Need Help

View previous topic View next topic Go down

Need Help

Post by bobby on 10th August 2009, 7:01 am

Well iv bin getting these trojans on my computer that i cant seem to delete :S

Help please.

Trojan-Banker.Win32.Banbra!IK
Proccess: [3276] C:\winnt_\winntR2.exe
Proccess: [3424] C:\winnt_\winnt3.exe

Trojan-banker.Win32.Banker!IK
Proccess: [3396] C:\winnt_\winnt2.exe
Proccess: [3436] C:\winnt_\winnt4.exe
Proccess: [3448] C:\winnt_\winnt5.exe
Proccess: [3456] C:\winnt_\winnt6.exe

Trace.Directory.CCProxy!A2
Trace: c:\ccproxy
Trace: c:\ccproxy\log

and iv recently found a Trojan-Downloader.Win32.Delf!IK

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by Doctor Inferno on 10th August 2009, 7:40 am

Hello,

Please post your HijackThis log here. [You must be registered and logged in to see this link.]


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104640
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 10th August 2009, 7:46 am

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [winntR1] C:\winnt_\winntR1.exe
O4 - HKCU\..\Run: [winntR2] C:\winnt_\winntR2.exe
O4 - HKCU\..\Run: [winnt2] C:\winnt_\winnt2.exe
O4 - HKCU\..\Run: [winnt3] C:\winnt_\winnt3.exe
O4 - HKCU\..\Run: [winnt4] C:\winnt_\winnt4.exe
O4 - HKCU\..\Run: [winnt5] C:\winnt_\winnt5.exe
O4 - HKCU\..\Run: [winnt6] C:\winnt_\winnt6.exe
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: syn.jar
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - [You must be registered and logged in to see this link.]
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Update Service (gupdate1ca0ca0b44d9971) (gupdate1ca0ca0b44d9971) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 11293 bytes

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by Belahzur on 10th August 2009, 3:14 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [winntR1] C:\winnt_\winntR1.exe
    O4 - HKCU\..\Run: [winntR2] C:\winnt_\winntR2.exe
    O4 - HKCU\..\Run: [winnt2] C:\winnt_\winnt2.exe
    O4 - HKCU\..\Run: [winnt3] C:\winnt_\winnt3.exe
    O4 - HKCU\..\Run: [winnt4] C:\winnt_\winnt4.exe
    O4 - HKCU\..\Run: [winnt5] C:\winnt_\winnt5.exe
    O4 - HKCU\..\Run: [winnt6] C:\winnt_\winnt6.exe
    O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
    O4 - Startup: syn.jar


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 10th August 2009, 5:13 pm

Malwarebytes' Anti-Malware 1.40
Database version: 2591
Windows 6.0.6000

10/08/2009 1:08:20 PM
mbam-log-2009-08-10 (13-08-20).txt

Scan type: Quick Scan
Objects scanned: 83529
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\The Source\AppData\Roaming\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\winnt_\winnt2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\winnt_\winnt3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\winnt_\winnt4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\winnt_\winnt5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\winnt_\winnt6.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\winnt_\winntR1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\winnt_\winntR2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\The Source\Pics\Documents\Documents\Documents\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 10th August 2009, 5:15 pm

Thanks for the help, but im betting there are much more? :S

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by Belahzur on 10th August 2009, 6:32 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 10th August 2009, 6:55 pm

umm i tryed copying and pasting but it says its to long :S

"The posted message is too big."

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by Belahzur on 10th August 2009, 8:52 pm

Split it up into more than one post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 10th August 2009, 8:54 pm

DDS (Ver_09-07-30.01) - NTFSx86
Run by The Source at 14:50:15.28 on 10/08/2009
Internet Explorer: 7.0.6000.16890 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.1791.855 [GMT -4:00]

AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\vVX1000.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\conime.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2scan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\The Source\Pics\Documents\Documents\Documents\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\The Source\Pics\Documents\Documents\Documents\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: Windows Live OneCare Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare mediabar\BearShareIEHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Acer Tour Reminder]
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Acer Tour]
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [Skytel] Skytel.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [eRecoveryService]
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [ALUAlert] c:\program files\symantec\liveupdate\ALuNotify.exe
mRun: [fssui] "c:\program files\windows live\family safety\fssui.exe" -autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60
dRun: []
dRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - [You must be registered and logged in to see this link.]
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - [You must be registered and logged in to see this link.]

