• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
DawkinsDog

Unable to uninstall completely

20 posts in this topic

Hi there,

 

Sorry if I'm putting this in the wrong part of the forum but I'm tearing my hair out here and hoping somebody will know what is going on.

 

I am trying to completely uninstall Ad-Aware, or more precisely I thought I already had months ago - but apparently not. In Security Center it says that I have Lavasoft Ad-Aware Live! Anti-virus protection up to date and scanning, which it shouldn't be given that, as I said, I uninstalled it ages ago. I've tried reinstalling the old version of Ad-Aware but it won't scan, the option is grayed out, uninstalling it doesn't clear up the Watch Live! problem and nor does installing the latest version of Ad-Aware, which also won't scan at all and also doesn't remove the setting in Security Center when uninstalled.

 

I'm at a loss as to what else to try. I've run several registry cleaners, none find any problems relating to it and I'm loath to start digging around the registry without any guide as to what to look for.

 

The problem this is causing is that I am now without any active virus scanner. If I try to install another, such as Avast or AVG, my PC immediately causes a Blue Screen of Death and I have to go into Safe Mode to uninstall it. It would appear, due to the BSOD error (No_More_IRP_Stack_Locations) that the system erroneously thinks there's another virus scanner running, which is presumably Watch Live.

 

If anybody knows how to resolve this problem I would be extremely grateful!

Share this post


Link to post
Share on other sites

Hi DawkinsDog,

 

Please, tell us the version of Ad-Aware that you haven't been able to fully uninstall.

 

Save DDS to your desktop: http://download.bleepingcomputer.com/sUBs/dds.scr

 

Double-click on the DDS tool to run it.

 

When finished, DDS will open two (2) logs:

1. DDS.txt

2. Attach.txt

 

Save them to your desktop and paste their content into your answer.

Share this post


Link to post
Share on other sites

Hi, thanks for the response.

 

Without reinstalling it, I can't recall which version of Ad-aware it was I was running, possibly 8, but the installation file dates to last April if that helps any.

 

I've tried Revo Uninstall without success. I've also tried repairing the Security Center with Advanced System Care 6, again without success. I've tried turning off Security Center and rebooting, same problem. Nothing wants to shift this setting and I'm getting increasingly concerned it's effectively killed my PC as I don't relish having to reinstall Windows XP and it's pretty much my lifeline. The problem isn't just stopping me installing Avast, it happens with AVG too.

 

The contents of the files requested are;

 

DDS.TXT

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Steve_Bedroom at 0:42:34 on 2013-03-08

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.866 [GMT 0:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

FW: ZoneAlarm Free Firewall Firewall *Enabled*

.

============== Running Processes ================

.

C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

f:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\Dit.exe

C:\Program Files\Shutter\Shutter.exe

C:\Program Files\WordWeb\wweb32.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\FlashFolder\FlashFolder.exe

C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\WINDOWS\System32\alg.exe

C:\Documents and Settings\Steve_Bedroom\Application Data\Dropbox\bin\Dropbox.exe

C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Facebook\Messenger\2.1.4801.0\FacebookMessenger.exe

D:\My Documents\downloads\AlwaysOnTopMaker\AlwaysOnTopMaker.exe

C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Opera\opera.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uProxyServer = 127.0.0.1:81

uProxyOverride = local;*.local;<local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVe0.dll

uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>

BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVe0.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

TB: TVersitybar Toolbar: {66BD2442-241B-44CD-8C7A-B51037053CDB} - c:\program files\tversitybar\prxtbTVe0.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVe0.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\steve_bedroom\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart

mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

mRun: [Dit] Dit.exe

mRun: [shutter] c:\program files\shutter\Shutter.exe

mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"

mRun: [iSW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"

mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x081b -f video -m logitech -d 13.31.1044.0

StartupFolder: c:\docume~1\steve_~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\steve_bedroom\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\steve_~1\startm~1\programs\startup\facebo~1.lnk - c:\documents and settings\steve_bedroom\local settings\application data\facebook\messenger\2.1.4801.0\FacebookMessenger.exe

StartupFolder: c:\docume~1\steve_~1\startm~1\programs\startup\shortc~1.lnk - d:\my documents\downloads\alwaysontopmaker\AlwaysOnTopMaker.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1362534922171

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 212.139.132.44 212.139.132.43

TCP: Interfaces\{43AD480C-46B9-4167-9003-BF66714727DD} : DHCPNameServer = 212.139.132.44 212.139.132.43

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LMIinit - LMIinit.dll

Hosts: 127.0.0.1 www.spywareinfoforum.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\steve_bedroom\application data\mozilla\firefox\profiles\qqihpkoa.steve\

FF - plugin: c:\documents and settings\steve_bedroom\application data\pixelplan\pixelplan o4c viewer web\1.2.7\npPIXELPLANWebViewer.dll

FF - plugin: c:\documents and settings\steve_bedroom\local settings\application data\facebook\messenger\2.1.4651.0\npFbDesktopPlugin.dll

FF - plugin: c:\documents and settings\steve_bedroom\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll

FF - ExtSQL: 2013-01-11 03:54; [email protected]; c:\documents and settings\steve_bedroom\application data\mozilla\firefox\profiles\qqihpkoa.steve\extensions\[email protected]

FF - ExtSQL: 2049-12-31 15:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\documents and settings\steve_bedroom\application data\mozilla\firefox\profiles\qqihpkoa.steve\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]

R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-3-7 13560]

R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-6-21 526640]

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-3-7 465216]

R2 FlashFolder;FlashFolder;c:\program files\flashfolder\FlashFolder.exe [2008-3-21 71680]

