:29 . 2009-11-28 11:29 4096 d-----w- c:\program files\Any Video Converter

2009-11-28 04:38 . 2008-06-15 02:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll

2009-11-28 04:38 . 2008-06-15 02:01 258352 ----a-w- c:\windows\system32\unicows.dll

2009-11-28 04:21 . 2009-11-28 04:21 -------- d-----w- c:\users\86231\AppData\Local\WinAVI

2009-11-28 03:59 . 2009-11-28 03:59 -------- d-----w- C:\TempDVD

2009-11-28 03:44 . 2009-11-28 03:44 -------- d-----w- c:\users\86231\AppData\Roaming\Pavtube

2009-11-28 03:22 . 2009-10-30 04:02 23096 ----a-w- c:\windows\system32\drivers\MP4ConverterAudio.sys

2009-11-28 03:14 . 2009-11-28 11:29 -------- d-----w- c:\users\86231\AppData\Roaming\Any Video Converter

2009-11-26 09:16 . 2009-11-28 22:16 227611 ----a-w- c:\windows\calcs.exe

2009-11-26 09:16 . 2009-11-26 09:16 227646 ----a-w- c:\windows\system32\sndvol32.exe

2009-11-26 09:16 . 2009-11-28 22:16 227646 ----a-w- c:\windows\sndvols.exe

2009-11-25 04:00 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys

2009-11-25 04:00 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll

2009-11-24 03:29 . 2009-11-24 03:29 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-11-21 14:30 . 2009-11-21 14:30 -------- d-----w- c:\program files\Gravity

2009-11-21 05:23 . 2009-11-21 05:23 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-11-20 07:33 . 2009-12-03 09:37 4096 d-----w- c:\users\86231\AppData\Roaming\Skype

2009-11-20 07:31 . 2009-11-20 07:31 -------- d-----w- c:\program files\Common Files\Skype

2009-11-20 07:31 . 2009-11-20 07:32 -------- d-----r- c:\program files\Skype

2009-11-20 01:23 . 2009-11-20 01:23 -------- d-----w- c:\users\86231\AppData\Local\Autodesk

2009-11-15 03:42 . 2009-11-15 03:42 -------- d-----w- c:\program files\Asiasoft Online

2009-11-12 13:31 . 2007-07-19 10:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll

2009-11-12 13:31 . 2007-07-19 10:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll

2009-11-12 13:31 . 2007-07-19 10:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2009-11-12 13:07 . 2009-11-20 01:23 -------- d-----w- c:\users\86231\AppData\Roaming\Autodesk

2009-11-12 13:07 . 2009-11-12 14:00 -------- d-----w- c:\program files\Common Files\Autodesk Shared

2009-11-12 13:07 . 2009-11-12 13:07 -------- d-----w- c:\program files\Autodesk

2009-11-12 05:48 . 2009-11-12 05:48 -------- d-----w- c:\users\86231\AppData\Local\Microsoft Help

2009-11-06 06:02 . 2009-12-03 09:34 -------- d-----w- c:\users\86231\Tracing

2009-11-06 06:01 . 2009-11-06 06:01 -------- d-----w- c:\program files\Microsoft Silverlight

2009-11-06 06:01 . 2009-11-06 06:01 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2009-11-06 06:01 . 2009-11-06 06:01 -------- dc----w- c:\windows\system32\DRVSTORE

2009-11-06 06:01 . 2009-08-05 14:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2009-11-06 06:00 . 2009-11-06 06:00 -------- d-----w- c:\program files\Microsoft Sync Framework

2009-11-06 05:59 . 2006-11-29 05:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2009-11-06 05:59 . 2009-11-06 05:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-11-06 05:56 . 2009-11-06 05:56 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-11-06 05:28 . 2009-11-06 05:28 -------- d-----w- c:\program files\Common Files\Windows Live

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-03 09:56 . 2009-02-17 05:21 12 ----a-w- c:\windows\bthservsdp.dat

2009-12-03 04:58 . 2009-08-31 07:23 12288 d-----w- c:\program files\Warcraft III

2009-12-03 03:01 . 2009-09-12 05:41 12288 d-----w- c:\program files\Garena

2009-12-02 03:44 . 2009-02-17 05:02 4096 d-----w- c:\program files\Launch Manager

2009-11-29 09:40 . 2009-10-18 10:29 -------- d-----w- c:\program files\Lavalys

2009-11-28 14:00 . 2009-02-16 04:01 8192 d-----w- c:\program files\Spybot - Search & Destroy