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 10th August 2009, 8:54 pm

================= FIREFOX ===================

FF - ProfilePath - c:\users\thesou~1\appdata\roaming\mozilla\firefox\profiles\ozk07fdm.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20080606.003\IDSvix86.sys [2008-6-6 261680]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-3-12 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2007-12-17 523816]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-7-27 185640]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-10-3 37936]
S2 gupdate1ca0ca0b44d9971;Google Update Service (gupdate1ca0ca0b44d9971);c:\program files\google\update\GoogleUpdate.exe [2009-7-24 133104]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-7-14 80744]

=============== Created Last 30 ================

2009-08-10 13:01 --d----- c:\users\thesou~1\appdata\roaming\Malwarebytes
2009-08-10 13:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 13:01 --d----- c:\programdata\Malwarebytes
2009-08-10 13:01 --d----- c:\progra~2\Malwarebytes
2009-08-10 13:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-10 13:01 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 03:27 100 a------- C:\index.ini
2009-08-09 15:25 --d----- c:\program files\a-squared Anti-Malware
2009-08-07 22:30 --d----- c:\windows\CheckSur
2009-08-07 03:05 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-07 03:05 97,800 a------- c:\windows\system32\infocardapi.dll
2009-08-07 03:05 622,080 a------- c:\windows\system32\icardagt.exe
2009-08-07 03:05 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-08-07 03:05 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-08-07 03:05 11,264 a------- c:\windows\system32\icardres.dll
2009-08-07 03:05 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-08-07 03:05 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-08-07 03:01 45,481,984 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-08-07 03:01 327,680 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-08-07 03:01 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-08-06 21:08 96,760 a------- c:\windows\system32\dfshim.dll
2009-08-06 21:07 282,112 a------- c:\windows\system32\mscoree.dll
2009-08-06 21:07 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-06 21:07 158,720 a------- c:\windows\system32\mscorier.dll
2009-08-06 21:07 83,968 a------- c:\windows\system32\mscories.dll
2009-08-06 19:20 --d-h--- c:\program files\Temp
2009-08-02 09:36 --d----- c:\programdata\2F19D
2009-08-02 09:36 --d----- c:\progra~2\2F19D
2009-07-31 14:54 --d----- c:\programdata\31121
2009-07-31 14:54 --d----- c:\progra~2\31121
2009-07-30 05:07 --d----- c:\programdata\2F3E3
2009-07-30 05:07 --d----- c:\progra~2\2F3E3
2009-07-29 21:27 --d----- c:\programdata\22295
2009-07-29 21:27 --d----- c:\progra~2\22295
2009-07-29 21:18 --d----- c:\programdata\342
2009-07-29 21:18 --d----- c:\progra~2\342
2009-07-28 18:25 --d----- c:\programdata\1E290
2009-07-28 18:25 --d----- c:\progra~2\1E290
2009-07-28 18:18 --d----- c:\programdata\7DA
2009-07-28 18:18 --d----- c:\progra~2\7DA
2009-07-27 12:31 --d----- C:\winnt_
2009-07-27 11:46 --d----- c:\programdata\16111
2009-07-27 11:46 --d----- c:\progra~2\16111
2009-07-27 11:32 --d----- c:\programdata\2133A
2009-07-27 11:32 --d----- c:\progra~2\2133A
2009-07-26 10:07 --d----- c:\programdata\D3B2
2009-07-26 10:07 --d----- c:\progra~2\D3B2
2009-07-25 01:03 --d----- c:\programdata\32130
2009-07-25 01:03 --d----- c:\progra~2\32130
2009-07-25 00:16 --d----- c:\programdata\253CA
2009-07-25 00:16 --d----- c:\progra~2\253CA
2009-07-25 00:08 --d----- c:\programdata\A5B
2009-07-25 00:08 --d----- c:\progra~2\A5B
2009-07-24 16:52 --d----- c:\program files\DivX
2009-07-24 16:52 --d----- c:\program files\common files\DivX Shared
2009-07-17 14:06 --d----- c:\programdata\B1DA
2009-07-17 14:06 --d----- c:\progra~2\B1DA
2009-07-16 05:23 --d----- c:\programdata\10355
2009-07-16 05:23 --d----- c:\progra~2\10355
2009-07-14 16:04 --d----- c:\programdata\38266
2009-07-14 16:04 --d----- c:\progra~2\38266
2009-07-14 14:06 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 14:06 156,160 a------- c:\windows\system32\t2embed.dll
2009-07-14 14:06 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 14:06 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-14 14:06 24,064 a------- c:\windows\system32\lpk.dll
2009-07-14 14:06 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-13 22:30 --d----- c:\programdata\12359
2009-07-13 22:30 --d----- c:\progra~2\12359
2009-07-11 21:56 --d----- c:\programdata\085
2009-07-11 21:56 --d----- c:\progra~2\085