R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-4-30 27016]

R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-4-30 497280]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-6-17 47640]

R2 PaceLicenseDServices;PACE License Services;c:\program files\common files\pace\services\licenseservices\LDSvc.exe [2012-5-18 2938880]

R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-8-3 5554552]

R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2011-6-18 66944]

R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-8-3 451960]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]

R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-2-9 802048]

R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-1-20 1287296]

R3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2007-7-11 13824]

R3 RD1003;EDIROL UM-2;c:\windows\system32\drivers\RDWM1003.SYS [2005-7-15 60730]

R3 RDID1061;EDIROL UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [2011-10-26 172865]

R3 SbieDrv;SbieDrv;f:\program files\sandboxie\SbieDrv.sys [2012-2-7 133392]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-8-3 10752]

R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2005-2-9 19928]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9a9c6503cfc04;Google Update Service (gupdate1c9a9c6503cfc04);c:\program files\google\update\GoogleUpdate.exe [2009-3-21 133104]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

S3 a2acc;a2acc;\??\c:\program files\mamutu\a2accx86.sys --> c:\program files\mamutu\a2accx86.sys [?]

S3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt);c:\windows\system32\drivers\bhrngr_m.sys [2010-6-17 35904]

S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-2-9 17408]

S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2011-10-29 163616]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2011-3-30 24056]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-9-7 19056]

S3 USBDFU;USBDFU;c:\windows\system32\drivers\usbdfu.sys --> c:\windows\system32\drivers\usbdfu.sys [?]

S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys --> c:\windows\system32\drivers\vsc.sys [?]

S3 WISOVD;WISOVD;c:\program files\winiso computing\winiso\bin\driver\WISOVD_xp.sys [2012-3-21 4992]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\games\magix\common\database\bin\fbserver.exe [2007-11-5 1527900]

S4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-6-8 374152]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]

S4 ZentimoService;Zentimo Assistant;f:\program files\zentimo\ZentimoService.exe [2011-12-13 259072]

.

=============== File Associations ===============

.

ShellExec: CrazyTalk60.exe: Open=f:\program files\reallusion\crazytalk 6\ct program\CTIEMain.exe "%1"

ShellExec: CT4Skype.exe: open=blank

ShellExec: Premiere.exe: open=blank

.

=============== Created Last 30 ================

.

2013-03-07 04:16:00 -------- d-----w- c:\documents and settings\all users\application data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

2013-03-07 04:15:58 -------- d-----w- c:\documents and settings\all users\application data\IObit

2013-03-07 04:15:56 -------- d-----w- c:\documents and settings\steve_bedroom\application data\IObit

2013-03-07 04:15:50 -------- d-----w- c:\program files\IObit

2013-03-07 03:09:45 -------- d-----w- c:\program files\VS Revo Group

2013-03-07 02:02:59 -------- d-----w- c:\documents and settings\steve_bedroom\application data\LavasoftStatistics

2013-03-07 01:43:54 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations

2013-03-07 01:43:52 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars

2013-03-07 01:43:47 -------- d-----w- c:\program files\adawaretb.old

2013-03-07 01:43:47 -------- d-----w- c:\documents and settings\steve_bedroom\application data\adawaretb

2013-03-07 01:43:46 -------- d-----w- c:\program files\Toolbar Cleaner

2013-03-07 01:24:36 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-03-07 01:24:35 -------- d-----w- c:\documents and settings\steve_bedroom\application data\Ad-Aware Antivirus

2013-03-07 01:16:10 -------- d-----w- c:\documents and settings\all users\application data\GFI Software

2013-03-07 00:57:15 -------- d-----w- c:\documents and settings\steve_bedroom\local settings\application data\adaware

2013-03-07 00:53:36 -------- d-----w- c:\documents and settings\steve_bedroom\local settings\application data\Downloaded Installations

2013-03-06 02:32:29 -------- d-----w- c:\windows\system32\scripting

2013-03-06 02:32:29 -------- d-----w- c:\windows\system32\en

2013-03-06 02:32:29 -------- d-----w- c:\windows\system32\bits

2013-03-06 02:32:29 -------- d-----w- c:\windows\l2schemas

2013-03-06 02:25:23 -------- d-----w- c:\windows\EHome

2013-03-06 02:19:58 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys

2013-03-05 17:17:45 -------- d-----w- c:\program files\AVAST Software

2013-03-05 03:48:25 -------- d-----w- c:\program files\AVG

2013-03-05 03:45:20 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2013-03-05 03:45:20 -------- d-----w- c:\documents and settings\steve_bedroom\local settings\application data\MFAData

2013-03-05 03:45:20 -------- d-----w- c:\documents and settings\steve_bedroom\local settings\application data\Avg2013

2013-03-05 03:45:20 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2013-03-05 02:46:24 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2013-02-27 04:08:59 478104 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2013-02-27 04:08:58 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2013-02-27 04:08:53 2954136 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2013-02-27 04:08:52 277400 ----a-w- c:\program files\mozilla firefox\freebl3.dll

2013-02-27 04:08:51 917400 ----a-w- c:\program files\mozilla firefox\firefox.exe

2013-02-27 04:08:44 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2013-02-27 04:08:42 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2013-02-27 04:08:38 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe

2013-02-27 04:08:36 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2013-02-27 04:08:34 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2013-02-27 04:08:31 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll

2013-02-26 14:38:27 -------- d-----w- c:\program files\AC3Filter

2013-02-22 04:47:23 -------- d-----w- c:\program files\Xiph.Org

.

==================== Find3M ====================

.