2009-11-26 17:00 . 2009-10-10 16:26 8192 d-----w- c:\program files\Steam

2009-11-26 15:57 . 2009-10-17 07:32 4096 d-----w- c:\program files\SpeedFan

2009-11-25 08:05 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail

2009-11-24 13:37 . 2009-02-16 04:02 32768 d-----w- c:\program files\Symantec AntiVirus

2009-11-24 03:41 . 2009-02-16 04:02 8192 d-----w- c:\program files\Common Files\Symantec Shared

2009-11-24 03:29 . 2009-02-16 04:03 -------- d-----w- c:\program files\Symantec

2009-11-24 03:29 . 2009-11-24 03:29 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-11-24 03:29 . 2009-11-24 03:29 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-11-21 15:09 . 2009-08-31 05:27 108488 ----a-w- c:\users\86231\AppData\Local\GDIPFONTCACHEV1.DAT

2009-11-21 14:30 . 2009-02-16 06:33 8192 d--h--w- c:\program files\InstallShield Installation Information

2009-11-20 12:53 . 2009-10-18 08:07 4096 d-----w- c:\program files\Common Files\PX Storage Engine

2009-11-19 15:35 . 2009-10-10 16:26 -------- d-----w- c:\program files\Common Files\Steam

2009-11-06 06:01 . 2009-02-16 03:58 4096 d-----w- c:\program files\Microsoft

2009-11-06 06:01 . 2009-02-16 04:00 4096 d-----w- c:\program files\Windows Live

2009-10-20 11:53 . 2009-10-18 07:53 4096 d-----w- c:\program files\Common Files\Real

2009-10-20 11:53 . 2009-10-20 11:53 -------- d-----w- c:\program files\Common Files\xing shared

2009-10-20 11:53 . 2009-10-20 11:53 -------- d-----w- c:\program files\Real

2009-10-18 09:57 . 2009-10-18 09:02 4096 d-----w- c:\users\86231\AppData\Roaming\vlc

2009-10-18 08:08 . 2009-10-18 08:08 -------- d-----w- c:\users\86231\AppData\Roaming\DivX

2009-10-09 21:56 . 2009-11-25 04:03 41472 ----a-w- c:\windows\system32\pwrshplugin.dll

2009-10-09 21:56 . 2009-11-25 04:03 1181696 ----a-w- c:\windows\system32\WsmSvc.dll

2009-10-09 21:56 . 2009-11-25 04:03 12800 ----a-w- c:\windows\system32\wsmprovhost.exe

2009-10-09 21:56 . 2009-11-25 04:03 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll

2009-10-09 21:56 . 2009-11-25 04:03 20480 ----a-w- c:\windows\system32\winrshost.exe

2009-10-09 21:56 . 2009-11-25 04:03 10240 ----a-w- c:\windows\system32\wsmplpxy.dll

2009-10-09 21:56 . 2009-11-25 04:03 2048 ----a-w- c:\windows\system32\winrsmgr.dll

2009-10-09 21:56 . 2009-11-25 04:03 40448 ----a-w- c:\windows\system32\winrs.exe

2009-10-09 21:56 . 2009-11-25 04:03 241152 ----a-w- c:\windows\system32\winrscmd.dll

2009-10-09 21:56 . 2009-11-25 04:03 10240 ----a-w- c:\windows\system32\winrssrv.dll

2009-10-09 21:56 . 2009-11-25 04:03 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe

2009-10-09 21:56 . 2009-11-25 04:03 145408 ----a-w- c:\windows\system32\WsmAuto.dll

2009-10-09 21:55 . 2009-11-25 04:03 79872 ----a-w- c:\windows\system32\wecutil.exe

2009-10-09 21:55 . 2009-11-25 04:03 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll

2009-10-09 21:55 . 2009-11-25 04:03 54272 ----a-w- c:\windows\system32\WsmRes.dll

2009-10-09 21:55 . 2009-11-25 04:03 146944 ----a-w- c:\windows\system32\wecsvc.dll

2009-10-09 21:55 . 2009-11-25 04:03 81408 ----a-w- c:\windows\system32\wevtfwd.dll

2009-10-09 21:55 . 2009-11-25 04:03 56320 ----a-w- c:\windows\system32\wecapi.dll

2009-10-08 08:17 . 2009-10-08 08:16 8192 d-----w- c:\program files\Counter-Strike 1.6

2009-10-07 02:06 . 2009-08-31 05:27 4096 d-----w- c:\users\86231\AppData\Roaming\PowerCinema

2009-09-23 07:10 . 2009-09-23 07:10 12 ----a-w- c:\windows\system32\cid_store.dat

2009-09-23 07:10 . 2009-09-23 07:10 20 ----a-w- c:\windows\system32\pub_store.dat

2009-09-21 04:23 . 2009-08-31 07:23 121558 ----a-w- c:\windows\War3Unin.dat

2009-09-14 09:44 . 2009-10-15 04:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2009-09-10 17:30 . 2009-10-15 04:08 213504 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 15:21 . 2009-11-01 05:19 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-09-10 15:21 . 2009-11-01 05:20 310784 ----a-w- c:\windows\system32\unregmp2.exe

2009-09-10 06:54 . 2009-09-21 01:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 06:53 . 2009-09-21 01:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-04 12:24 . 2009-10-15 04:01 61440 ----a-w- c:\windows\system32\msasn1.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-26 854536]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-01 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-01 92704]

"VitaKeyPdtWzd"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-12 3679744]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-20 198160]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-23 115560]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]

Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568]

UTAgent.lnk - c:\program files\Republic Poly\UTClient\UTAgent.exe [2009-2-16 520192]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-166630\Scripts\Logon\0\0]

"Script"=script.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-166630\Scripts\Logon\1\0]

"Script"=advclient.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-179729\Scripts\Logon\0\0]

"Script"=advclient.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-179729\Scripts\Logon\1\0]

"Script"=rpstorage.bat

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

R0 AlfaFF;AlfaFF;c:\windows\System32\drivers\AlfaFF.sys [12/1/2009 5:15 PM 42608]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 1:11 PM 16384]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [18/2/2009 10:50 AM 69632]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [25/2/2009 9:59 AM 24576]

R2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [9/12/2006 7:04 PM 128832]

R2 Genesis Streaming Service;Genesis Streaming Service;c:\program files\WOW Vision\Genesis Client\WPGApplicationLauncher.exe [21/9/2007 5:54 PM 24576]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/4/2008 9:36 PM 45056]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [16/2/2009 12:01 PM 1153368]

R3 dfmirage;dfmirage;c:\windows\System32\drivers\dfmirage.sys [16/2/2009 12:14 PM 26624]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [17/2/2009 12:51 PM 57856]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [24/11/2009 11:29 AM 102448]

R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [17/2/2009 12:51 PM 107360]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2/3/2009 6:15 PM 3664384]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [17/2/2009 12:51 PM 45600]

S2 IGBASVC;EgisTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [12/1/2009 5:17 PM 3611648]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/4/2008 9:36 PM 131072]

S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [23/10/2009 3:55 PM 23888]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [6/11/2009 2:01 PM 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/8/2009 10:48 PM 704864]

S3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\System32\drivers\MP4ConverterAudio.sys [28/11/2009 11:22 AM 23096]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [2/11/2006 6:25 PM 30720]

S3 WMSvc;Web Management Service;c:\windows\System32\inetsrv\WMSvc.exe [16/2/2009 9:18 AM 11264]

S3 WSVD;WSVD;c:\program files\Acer\Empowering Technology\eRecovery\wsvd.sys [25/2/2009 1:00 PM 81704]

S4 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [18/1/2004 4:15 AM 4864]

S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [14/11/2005 1:28 PM 34176]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://myrp.sg

uInternet Settings,ProxyServer = ISA-Firewall.rp.sg:8080

uInternet Settings,ProxyOverride = <local>

IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\DAP\dapextie.htm

IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll

TCP: {7E6131E8-F561-440B-9E08-8B22C005B81F} = 202.156.1.48,202.156.1.68

FF - ProfilePath - c:\users\86231\AppData\Roaming\Mozilla\Firefox\Profiles\3jmqugwz.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-eRecoveryService - (no file)

SafeBoot-Symantec Antvirus

AddRemove-GridVista - c:\windows\GVUni.exe GridV.UNI

AddRemove-LManager - c:\windows\UnInst32.exe LManager.UNI

AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI

AddRemove-RealPlayer 12.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0

AddRemove-Steam App 10 - c:\program files\Steam\steam.exe steam://uninstall/10

AddRemove-Steam App 50 - c:\program files\Steam\steam.exe steam://uninstall/50

AddRemove-{26604C7E-A313-4D12-867F-7C6E7820BE4C} - c:\windows\JMCR_DIR\setup.exe delpkg

 

 

 

**************************************************************************

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files:

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\users\86231\AppData\Local\Temp\UQJ1E39.tmp"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'Explorer.exe'(712)

c:\windows\system32\btmmhook.dll

c:\windows\System32\SysHook.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Symantec AntiVirus\Smc.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\windows\system32\WLANExt.exe

c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\acer\Mobility Center\MobilityService.exe

c:\windows\system32\mqsvc.exe

c:\program files\WOW Vision\Genesis Client\GenesisStreamingServer.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Cyberlink\Shared files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\CCM\CcmExec.exe

c:\windows\system32\msiexec.exe

c:\program files\Launch Manager\LManager.exe

c:\windows\System32\rundll32.exe

c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Symantec AntiVirus\SmcGui.exe

.

**************************************************************************

.

Completion time: 2009-12-03 18:03 - machine was rebooted

ComboFix-quarantined-files.txt 2009-12-03 10:02

 

Pre-Run: 16,044,871,680 bytes free

Post-Run: 15,737,823,232 bytes free

 

- - End Of File - - 470760D464F1F176C4FACC493CE694DA

Edited by cold10me

Share this post


Link to post
Share on other sites

Your HijackThis log is clean.

 

The ComboFix tool is running well on Vista.

It has found and remove this infection.

http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072717-3058-99&tabid=2

 

It's possibly that the infection also affected your Internet connection. I do not know.

 

I'm glad to see that you are back in service.

 

 

If the ComboFix is still in our computer remove it.

Time for some housekeeping


  • The following will implement some cleanup procedures as well as reset System Restore points:
     
    Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
     
    ComboFix /Uninstall

===

 

Before we close this topic I would like to see the results of the Security Check.

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Share this post


Link to post
Share on other sites

Thank you so much for replying

 

I am sorry for this late reply as i am busy at school

 

I have don what you have as me to do and here is it!

 

Results of screen317's Security Check version 0.99.1

Windows Vista Service Pack 1 (UAC is disabled!)

Out of date service pack!!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Symantec Endpoint Protection

Microsoft Firewall Client

WMIC entry does not exist for antivirus; attempting automatic update.

``````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

HijackThis 2.0.2

CCleaner (remove only)

Java 6 Update 11

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 9

``````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Spybot Teatimer.exe is disabled!

Symantec AntiVirus Smc.exe

Symantec AntiVirus Rtvscan.exe

Symantec AntiVirus SmcGui.exe

Microsoft Firewall Client 2004 FwcAgent.exe

Microsoft Firewall Client 2004 FwcMgmt.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

`````````End of Log```````````

Share this post


Link to post
Share on other sites
Windows Vista Service Pack 1 (UAC is disabled!)

Out of date service pack!!

I suggest you update Vista to the Service Pack 2.

http://support.microsoft.com/kb/935791

 

Also it's not wise to disable the UAC it gives you an additional level of protection.

===

 

Security updates available for Adobe Flash Player.

http://www.adobe.com/support/security/bulletins/apsb09-19.html

 

Adobe recommends all users of Adobe Flash Player 10.0.32.18 and earlier versions upgrade to the newest version 10.0.42.34 by downloading it from the Flash Player Download Center or by using the auto-update mechanism within the product when prompted...

Adobe Flash Player version 10.0.42.34

http://get.adobe.com/flashplayer/

 

p.s. If you do not want the Free McAfee Security Scan (optional) make sure you remove the mark in the check box.

===

 

Please download JavaRa

 

If you get this message:

Problems with the download? Please use this direct link or try another mirror.

 

Select the Direct link download unzip it to your Desktop.

 

Double click JavaRa.exe then click Remove Older Versions.

 

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

 

Next, open JavaRa.exe again, and select Search For Updates.

 

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Download this one JRE 6 Update 17.

 

In Vista and Windows 7 run the tool as Administrator.

===

Share this post


Link to post
Share on other sites

Once again! I thank you for your reply sincerly and i am sorry for the really late reply as i am having an exam going on!...

 

I have done what you have ask and here is the log file!

 

JavaRa 1.15 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Sun Dec 20 11:57:29 2009

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

 

 

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

 

------------------------------------

 

Finished reporting.

 

 

Once again i appeciate everything that you have done for me

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0