==================== Find3M ====================

2009-08-01 01:31 86,016 a------- c:\windows\inf\infstrng.dat
2009-08-01 01:31 86,016 a------- c:\windows\inf\infstor.dat
2009-08-01 01:31 51,200 a------- c:\windows\inf\infpub.dat
2009-07-18 08:17 827,392 a------- c:\windows\system32\wininet.dll
2009-07-18 08:10 56,320 a------- c:\windows\system32\iesetup.dll
2009-07-18 08:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 08:10 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-07-18 08:07 72,704 a------- c:\windows\system32\admparse.dll
2009-07-18 06:00 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 04:34 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-20 19:41 8 a------- c:\users\thesou~1\appdata\roaming\usb.dat.bin
2008-12-11 11:21 174 a--sh--- c:\program files\desktop.ini
2008-06-12 03:07 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-03-11 16:54 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-03-11 16:54 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-03-11 16:54 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 14:51:57.48 ===============

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by Belahzur on 10th August 2009, 9:05 pm

Hello.
Can you post attach.txt please? DDS shows a few things that need uninstalling.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 10th August 2009, 9:11 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 08/01/2008 4:34:21 PM
System Uptime: 08/10/2009 1:10:00 PM (-1415 hours ago)

Motherboard: Acer | | F690GVM
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 1100/231mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 162.155 GiB free.
D: is FIXED (NTFS) - 228 GiB total, 224.606 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0013
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #12
PNP Device ID: ROOT\*6TO4MP\0013
Service: tunnel

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&18D45AA6&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&18D45AA6&0
Service: i8042prt

==== System Restore Points ===================

RP675: 25/07/2009 12:50:21 PM - Scheduled Checkpoint
RP676: 27/07/2009 3:17:04 PM - Scheduled Checkpoint
RP677: 28/07/2009 9:41:53 PM - Scheduled Checkpoint
RP678: 29/07/2009 7:55:17 PM - Scheduled Checkpoint
RP679: 30/07/2009 3:55:22 PM - Scheduled Checkpoint
RP680: 31/07/2009 12:50:00 AM - Windows Update
RP681: 31/07/2009 3:17:44 AM - Windows Update
RP682: 31/07/2009 9:36:20 PM - Scheduled Checkpoint
RP683: 03/08/2009 10:45:36 PM - Scheduled Checkpoint
RP684: 04/08/2009 2:44:22 PM - Scheduled Checkpoint
RP685: 04/08/2009 3:27:16 PM - Windows Update
RP686: 05/08/2009 10:04:25 AM - Scheduled Checkpoint
RP687: 06/08/2009 11:37:19 AM - Scheduled Checkpoint
RP688: 06/08/2009 8:56:52 PM - Restore Operation
RP689: 06/08/2009 9:06:01 PM - Windows Update
RP690: 07/08/2009 1:37:24 AM - Windows Update
RP691: 07/08/2009 3:00:11 AM - Windows Update
RP692: 07/08/2009 10:29:57 PM - Windows Update
RP693: 08/08/2009 11:18:09 AM - Scheduled Checkpoint
RP694: 09/08/2009 9:40:12 AM - Scheduled Checkpoint
RP695: 10/08/2009 9:36:12 AM - Scheduled Checkpoint
RP696: 10/08/2009 12:40:01 PM - Windows Update