2014-05-25 03:23:40 11 -c--a-w- c:\windows\system32\tscrip22.dll

2013-03-08 00:30:34 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS

2013-03-05 16:23:18 74703 ----a-w- c:\windows\system32\mfc45.dat

2013-03-02 02:11:01 3088 -csha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys

2013-02-14 01:55:25 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-14 01:55:24 71024 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-13 01:20:25 163616 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys

.

============= FINISH: 0:43:51.60 ===============

 

 

ATTACH.TXT

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 9/9/2011 4:57:27 AM

System Uptime: 3/8/2013 12:29:12 AM (0 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7091

Processor: Intel® Pentium® 4 CPU 3.20GHz | Socket 478 | 3192/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 39.418 GiB free.

D: is FIXED (NTFS) - 69 GiB total, 19.016 GiB free.

E: is FIXED (FAT32) - 6 GiB total, 1.359 GiB free.

F: is FIXED (NTFS) - 149 GiB total, 128.014 GiB free.

G: is CDROM ()

H: is CDROM ()

M: is FIXED (NTFS) - 1863 GiB total, 1056.944 GiB free.

S: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: RT2500 USB Wireless LAN Card

Device ID: USB\VID_148F&PID_2570\6&2BA0E92B&0&1

Manufacturer: Ralink Technology Corp.

Name: RT2500 USB Wireless LAN Card

PNP Device ID: USB\VID_148F&PID_2570\6&2BA0E92B&0&1

Service: RT2500USB

.

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}

Description: X10 USB Wireless Transceiver (ACPI-compliant)

Device ID: USB\VID_0BC7&PID_0006\6&2BA0E92B&0&3

Manufacturer: X10 Wireless Technology, Inc.

Name: X10 USB Wireless Transceiver (ACPI-compliant)

PNP Device ID: USB\VID_0BC7&PID_0006\6&2BA0E92B&0&3

Service: XUIF

.

==== System Restore Points ===================

.

RP554: 3/3/2013 1:20:32 AM - Removed Evernote v. 4.5.3

RP555: 3/5/2013 2:08:57 AM - avast! Free Antivirus Setup

RP556: 3/5/2013 2:27:08 AM - avast! Free Antivirus Setup

RP557: 3/5/2013 2:47:21 AM - avast! Free Antivirus Setup

RP558: 3/5/2013 3:16:52 AM - avast! Free Antivirus Setup

RP559: 3/5/2013 3:48:23 AM - Installed AVG 2013

RP560: 3/5/2013 4:09:39 AM - Installed AVG 2013

RP561: 3/5/2013 4:08:38 AM - avast! Free Antivirus Setup

RP562: 3/5/2013 4:46:26 AM - avast! Free Antivirus Setup

RP563: 3/5/2013 5:17:45 PM - avast! Free Antivirus Setup

RP564: 3/6/2013 2:02:19 AM - Before SP3 install

RP565: 3/6/2013 2:08:45 AM - Software Distribution Service 3.0

RP566: 3/6/2013 2:21:44 AM - Software Distribution Service 3.0

RP567: 3/6/2013 3:00:47 AM - After SP3 Before Antivirus

RP568: 3/6/2013 3:02:07 AM - After SP3 and setting Reg

RP569: 3/6/2013 3:09:12 AM - avast! Free Antivirus Setup

RP570: 3/6/2013 3:35:51 AM - Removed Ad-Aware Antivirus.

RP571: 3/6/2013 4:02:15 AM - avast! Free Antivirus Setup

RP572: 3/7/2013 12:43:42 AM - Before reinstall Ad-Aware

RP573: 3/7/2013 1:15:40 AM - Removed Ad-Aware Antivirus.

RP574: 3/7/2013 2:40:05 AM - Removed Ad-Aware Antivirus.

RP575: 3/7/2013 3:10:32 AM - Revo Uninstaller's restore point - Ad-Aware Browsing Protection

RP576: 3/7/2013 5:08:17 AM - After Sec Cent disable attempt

.

==== Installed Programs ======================

.

 

3D Shadow by Lokas Software

7-Zip 9.20

AC3Filter 2.5b

Acrobat.com

AcroPano Photo Stitcher, Panorama software

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe PDF Library Files

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Adobe SVG Viewer

Adobe Type Support

Advanced SystemCare 6

AHV content for Acrobat and Flash

Aiseesoft DVD Creator 5.1.20

Aiseesoft Total Video Converter Platinum 6.3.26

Amazon Kindle

Amazon Send to Kindle

AMCap

AnalogX SayIt

AnvSoft Photo Flash Maker Professional 5.40

Any Video Converter 3.2.7

AOL UK (Choose which version to remove)

ArcSoft TotalMedia 3.5

ArtRage 2

Ashampoo Undeleter v.1.1.0

Aspell English Dictionary-0.50-2

Astra Image Webcam Video Grabber 1.0c

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Control Panel

ATI Display Driver

AVI&WMV 1.0

Avi2Dvd 0.6.2

AVIcodec (remove only)

AviSynth 2.5

AXIS Media Control Embedded

Bamboo

Bass Audio Decoder (remove only)

BEHRINGER USB MIDI DRIVER

Bink and Smacker

Blender

BlueSoleil

Boilsoft Video Joiner 6.57

Boilsoft Video Splitter 6.34

C-Media High Definition Audio Driver

calibre

CameraHelperMsi

CamStudio

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

Catalyst Control Center Localization All

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CD Audio Reader Filter (remove only)

Content

CoreAAC Audio Decoder (remove only)

Creatix V.92 Data Fax Modem

Data Lifeguard Diagnostic for Windows 1.24

DCoder Image Source (remove only)