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
a-squared Anti-Malware 4.5
Acer Assist
Acer Empowering Technology
Acer ePerformance Management
Acer Registration
Acer ScreenSaver
Acer Tour
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
AppCore
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
ATI Uninstaller
AV
BearShare
Bonjour
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ccCommon
Cogeco
Counter-Strike
DivX Web Player
eSobi v2
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java DB 10.3.1.4
Java(TM) 6 Update 13
Java(TM) 6 Update 6
Java(TM) SE Development Kit 6 Update 6
LightScribe 1.4.142.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
MediaBar 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft LifeCam
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.13)
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Norton Security Scan
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
Skins
Smart Menus (Windows Live Toolbar)
SPBBC 32bit
Steam
Symantec Real Time Storage Protection Component
SymNet
TeamViewer 4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare Family Safety
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
WinRAR archiver

==== Event Viewer Messages From Past Week ========

06/08/2009 9:17:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86.
06/08/2009 9:17:18 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958481 (Update) into Resolving(Resolving) state
06/08/2009 9:17:18 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958481 (Update) into Absent(Absent) state
06/08/2009 9:01:14 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.63.604.0 Loading engine version: 1.1.4903.0
06/08/2009 6:48:11 PM, Error: EventLog [6008] - The previous system shutdown at 6:45:16 PM on 06/08/2009 was unexpected.
05/08/2009 6:52:52 PM, Error: EventLog [6008] - The previous system shutdown at 6:51:23 PM on 05/08/2009 was unexpected.
04/08/2009 12:31:57 AM, Error: EventLog [6008] - The previous system shutdown at 11:18:16 PM on 03/08/2009 was unexpected.
04/08/2009 11:50:17 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 24.36.1.89 for the Network Card with network address 001C255390C9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
04/08/2009 10:20:59 PM, Error: EventLog [6008] - The previous system shutdown at 10:19:24 PM on 04/08/2009 was unexpected.
03/08/2009 9:03:40 AM, Error: EventLog [6008] - The previous system shutdown at 5:40:40 AM on 03/08/2009 was unexpected.
03/08/2009 6:43:30 PM, Error: EventLog [6008] - The previous system shutdown at 6:41:32 PM on 03/08/2009 was unexpected.
03/08/2009 11:52:08 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 24.36.32.105 for the Network Card with network address 001C255390C9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
03/08/2009 11:00:22 PM, Error: EventLog [6008] - The previous system shutdown at 10:54:23 PM on 03/08/2009 was unexpected.

==== End Of File ===========================

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by Belahzur on 10th August 2009, 9:27 pm


  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    BearShare
    Java(TM) 6 Update 13
    Java(TM) 6 Update 6
    Java(TM) SE Development Kit 6 Update 6

  • Click on the Uninstall/Change button at the top.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\programdata\2F19D
    c:\programdata\31121
    c:\programdata\2F3E3
    c:\programdata\22295
    c:\programdata\342
    c:\programdata\1E290
    c:\programdata\7DA
    C:\winnt_
    c:\programdata\16111
    c:\programdata\2133A
    c:\programdata\D3B2
    c:\programdata\32130
    c:\programdata\253CA
    c:\programdata\A5B
    c:\programdata\B1DA
    c:\programdata\10355
    c:\programdata\38266
    c:\programdata\12359
    c:\programdata\085
    c:\Program Files\2F19D
    c:\Program Files\31121
    c:\Program Files\2F3E3
    c:\Program Files\22295
    c:\Program Files\342
    c:\Program Files\1E290
    c:\Program Files\7DA
    c:\Program Files\16111
    c:\Program Files\2133A
    c:\Program Files\D3B2
    c:\Program Files\32130
    c:\Program Files\253CA
    c:\Program Files\A5B
    c:\Program Files\B1DA
    c:\Program Files\10355
    c:\Program Files\38266
    c:\Program Files\12359
    c:\Program Files\085


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 10th August 2009, 9:43 pm

========== FILES ==========
c:\programdata\2F19D moved successfully.
c:\programdata\31121 moved successfully.
c:\programdata\2F3E3 moved successfully.
c:\programdata\22295 moved successfully.
c:\programdata\342 moved successfully.
c:\programdata\1E290 moved successfully.
c:\programdata\7DA moved successfully.
C:\winnt_ moved successfully.
c:\programdata\16111 moved successfully.
c:\programdata\2133A moved successfully.
c:\programdata\D3B2 moved successfully.
c:\programdata\32130 moved successfully.
c:\programdata\253CA moved successfully.
c:\programdata\A5B moved successfully.
c:\programdata\B1DA moved successfully.
c:\programdata\10355 moved successfully.
c:\programdata\38266 moved successfully.
c:\programdata\12359 moved successfully.
c:\programdata\085 moved successfully.
File/Folder c:\Program Files\2F19D not found.
File/Folder c:\Program Files\31121 not found.
File/Folder c:\Program Files\2F3E3 not found.
File/Folder c:\Program Files\22295 not found.
File/Folder c:\Program Files\342 not found.
File/Folder c:\Program Files\1E290 not found.
File/Folder c:\Program Files\7DA not found.
File/Folder c:\Program Files\16111 not found.
File/Folder c:\Program Files\2133A not found.
File/Folder c:\Program Files\D3B2 not found.
File/Folder c:\Program Files\32130 not found.
File/Folder c:\Program Files\253CA not found.
File/Folder c:\Program Files\A5B not found.
File/Folder c:\Program Files\B1DA not found.
File/Folder c:\Program Files\10355 not found.
File/Folder c:\Program Files\38266 not found.
File/Folder c:\Program Files\12359 not found.
File/Folder c:\Program Files\085 not found.

OTM by OldTimer - Version 3.0.0.6 log created on 08102009_174139



; and i cant seem to remove bearshare :S

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by Belahzur on 10th August 2009, 9:49 pm

Hello.
Okay, we'll try something else on that.

For now, can you re-run DDS again and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 10th August 2009, 9:50 pm

sure, and im uninstalled the java things u said :S and im re downloading java at [You must be registered and logged in to see this link.] and i will be posting new DDS after i download it thanks.

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by Belahzur on 10th August 2009, 9:55 pm

Hold on, don't download the new version just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 10th August 2009, 9:55 pm

oops to late Sad tearing

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 10th August 2009, 9:58 pm

DDS (Ver_09-07-30.01) - NTFSx86
Run by The Source at 17:54:12.31 on 10/08/2009
Internet Explorer: 7.0.6000.16890 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.1791.633 [GMT -4:00]

AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\vVX1000.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\steam\steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
c:\program files\steam\steamapps\armendushtar\counter-strike\hl.exe
c:\program files\steam\GameOverlayUI.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\The Source\Pics\Documents\Documents\Documents\Desktop\dds(2).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: Windows Live OneCare Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare mediabar\BearShareIEHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Acer Tour Reminder]
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Acer Tour]
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [Skytel] Skytel.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [eRecoveryService]
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [ALUAlert] c:\program files\symantec\liveupdate\ALuNotify.exe
mRun: [fssui] "c:\program files\windows live\family safety\fssui.exe" -autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: []
dRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - [You must be registered and logged in to see this link.]
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - [You must be registered and logged in to see this link.]