Debut Video Capture Software

Defraggler

DeviceControl

Digitalizer 1.24

DirectVobSub (remove only)

DivX Web Player

DivxToDVD 0.5.2

DjVuLibre+DjView

DP Animation Maker

Driver Magician 3.65

Dropbox

Drv

EASEUS Partition Master 9.1.1 Professional

eBand Song List Editor

erLT

Eusing Free Registry Cleaner

Facebook Messenger 2.1.4801.0

FacebookMessenger version 2.0

ffdshow v1.2.4453 [2012-05-21]

FFMPEG Core Files (remove only)

FileZilla Client 3.5.3

Firebird SQL Server - MAGIX Edition 2.0.0.1 (US)

FlashFolder

Folder Guide

Folder Marker v 1.4

Foto Fusion Platinum

FoxyTunes for Firefox

Free Unix Spectrum Emulator (Fuse) 1.0.0.1

Gabest MPEG Splitter (remove only)

Generic USB CardReader 2.0

GIMP 2.6.11

Glary Utilities Pro 2.41.0.1358

GNU Aspell 0.50-3

Google Chrome

Google Earth

Google Talk (remove only)

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GraphicView 32

Greenshot

GTK+ Runtime 2.12.1 rev a (remove only)

Haali Media Splitter

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

Hopper (Messenger Plus! plug-in)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format SDK (KB942423)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

IconHandler 32 bit

ieSpell

ImageShack Uploader 2.2.0

Information about your PC

Inkscape 0.46

Inpaint 4.7

Interlok driver setup x32

iPixSoft SWF to Video Converter (1.6.2.0)

iResizer 2.1

J2SE Runtime Environment 5.0 Update 1

Java Auto Updater

Java 6 Update 31

Java SE Runtime Environment 6 Update 1

Junk Mail filter update

K-Lite Codec Pack 3.4.5 Full

Karen's Directory Printer

KeyStat

KONICA MINOLTA magicolor 2500W

Langauge

LAV Filters 0.55.3

Learn2 Player (Uninstall Only)

LibreOffice 3.3

License Support

Light Artist 1.5

Logitech Vid HD

Logitech Webcam Software

LogMeIn

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

MadVR (remove only)

MagicCamera 8.0.0

MagicScore

Matrox VFW Software Codecs, build 28

MediaMonkey 3.1

MediaShow 3.0

Messenger Plus! 3

Messenger Plus! 5

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Digital Image Library 9 - Blocker

Microsoft Office 2000 Premium

Microsoft Photo Premium 10

Microsoft Picture It! Library 10

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Windows Journal Viewer

Microsoft Word 2002

Microsoft Works

Microsoft Works 2005 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word

Microsoft XML Parser

Microtek ScanWizard

mIRC

Miro

Mobipocket Reader 6.2

MonkeyJam 3_050529

Mozilla Firefox 19.0 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Music Manager

MusicBrainz Picard

Musicmatch® Jukebox

Neat Image v5 Demo (with plug-in)

NeoDownloader 2.8.1 (GiveAwayOfTheDay Version)

Nero Suite

OpenAL

OpenSource AVI Splitter (remove only)

OpenSource DTS/AC3/DD+ Source Filter (remove only)

OpenSource Flash Video Splitter (remove only)

Opera 12.14

Paragon Migrate OS to SSD™ 2.0 Special Edition

PC Inspector File Recovery

PDF Settings

Photo Stamp Remover 4.2

PhotoNow! 1.0

PhotoStitcher 1.0

Photoupz 1.6

PixScan 2000

Plus! Image

PowerCinema 4.0

PowerDirector

PowerDVD

PowerISO

PowerProducer

Process Lasso

Project64 1.6

QuickTime

RAMpage

RealPlayer

Recover Passwords

Registry Mechanic 5.0

Remove Logo Now! 1.0

Retouch Pilot Free 3.5.3

Revo Uninstaller 1.94

RT2500 USB Wireless LAN Card

Sandboxie 3.64 (32-bit)

SDP Downloader

Second Sight

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Segoe UI

Shockwave

shortcircuit

shortcircuit²

SHOUTcast Radio Toolbar

Shutter

Sketch Drawer 1.1

Skins

Skype Click to Call

Skype™ 6.1

Smart Manager

Sony USB Driver

Spartan

Spybot - Search & Destroy

Spybot - Search & Destroy 1.5.2.20

SpywareBlaster 4.6

Sqirlz Morph

Stellarium 0.10.6.1

swMSM

[email protected] ZS4 Video Editor v0.958-686

Taito Legends

Taito Legends 2

Teach Me Piano Deluxe

Teaching-you 31 Languages CD #1

TVersity Codec Pack 1.7

TVersity Media Server 1.0.0.8 RC5

TVersitybar Toolbar

TweetDeck

TwistingPixels

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

USB20 PC Camera-268

VC 9.0 Runtime

videon

Viewpoint Media Player

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Visual C++ Redistributables

W83L518D

WebFldrs XP

WebTablet FB Plugin

WebTablet IE Plugin

WebTablet Netscape Plugin

Winamp

Windows Backup Utility

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Connect

Windows Media Encoder 9 Series

Windows Media Format Runtime

Windows Media Player 10

Windows XP Service Pack 3

WinHTTrack Website Copier 3.41-2

WinISO

WinMorph™ 3.01

WinUAE 1.3.3

WordBiz version 1.8

WordWeb

Works Upgrade

X10 Hardware

Xiph.Org Open Codecs 0.85.17777

Xvid 1.2.2 final uninstall

XYplorer 11.90

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

You Rock Guitar App

Zentimo PRO 1.4

Zero Assumption Recovery Version 8.3

ZipGenius 6 (6.0.3.1150)

ZoneAlarm Firewall

ZoneAlarm Free Firewall

ZoneAlarm Security

ZoneAlarm Spy Blocker

Zoner Photo Studio 14

Zoom Player (remove only)

.

==== Event Viewer Messages From Past Week ========

.

3/7/2013 1:03:08 AM, error: Service Control Manager [7022] - The GFI VIPRE Antivirus Service service hung on starting.

3/6/2013 4:08:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi Fips intelppm Lbd SBRE SCDEmu

3/6/2013 3:40:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SBRE

3/6/2013 3:25:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

3/6/2013 3:19:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi Fips intelppm Lbd sbaphd SCDEmu

3/6/2013 2:42:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd

3/6/2013 2:33:55 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}

3/6/2013 2:33:50 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

3/6/2013 2:33:50 AM, error: Service Control Manager [7003] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the following nonexistent service: winmgmt

3/6/2013 2:33:50 AM, error: Service Control Manager [7003] - The Security Center service depends on the following nonexistent service: winmgmt

3/6/2013 2:33:50 AM, error: Service Control Manager [7003] - The IPv6 Helper Service service depends on the following nonexistent service: winmgmt

3/6/2013 2:13:29 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Windows XP Service Pack 3 (KB936929).

3/5/2013 5:33:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/5/2013 5:27:48 PM, error: sfsync02 [12] -

3/5/2013 3:48:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

.

==== End Of File ===========================

 

 

If there is anything you can suggest to get this PC back to where I can install any antivirus software I would appreciate it!

Share this post


Link to post
Share on other sites

Hi,

 

You are welcome :)

 

Ad-Aware 8 was released several years ago, and Ad-Aware 10 was released a year ago.

 

1. Please, uninstall:

TVersitybar Toolbar, due to http://www.systemlookup.com/CLSID/72785-tbTVer_dll_tbTVe0_dll_tbTVe1_dll_tbTVe2_dll_prxtbTVer_dll_prxtbTVe0_dll_prxtbTVe1_dll_prxtbTVe2_dll.html

 

J2SE Runtime Environment 5.0 Update 1

Java™ 6 Update 31

Java™ SE Runtime Environment 6 Update 1

Those are old versions of Java with many known vulnerabilities that can be used to infect the computer from a web site.

 

2. Please, run the special AVG Remover to remove everything of AVG: http://www.avg.com/us-en/utilities

Run the special Avast Uninstall Utility to remove everything of Avast: http://www.avast.com/uninstall-utility

 

3. Have you configured a proxy server yourself?

uProxyServer = 127.0.0.1:81

 

4. Removal of Ad-Aware drivers:

 

Start - All programs - Accessories - Command Prompt

 

Enter the following commands:

sc stop gfibto

sc delete gfibto

sc delete Lbd

sc delete SBRE

sc delete soqwx32

 

5. Restart the computer.

Run DDS again and paste DDS.txt into your answer. No need for Attach.txt this time.

Share this post


Link to post
Share on other sites

Hi, thanks again for the help.

 

1. I've uninstalled the TVersity toolbar.

 

I couldn't see where to update Java.

 

2. I've run both of the uninstall programs (I'd tried both previously anyway)

 

3. I'm not sure about the proxy server setting.

 

4. I've gone into the command prompt and run all of the requested commands, and performed a system restart.

 

Restarting still shows Ad Watch Live as running and up-to-date though, nothing seems to want to get rid of that setting.

 

The content of the new DDS file is as follows:

 

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Steve_Bedroom at 1:58:19 on 2013-03-09

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1128 [GMT 0:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

FW: ZoneAlarm Free Firewall Firewall *Enabled*

.

============== Running Processes ================

.

C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

f:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\Dit.exe

C:\Program Files\Shutter\Shutter.exe

C:\Program Files\WordWeb\wweb32.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\FlashFolder\FlashFolder.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\WINDOWS\System32\alg.exe

C:\Documents and Settings\Steve_Bedroom\Application Data\Dropbox\bin\Dropbox.exe

C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Facebook\Messenger\2.1.4801.0\FacebookMessenger.exe

D:\My Documents\downloads\AlwaysOnTopMaker\AlwaysOnTopMaker.exe

C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uProxyServer = 127.0.0.1:81

uProxyOverride = local;*.local;<local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\steve_bedroom\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart

mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

mRun: [Dit] Dit.exe

mRun: [shutter] c:\program files\shutter\Shutter.exe

mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"

mRun: [iSW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"

mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x081b -f video -m logitech -d 13.31.1044.0

StartupFolder: c:\docume~1\steve_~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\steve_bedroom\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\steve_~1\startm~1\programs\startup\facebo~1.lnk - c:\documents and settings\steve_bedroom\local settings\application data\facebook\messenger\2.1.4801.0\FacebookMessenger.exe

StartupFolder: c:\docume~1\steve_~1\startm~1\programs\startup\shortc~1.lnk - d:\my documents\downloads\alwaysontopmaker\AlwaysOnTopMaker.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1362534922171

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 212.139.132.44 212.139.132.43

TCP: Interfaces\{43AD480C-46B9-4167-9003-BF66714727DD} : DHCPNameServer = 212.139.132.44 212.139.132.43

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LMIinit - LMIinit.dll

Hosts: 127.0.0.1 www.spywareinfoforum.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\steve_bedroom\application data\mozilla\firefox\profiles\qqihpkoa.steve\

FF - plugin: c:\documents and settings\steve_bedroom\application data\pixelplan\pixelplan o4c viewer web\1.2.7\npPIXELPLANWebViewer.dll

FF - plugin: c:\documents and settings\steve_bedroom\local settings\application data\facebook\messenger\2.1.4801.0\npFbDesktopPlugin.dll

FF - plugin: c:\documents and settings\steve_bedroom\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll

FF - ExtSQL: 2013-01-11 03:54; [email protected]; c:\documents and settings\steve_bedroom\application data\mozilla\firefox\profiles\qqihpkoa.steve\extensions\[email protected]

FF - ExtSQL: 2049-12-31 15:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\documents and settings\steve_bedroom\application data\mozilla\firefox\profiles\qqihpkoa.steve\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-6-21 526640]

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-3-7 465216]

R2 FlashFolder;FlashFolder;c:\program files\flashfolder\FlashFolder.exe [2008-3-21 71680]

R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-4-30 27016]

R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-4-30 497280]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-6-17 47640]

R2 PaceLicenseDServices;PACE License Services;c:\program files\common files\pace\services\licenseservices\LDSvc.exe [2012-5-18 2938880]

R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-8-3 5554552]

R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2011-6-18 66944]

R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-8-3 451960]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]

R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-2-9 802048]

R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-1-20 1287296]

R3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2007-7-11 13824]

R3 RD1003;EDIROL UM-2;c:\windows\system32\drivers\RDWM1003.SYS [2005-7-15 60730]

R3 RDID1061;EDIROL UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [2011-10-26 172865]

R3 SbieDrv;SbieDrv;f:\program files\sandboxie\SbieDrv.sys [2012-2-7 133392]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-8-3 10752]

R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2005-2-9 19928]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9a9c6503cfc04;Google Update Service (gupdate1c9a9c6503cfc04);c:\program files\google\update\GoogleUpdate.exe [2009-3-21 133104]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

S3 a2acc;a2acc;\??\c:\program files\mamutu\a2accx86.sys --> c:\program files\mamutu\a2accx86.sys [?]

S3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt);c:\windows\system32\drivers\bhrngr_m.sys [2010-6-17 35904]

S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-2-9 17408]

S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2011-10-29 163616]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2011-3-30 24056]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-9-7 19056]

S3 USBDFU;USBDFU;c:\windows\system32\drivers\usbdfu.sys --> c:\windows\system32\drivers\usbdfu.sys [?]

S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys --> c:\windows\system32\drivers\vsc.sys [?]

S3 WISOVD;WISOVD;c:\program files\winiso computing\winiso\bin\driver\WISOVD_xp.sys [2012-3-21 4992]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\games\magix\common\database\bin\fbserver.exe [2007-11-5 1527900]

S4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-6-8 374152]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]

S4 ZentimoService;Zentimo Assistant;f:\program files\zentimo\ZentimoService.exe [2011-12-13 259072]

.

=============== File Associations ===============

.

ShellExec: CrazyTalk60.exe: Open=f:\program files\reallusion\crazytalk 6\ct program\CTIEMain.exe "%1"

ShellExec: CT4Skype.exe: open=blank

ShellExec: Premiere.exe: open=blank

.

=============== Created Last 30 ================

.

2013-03-07 04:16:00 -------- d-----w- c:\documents and settings\all users\application data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

2013-03-07 04:15:58 -------- d-----w- c:\documents and settings\all users\application data\IObit

2013-03-07 04:15:56 -------- d-----w- c:\documents and settings\steve_bedroom\application data\IObit

2013-03-07 04:15:50 -------- d-----w- c:\program files\IObit

2013-03-07 03:09:45 -------- d-----w- c:\program files\VS Revo Group

2013-03-07 02:02:59 -------- d-----w- c:\documents and settings\steve_bedroom\application data\LavasoftStatistics

2013-03-07 01:43:54 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations

2013-03-07 01:43:52 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars

2013-03-07 01:43:47 -------- d-----w- c:\program files\adawaretb.old

2013-03-07 01:43:47 -------- d-----w- c:\documents and settings\steve_bedroom\application data\adawaretb

2013-03-07 01:43:46 -------- d-----w- c:\program files\Toolbar Cleaner

2013-03-07 01:24:36 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-03-07 01:24:35 -------- d-----w- c:\documents and settings\steve_bedroom\application data\Ad-Aware Antivirus

2013-03-07 01:16:10 -------- d-----w- c:\documents and settings\all users\application data\GFI Software

2013-03-07 00:57:15 -------- d-----w- c:\documents and settings\steve_bedroom\local settings\application data\adaware

2013-03-07 00:53:36 -------- d-----w- c:\documents and settings\steve_bedroom\local settings\application data\Downloaded Installations

2013-03-06 02:32:29 -------- d-----w- c:\windows\system32\scripting

2013-03-06 02:32:29 -------- d-----w- c:\windows\system32\en

2013-03-06 02:32:29 -------- d-----w- c:\windows\system32\bits

2013-03-06 02:32:29 -------- d-----w- c:\windows\l2schemas

2013-03-06 02:25:23 -------- d-----w- c:\windows\EHome

2013-03-06 02:19:58 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys

2013-03-05 03:45:20 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2013-03-05 02:46:24 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2013-02-27 04:08:59 478104 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2013-02-27 04:08:58 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2013-02-27 04:08:53 2954136 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2013-02-27 04:08:52 277400 ----a-w- c:\program files\mozilla firefox\freebl3.dll

2013-02-27 04:08:51 917400 ----a-w- c:\program files\mozilla firefox\firefox.exe

2013-02-27 04:08:44 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2013-02-27 04:08:42 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2013-02-27 04:08:38 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe

2013-02-27 04:08:36 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2013-02-27 04:08:34 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2013-02-27 04:08:31 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll

2013-02-26 14:38:27 -------- d-----w- c:\program files\AC3Filter

2013-02-22 04:47:23 -------- d-----w- c:\program files\Xiph.Org

.

==================== Find3M ====================

.

2014-05-25 03:23:40 11 -c--a-w- c:\windows\system32\tscrip22.dll

2013-03-09 01:49:37 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS

2013-03-05 16:23:18 74703 ----a-w- c:\windows\system32\mfc45.dat

2013-03-02 02:11:01 3088 -csha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys

2013-02-14 01:55:25 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-14 01:55:24 71024 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-13 01:20:25 163616 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys

.

============= FINISH: 2:00:00.42 ===============

Share this post


Link to post
Share on other sites

Hi,

 

You're welcome :)

 

1. Most people don't need to have Java installed, but if you do, you fetch the latest Java here: http://www.java.com/getjava/

 

2. Good, now the drivers of the programs disappeared. You can delete this folder, if you want:

c:\documents and settings\all users\application data\AVAST Software

 

3. Let us see if you can remove it, since it's suspicious to have it. Please, take a note of the current settings before changing them, then you can enter them again if you can't connect to internet.

 

Control panel - Internet Options - Connections - LAN settings

Click on Advanced

Remove content in such a way that all fields belonging to the header "Servers" are empty.

Click OK

If anything in the field Address, remove it.

Uncheck "Use a proxy server..."

 

4. Good, all drivers are gone. Now you need to tell Windows that Ad-Watch has been deleted.

 

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

 

Start - Run

Enter:

wbemtest

 

Click OK

 

When the program has started, do as in these five pictures:

http://img.photobucket.com/albums/v666/sUBs/Delete_AV_From_WMI.gif

 

That is:

 

Connect

root\SecurityCenter

Query

SELECT * FROM AntivirusProduct

Apply

 

Mark "A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33" which means Ad-Watch.

 

Delete

 

Restart the computer after turning off all programs.

 

5. How is the computer now?

Share this post


Link to post
Share on other sites

Sorry for the delay in replying, life got in the way :unsure:

 

I followed the procedure you outlined above and found Windows Security Center accepted there was no virus scanner installed. This has allowed me to finally install one, so hopefully the PC is now back to its usual self (as in it tries its best to drive me insane, something for which I really don't need a chauffeur, it's not a long journey!)

 

Thank you so much for the help you've given. I was getting concerned I was either going to have to completely reinstall Windows, which I dread on a system this old, or convince myself to buy a new one, which would probably require selling a spare kidney. You've saved me the misery of either :D

Share this post


Link to post
Share on other sites

You are welcome :)

 

No need to apologize :)

 

Note, that it's possible to use the latest Ad-Aware together with another antivirus program, when it's installed in on-demand scan mode. Ad-Aware can then scan the computer to check if the other antivirus program has missed something. See release notes for 10.5 to know how to install Ad-Aware 10.5 when another antivirus program is installed: http://www.lavasoftsupport.com/index.php?/topic/33131-ad-aware-105-released/

Share this post


Link to post
Share on other sites

I've used Ad-Aware as long as I can remember and always liked it so it's nice to know I can still have it there as a 2nd line of defence, so I've just installed it in on-demand mode. Thanks for letting me know, and thanks again for all of the help you've given.

Share this post


Link to post
Share on other sites

You are welcome :)

 

I'm sure Lavasoft appreciates that you have installed Ad-Aware.

Share this post


Link to post
Share on other sites

I'm having the same problem...

I tried to follow your instructions...but at the command prompt it said

{SC} open service failed (5)

access denied

 

this is my dds file...I want to reinstall ad aware late as second line of defense but right now I have nothing because I can't install anything until I remove ad-watch live

 

I appreciate any help...and sorry about hijacking this post!

 

DDS1.txt

Share this post


Link to post
Share on other sites

Hi moggles,

 

I'll start with pasting your log since that makes it easier for me to check the various entries in it. I'll be back when I have gone through it.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
Run by TogsRUs at 23:11:00 on 2013-06-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.5162 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\oovoo\ooVoo.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Users\TogsRUs\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\splwow64.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uWindow Title = Windows Internet Explorer provided by AOL
uDefault_Page_URL = hxxp://www.aol.com/?ncid=customie9
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mWinlogon: Userinit = userinit.exe,
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TBSB03376 Class: {F71E70A4-1200-4A3F-846C-18B8F0DCD5AD} - C:\Program Files (x86)\Shopping Assistant\tbcore3.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: ShoppingAssistant: {68F3A1D2-BC05-4E0F-AD31-722F1B37E758} - C:\Program Files (x86)\Shopping Assistant\tbcore3.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: ShoppingAssistant: {68F3A1D2-BC05-4E0F-AD31-722F1B37E758} - C:\Program Files (x86)\Shopping Assistant\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Facebook Update] "C:\Users\TogsRUs\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "C:\Users\TogsRUs\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ooVoo.exe] C:\program files (x86)\oovoo\oovoo.exe /minimized
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
uRun: [AdobeBridge] <no file>
uRunOnce: [uninstall C:\Users\TogsRUs\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\TogsRUs\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
uRunOnce: [uninstall C:\Users\TogsRUs\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\TogsRUs\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [bSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{ABC83470-35C5-4303-B9A0-87A80D1BD418} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: TBSB03376 Class: {F71E70A4-1200-4A3F-846C-18B8F0DCD5AD} - C:\Program Files\Shopping Assistant_64\tbcore3.dll
x64-TB: ShoppingAssistant: {68F3A1D2-BC05-4E0F-AD31-722F1B37E758} - C:\Program Files\Shopping Assistant_64\tbcore3.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-11-13 69376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-12 55856]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-9-25 231752]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-12 1692480]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-4-13 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-13 271872]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-4-13 321064]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
RUnknown SASKUTIL;SASKUTIL; [x]
S0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-12 14456]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/04/12 21:04:09;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-4-13 158976]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-13 02:58:23 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-06-13 02:58:23 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-06-13 02:31:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DDC70334-8B3F-4FC3-B143-A123E4C0D309}\offreg.dll
2013-06-13 02:24:00 -------- d-----w- C:\ProgramData\CA
2013-06-11 22:10:32 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-11 20:05:26 -------- d-----w- C:\Users\TogsRUs\AppData\Local\{EB2941AE-EAC3-4C50-9235-2F53044B0BA4}
2013-06-11 17:03:56 -------- d-----w- C:\Program Files\office.tmp
2013-06-11 17:01:17 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 00:36:35 -------- d-----w- C:\Users\TogsRUs\AppData\Local\{B984A697-A05C-4AAB-956A-D7BAEA17A1EF}
2013-05-29 11:40:46 -------- d-----w- C:\Users\TogsRUs\AppData\Local\{1789FA4A-B68F-46F9-AC43-4F454E43ECF1}
2013-05-28 21:38:01 -------- d-----w- C:\Users\TogsRUs\AppData\Local\{0115839B-40BA-46A9-931E-C16463743B07}
2013-05-22 23:06:53 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2013-05-22 23:06:25 -------- d-----w- C:\Program Files\My Dell
2013-05-15 00:39:16 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 00:39:16 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 00:39:16 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 00:39:00 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 00:38:59 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 00:38:59 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 00:38:59 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 00:38:49 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 00:38:49 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 00:38:48 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2013-06-12 01:34:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 01:34:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-03-29 20:51:03 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-29 20:51:03 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 23:11:34.60 ===============

Share this post


Link to post
Share on other sites

Hi again,

 

1. Please, uninstall ShoppingAssistant, see http://www.systemlookup.com/lists.php?list=1&type=filename&search=tbcore3 where a lot of suspicious toolbars use the same file name as the ShoppingAssistant in your computer, and Java™ 6 Update 23 och 32, which is an old versions of Java with many known vulnerabilities that can be used to infect the computer from a web site.

 

2. There are drivers from both Ad-Aware 9 and 10 in the computer.

Removal of them:

 

Start - All programs - Accessories - Command Prompt

Enter the following commands:

sc delete gfibto
sc stop Lbd

sc delete Lbd

 

3. Restart the computer.
Run DDS again and paste DDS.txt into your answer.

1 person likes this

Share this post


Link to post
Share on other sites

I uninstalled shopping assistant

 

when I enter commands at command prompt...

I get [sc] openservice failed 5

access denied

 

I am admin...so I should have access?

Edited by moggles

Share this post


Link to post
Share on other sites

To run as administrator:

 

Start - All programs - Accessories - right click on Command Prompt and select 'Run as administrator' then retry the commands as posted by CeciliaB.

 

2 people like this

Share this post


Link to post
Share on other sites

Sorry, that I forgot the "right-click" :(

2 people like this

Share this post


Link to post
Share on other sites

You are welcome :) and I'm glad it worked.

Share this post


Link to post
Share on other sites

I am so up set. I uninstalled Ad Aware from Lavasoft. I thought that would be the end of it. Nope, its only the beginning. For the past 5 hours I have been trying to take back my Fire Fox. Right now Ad Ware has HI-JACKED my browser. Yet I do not have Ad Ware installed

 

securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150111

 

Ive looked at the control panel uninstall. ive tried Avast and Maware bytes but it doesnt find a thing wrong.

 

Talk about Mal Ware!

 

I went to the register looking for Lavasoft and found something there:

 

LavasoftTcpService.exe

NAME TYPE DATA

[ab] (Default) REG_SZ (value not set)

[ab] AppId REG_SZ {2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}

 

If I remove this entry of LAVASOFTTCPSERVICE.EXE will that stop secured search from hijacking my fire fox? (as well as opera, chrome and IE?)

post-107555-0-81113600-1421003110_thumb.png

post-107555-0-57283300-1421003124_thumb.png

Share this post


Link to post
Share on other sites

Hi windmillchaser,

 

As far as I know, LavasoftTcpService.exe belongs to Web Companion and in Web Companion you can select which home page and search engine you want to have.

Is Web Companion installed or have you uninstalled it?

If it is installed, start it and change browser homepage and search engine to the ones you like (maybe its icon is visible when you click on the little arrow to the left in notification area).

 

Information about Web Companion:

http://www.thewindowsclub.com/lavasoft-web-companion-review

http://webcompanion.com/

No malware in it.

 

Web Companion can be deselected during the installation of Ad-Aware.

 

Did you have Ad-Aware 10, which is the forum of this topic, or Ad-Aware 11, which replaced Ad-Aware 10 more than a year ago?

 

If you don't have Web Companion installed, this instruction describes how to change start page and search engine of the browsers: http://www.lavasoftsupport.com/index.php?/topic/33178-how-to-remove-blekko-start-page-and-search-engine/

It's written for Ad-Aware 10 and therefore almost two years old. It's possible that it isn't completely match the latest versions of the browsers. Please, ask if you need help to follow it.

 

Can you change your browsers home page and search engine to your preferred values now?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0