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 10th August 2009, 9:59 pm

================= FIREFOX ===================

FF - ProfilePath - c:\users\thesou~1\appdata\roaming\mozilla\firefox\profiles\ozk07fdm.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20080606.003\IDSvix86.sys [2008-6-6 261680]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-3-12 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2007-12-17 523816]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-7-27 185640]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-10-3 37936]
S2 gupdate1ca0ca0b44d9971;Google Update Service (gupdate1ca0ca0b44d9971);c:\program files\google\update\GoogleUpdate.exe [2009-7-24 133104]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-7-14 80744]

=============== Created Last 30 ================

2009-08-10 17:41 --d----- C:\_OTM
2009-08-10 13:01 --d----- c:\users\thesou~1\appdata\roaming\Malwarebytes
2009-08-10 13:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 13:01 --d----- c:\programdata\Malwarebytes
2009-08-10 13:01 --d----- c:\progra~2\Malwarebytes
2009-08-10 13:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-10 13:01 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 03:27 100 a------- C:\index.ini
2009-08-09 15:25 --d----- c:\program files\a-squared Anti-Malware
2009-08-07 22:30 --d----- c:\windows\CheckSur
2009-08-07 03:05 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-07 03:05 97,800 a------- c:\windows\system32\infocardapi.dll
2009-08-07 03:05 622,080 a------- c:\windows\system32\icardagt.exe
2009-08-07 03:05 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-08-07 03:05 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-08-07 03:05 11,264 a------- c:\windows\system32\icardres.dll
2009-08-07 03:05 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-08-07 03:05 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-08-07 03:01 45,481,984 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-08-07 03:01 327,680 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-08-07 03:01 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-08-06 21:08 96,760 a------- c:\windows\system32\dfshim.dll
2009-08-06 21:07 282,112 a------- c:\windows\system32\mscoree.dll
2009-08-06 21:07 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-06 21:07 158,720 a------- c:\windows\system32\mscorier.dll
2009-08-06 21:07 83,968 a------- c:\windows\system32\mscories.dll
2009-08-06 19:20 --d-h--- c:\program files\Temp
2009-07-24 16:52 --d----- c:\program files\DivX
2009-07-24 16:52 --d----- c:\program files\common files\DivX Shared
2009-07-14 14:06 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 14:06 156,160 a------- c:\windows\system32\t2embed.dll
2009-07-14 14:06 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 14:06 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-14 14:06 24,064 a------- c:\windows\system32\lpk.dll
2009-07-14 14:06 10,240 a------- c:\windows\system32\dciman32.dll

==================== Find3M ====================

2009-08-10 17:50 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-01 01:31 86,016 a------- c:\windows\inf\infstrng.dat
2009-08-01 01:31 86,016 a------- c:\windows\inf\infstor.dat
2009-08-01 01:31 51,200 a------- c:\windows\inf\infpub.dat
2009-07-18 08:17 827,392 a------- c:\windows\system32\wininet.dll
2009-07-18 08:10 56,320 a------- c:\windows\system32\iesetup.dll
2009-07-18 08:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 08:10 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-07-18 08:07 72,704 a------- c:\windows\system32\admparse.dll
2009-07-18 06:00 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 04:34 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-20 19:41 8 a------- c:\users\thesou~1\appdata\roaming\usb.dat.bin
2008-12-11 11:21 174 a--sh--- c:\program files\desktop.ini
2008-06-12 03:07 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-03-11 16:54 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-03-11 16:54 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-03-11 16:54 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 17:56:40.66 ===============

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by Belahzur on 10th August 2009, 10:03 pm

Doesn't matter, you install the right version by the looks of it. Them random folders are gone, how is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 10th August 2009, 10:04 pm

running pretty good, but i cant seem to uninstall Bearshare :S

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help

Post by Belahzur on 11th August 2009, 12:29 am

Please download Revo Uninstall from here: [You must be registered and logged in to see this link.]

  1. Download and run the setup file for Revo Uninstaller.
  2. Once setup, run Revo Uninstaller.
  3. Select the following item for removal by clicking on it once.

    Bearshare

  4. Then hit the "Uninstall" button at the top.
  5. Close Revo Uninstaller.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help

Post by bobby on 11th August 2009, 12:39 am

Thanks a lot! worked nicly Smile

bobby
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-08-10
OS OS : vista
Points Points : 27255
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum