• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
Tom Gerritsen1

Cpvfeed :'(

3 posts in this topic

I can not get the stupid popups to go. Firefox and MSIE are infected. I first thought google toolbar was the thing infected, but without that it still goes. I tried to look through the registry and did to search for new DLLS. I got some, but still there are the popups. Even for another user profile.

;)

 

 

 

 

 

ComboScan v20070306.20 run by Tom Gerritsen on 2007-04-15 at 09:13:31

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

Performed disk cleanup.

 

 

-- HijackThis (run as Tom Gerritsen.exe) ---------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 09:16:22, on 15/04/2007

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\sttray.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Users\Zilka Gerritsen\AppData\Local\Skype\Phone\Skype.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\ehome\ehmsas.exe

C:\PROGRA~1\COMMON~1\Logitech\LComMgr\LVComSX.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Users\Zilka Gerritsen\AppData\Local\Skype\Plugin Manager\SkypePM.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\Windows\system32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Windows\Explorer.EXE

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\system32\LogonUI.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\sttray.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Zilka Gerritsen\AppData\Local\Skype\Phone\Skype.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Tom Gerritsen\Desktop\comboscan.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\PROGRA~1\HIJACK~1\Tom Gerritsen.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {8113F7CD-64BE-41F3-9AEE-01FB1C46F76E} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [skype] "C:\Users\Zilka Gerritsen\AppData\Local\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: QuickSet.lnk = ?

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

O20 - Winlogon Notify: wvusttr - C:\Windows\SYSTEM32\wvusttr.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

 

 

-- File Associations -----------------------------------------------------------

 

.bat - batfile - "%1" %*

.chm - chm.file - "%SystemRoot%\hh.exe" %1

.cmd - cmdfile - "%1" %*

.com - comfile - "%1" %*

.exe - exefile - "%1" %*

.hlp - hlpfile - %SystemRoot%\winhlp32.exe %1

.inf - inffile - %SystemRoot%\system32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\system32\NOTEPAD.EXE %1

.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - "%1" %*

.reg - regfile - regedit.exe "%1"

.scr - scrfile - "%1" /S

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - "%SystemRoot%\System32\WScript.exe" "%1" %*

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

1R aswRdr - C:\Windows\System32\drivers\aswRdr.sys

1R AvgClean (AVG7 Clean Driver) - C:\Windows\System32\drivers\avgclean.sys

1R AvgMfx86 (AVG Minifilter x86 Resident Driver) - C:\Windows\System32\drivers\avgmfx86.sys

3R bcm4sbxp (Broadcom 440x 10/100 Integrated Controller XP Driver) - C:\Windows\System32\drivers\bcm4sbxp.sys

3R BthEnum (Bluetooth Request Block Driver) - C:\Windows\System32\drivers\bthenum.sys

3R BthPan (Bluetooth Device (Personal Area Network)) - C:\Windows\System32\drivers\bthpan.sys

3S BTHPORT (Bluetooth Port Driver) - C:\Windows\System32\drivers\bthport.sys

3R BTHUSB (Bluetooth Radio USB Driver) - C:\Windows\System32\drivers\BTHUSB.SYS

3R GEARAspiWDM - C:\Windows\System32\drivers\GEARAspiWDM.sys

3S HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) - C:\Windows\System32\drivers\HdAudio.sys

3R HSFHWAZL - C:\Windows\System32\drivers\VSTAZL3.SYS

3R HSF_DPV - C:\Windows\System32\drivers\VSTDPV3.SYS

1S IKFileFlt (File Filter Driver) - C:\Windows\System32\drivers\ikfileflt.sys

3S IKFileSec (File Security Driver) - C:\Windows\System32\drivers\ikfilesec.sys

1S IkSysFlt (System Filter Driver) - C:\Windows\System32\drivers\iksysflt.sys

3S IKSysSec (System Security Driver) - C:\Windows\System32\drivers\iksyssec.sys

3S LVcKap (Logitech AEC Driver) - C:\Windows\System32\drivers\Lvckap.sys

3R LVMVDrv (Logitech Machine Vision Engine Loader) - C:\Windows\System32\drivers\LVMVdrv.sys

3R LVUSBSta (Logitech USB Monitor Filter) - C:\Windows\System32\drivers\LVUSBSta.sys

3R LVUVC (QuickCam for Dell Notebooks(UVC)) - C:\Windows\System32\drivers\lvuvc.sys

3R NETw3v32 (Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit) - C:\Windows\System32\drivers\NETw3v32.sys

3R nvlddmkm - C:\Windows\System32\drivers\nvlddmkm.sys

3R RFCOMM (Bluetooth Device (RFCOMM Protocol TDI)) - C:\Windows\System32\drivers\rfcomm.sys

3R rimmptsk - C:\Windows\System32\drivers\rimmptsk.sys

3R rimsptsk - C:\Windows\System32\drivers\rimsptsk.sys

2R rismxdp (Ricoh xD-Picture Card Driver) - C:\Windows\System32\drivers\rixdptsk.sys

3R sdbus - C:\Windows\System32\drivers\sdbus.sys

3R STHDA (SigmaTel High Definition Audio CODEC) - C:\Windows\System32\drivers\stwrt.sys

3R SynTP (Synaptics TouchPad Driver) - C:\Windows\System32\drivers\SynTP.sys

3R usbaudio (USB Audio Driver (WDM)) - C:\Windows\System32\drivers\USBAUDIO.sys

3S USBSTOR (USB Mass Storage Driver) - C:\Windows\System32\drivers\USBSTOR.SYS

3S vaxscsi - C:\Windows\System32\drivers\vaxscsi.sys

3R winachsf - C:\Windows\System32\drivers\VSTCNXT3.SYS

3S WpdUsb - C:\Windows\System32\drivers\WpdUsb.sys

3S WUDFRd - C:\Windows\System32\drivers\WUDFRd.sys

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

2R Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

2R Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

2R AvgCoreSvc (AVG7 Resident Shield Service) - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

2R BthServ (Bluetooth Support Service) - C:\Windows\system32\svchost.exe -k bthsvcs

3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"

3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"

3S NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

3S odserv (Microsoft Office Diagnostics Service) - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"

3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

2R sdAuxService (Spyware Doctor Auxiliary Service) - C:\Program Files\Spyware Doctor\svcntaux.exe

2R sdCoreService (Spyware Doctor Service) - C:\Program Files\Spyware Doctor\swdsvc.exe

3S ServiceLayer - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"

2R STacSV (SigmaTel Audio Service) - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

2R StarWindService (StarWind iSCSI Service) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

3R usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe"

 

 

-- Files created between 2007-03-15 and 2007-04-15 -----------------------------

 

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-04-15 09:16:19 13401 --a------ C:\Users\Tom Gerritsen\AppData\Roaming\nvModes.001

2007-04-15 09:02:21 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Skype

2007-04-15 09:00:08 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\AVG7

2007-04-14 11:17:48 0 d-------- C:\Program Files\NoAdware5.0<NOADWA~1.0>

2007-04-13 22:50:57 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>

2007-04-13 22:47:06 0 d-------- C:\Program Files\InterActual<INTERA~1>

2007-04-13 22:46:29 0 d-------- C:\Program Files\Winamp

2007-04-13 22:43:38 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Lavasoft

2007-04-13 22:42:34 0 d-------- C:\Program Files\Lavasoft

2007-04-13 22:42:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>

2007-04-13 17:16:43 2484 --a------ C:\Windows\bthservsdp.dat<BTHSER~1.DAT>

2007-04-13 07:07:45 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>

2007-04-13 06:46:52 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\PC Tools<PCTOOL~1>

2007-04-12 07:32:01 0 d-------- C:\Program Files\Windows Defender<WINDOW~3>

2007-04-12 07:04:58 13401 --a------ C:\Users\Tom Gerritsen\AppData\Roaming\nvModes.dat

2007-04-11 22:07:08 376320 --a------ C:\Windows\system32\winsrv.dll

2007-04-11 22:07:08 49664 --a------ C:\Windows\system32\csrsrv.dll

2007-04-11 22:05:58 0 d-------- C:\Program Files\Windows Mail<WINDOW~1>

2007-04-11 19:11:03 9216 --a------ C:\Windows\system32\avgwlntf.dll

2007-04-11 19:10:56 0 d-------- C:\Program Files\Grisoft

2007-04-11 18:33:00 0 d-------- C:\Program Files\Microsoft Games<MICROS~1>

2007-04-11 18:32:57 105434 --a------ C:\Windows\VTTC.exe

2007-04-11 18:32:53 8464 --a------ C:\Windows\system32\sporder.dll

2007-04-11 18:32:43 26694 --a------ C:\Windows\system32\wvusttr.dll

2007-04-09 18:04:23 184320 --a------ C:\Windows\win3206416337511.exe<WIN320~1.EXE>

2007-04-06 21:49:43 53248 --a------ C:\Windows\111uninst.exe<111UNI~1.EXE>

2007-04-05 07:40:02 111763 --a------ C:\Windows\LogRover - Web Interface Uninstaller.exe<LOGROV~2.EXE>

2007-04-05 07:39:47 110030 --a------ C:\Windows\LogRover Uninstaller.exe<LOGROV~1.EXE>

2007-04-04 06:24:39 2026496 --a------ C:\Windows\system32\win32k.sys

2007-04-04 06:24:39 633856 --a------ C:\Windows\system32\user32.dll

2007-04-03 06:56:26 0 d-------- C:\Program Files\DivX

2007-04-01 16:45:17 952 --ahs---- C:\Windows\system32\KGyGaAvL.sys

2007-04-01 07:54:30 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Winamp

2007-03-31 16:53:26 0 d---s---- C:\Users\Tom Gerritsen\AppData\Roaming\Microsoft<MICROS~1>

2007-03-31 16:35:19 0 d-------- C:\Program Files\Alcohol Soft<ALCOHO~1>

2007-03-27 08:55:57 524288 --a------ C:\Windows\system32\DivXsm.exe

2007-03-27 08:55:48 3596288 --a------ C:\Windows\system32\qt-dx331.dll

2007-03-27 08:55:31 118520 -----n--- C:\Windows\system32\pxinsi64.exe

2007-03-27 08:55:31 116472 -----n--- C:\Windows\system32\pxcpyi64.exe

2007-03-27 08:55:31 129784 --a------ C:\Windows\system32\pxafs.dll

2007-03-27 08:55:23 200704 --a------ C:\Windows\system32\ssldivx.dll

2007-03-27 08:55:23 1044480 --a------ C:\Windows\system32\libdivx.dll

2007-03-27 08:49:07 196608 --a------ C:\Windows\system32\dtu100.dll

2007-03-27 08:49:07 73728 --a------ C:\Windows\system32\dpl100.dll

2007-03-27 08:49:05 53248 --a------ C:\Windows\system32\dpuGUI10.dll

2007-03-27 08:49:03 593920 --a------ C:\Windows\system32\dpuGUI11.dll

2007-03-27 08:49:02 57344 --a------ C:\Windows\system32\dpv11.dll

2007-03-27 08:49:02 344064 --a------ C:\Windows\system32\dpus11.dll

2007-03-27 08:49:02 294912 --a------ C:\Windows\system32\dpu11.dll

2007-03-27 08:49:02 294912 --a------ C:\Windows\system32\dpu10.dll

2007-03-27 08:48:59 823296 --a------ C:\Windows\system32\divx_xx07.dll<DIVX_X~2.DLL>

2007-03-27 08:48:58 802816 --a------ C:\Windows\system32\divx_xx11.dll<DIVX_X~3.DLL>

2007-03-27 08:48:58 823296 --a------ C:\Windows\system32\divx_xx0c.dll<DIVX_X~1.DLL>

2007-03-27 08:48:58 639066 --a------ C:\Windows\system32\DivX.dll

2007-03-26 23:07:09 0 d-------- C:\Program Files\Common Files\Corel

2007-03-26 23:07:06 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Corel

2007-03-26 23:06:07 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>

2007-03-26 23:06:04 0 d-------- C:\Program Files\Corel

2007-03-26 19:47:59 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>

2007-03-26 18:34:05 0 d-------- C:\Program Files\SigmaTel

2007-03-26 18:08:05 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Dell

2007-03-26 18:08:00 0 d-------- C:\Program Files\Dell

2007-03-26 17:47:38 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\dvdcss

2007-03-26 17:08:10 0 d-------- C:\Program Files\iTunes

2007-03-26 17:08:07 0 d-------- C:\Program Files\iPod

2007-03-26 17:07:18 0 d-------- C:\Program Files\QuickTime<QUICKT~1>

2007-03-26 17:05:19 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>

2007-03-26 16:53:49 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Apple Computer<APPLEC~1>

2007-03-26 16:46:17 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>

2007-03-25 13:44:18 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Adobe

2007-03-25 13:43:38 0 d-------- C:\Program Files\Common Files\Adobe

2007-03-25 10:22:37 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>

2007-03-25 10:21:09 414208 --a------ C:\Windows\system32\msscp.dll

2007-03-25 10:20:49 4153344 --a------ C:\Windows\system32\GameUXLegacyGDFs.dll

2007-03-25 10:20:49 1686016 --a------ C:\Windows\system32\gameux.dll

2007-03-25 10:13:35 0 d-------- C:\Program Files\Real

2007-03-24 20:05:48 0 d-------- C:\Program Files\BitLocker<BITLOC~1>

2007-03-24 19:54:00 1171848 --a------ C:\Windows\system32\SecureKeyBackupCPL.dll

2007-03-24 19:53:49 229888 --a------ C:\Windows\system32\msshsq.dll

2007-03-15 15:46:35 57344 --a------ C:\Windows\uni_eh10.exe

2007-03-10 17:27:59 104448 --a------ C:\Windows\system32\DWWIN.EXE

2007-03-10 17:27:31 383488 --a------ C:\Windows\system32\ieapfltr.dll

2007-03-10 17:27:11 974336 --a------ C:\Windows\system32\crypt32.dll

2007-03-05 13:34:28 676224 --a------ C:\Windows\system32\OGACheckControl.DLL<OGACHE~1.DLL>

2007-03-02 03:43:00 1411072 --a------ C:\Windows\system32\nvwgf2um.dll

2007-03-02 03:43:00 36352 --a------ C:\Windows\system32\nvcodins.dll

2007-03-02 03:43:00 36352 --a------ C:\Windows\system32\nvcod.dll

2007-03-02 03:43:00 521128 --a------ C:\Windows\system32\dpinst.exe

2007-02-18 22:12:01 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\vlc

2007-02-18 22:11:21 0 d-------- C:\Program Files\VideoLAN

2007-02-16 02:40:35 124472 --a------ C:\Windows\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>

2007-01-19 12:53:04 51056 --a------ C:\Windows\system32\sirenacm.dll

 

 

-- Registry Dump ---------------------------------------------------------------

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"

"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"

"Skype"="\"C:\\Users\\Zilka Gerritsen\\AppData\\Local\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\

6e,64,6f,77,73,20,44,65,66,65,6e,64,65,72,5c,4d,53,41,53,43,75,69,2e,65,78,\

65,20,2d,68,69,64,65,00

"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\Communications_Helper.exe\""

"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"

"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"SigmatelSysTrayApp"="sttray.exe"

"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"

"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

"SDTray"="C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe"

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{C4C362EA-C1AE-4399-B47C-33061562BD88}"=""

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=dword:00000002

"ConsentPromptBehaviorUser"=dword:00000001

"EnableInstallerDetection"=dword:00000001

"EnableLUA"=dword:00000001

"EnableSecureUIAPaths"=dword:00000001

"EnableVirtualization"=dword:00000001

"PromptOnSecureDesktop"=dword:00000001

"ValidateAdminCodeSignatures"=dword:00000000

"scforceoption"=dword:00000000

"FilterAdministratorToken"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]

"CF_TEXT"=dword:00000001

"CF_BITMAP"=dword:00000002

"CF_OEMTEXT"=dword:00000007

"CF_DIB"=dword:00000008

"CF_PALETTE"=dword:00000009

"CF_UNICODETEXT"=dword:0000000d

"CF_DIBV5"=dword:00000011

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"=dword:00000002

"DontDisplayLogonHoursWarnings"=dword:00000001

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvusttr

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="credssp.dll"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ nsilltdsvcSSDPSRVupnphostSCardSvrw32timeEventSystemRemoteRegistryWinHttpAutoProxySvclanmanworkstationTBSSLUINotifyTHREADORDERfdrespubnetprofmfdphostwcncsvcQWAVEMcx2SvcWebClient\

LocalSystemNetworkRestricted REG_MULTI_SZ hidservUxSmsWdiSystemHostNetmantrkwksAudioEndpointBuilderWUDFSvcirmonsysmainIPBusEnumdot3svcPcaSvcCscServicewlansvcUmRdpServiceEMDMgmtWPDBusEnumTabletInputService\

NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\

LocalServiceNoNetwork REG_MULTI_SZ PLADPSBFEmpssvcehstart\

NetworkService REG_MULTI_SZ CryptSvcDHCPTermServiceKtmRmDNSCacheNapAgentnlasvcWinRMWECSVCTapisrv\

termsvcs REG_MULTI_SZ TermService\

WerSvcGroup REG_MULTI_SZ wersvc\

swprv REG_MULTI_SZ swprv\

LocalServiceNetworkRestricted REG_MULTI_SZ DHCPeventlogAudioSrvLmHostswscsvcp2pimsvcPNRPSvcp2psvcWPCSvcPnrpAutoReg\

rpcss REG_MULTI_SZ RpcSs\

regsvc REG_MULTI_SZ RemoteRegistry\

wcssvc REG_MULTI_SZ WcsPlugInService\

DcomLaunch REG_MULTI_SZ PlugPlayDcomLaunch\

wdisvc REG_MULTI_SZ WdiServiceHost\

sdrsvc REG_MULTI_SZ sdrsvc\

imgsvc REG_MULTI_SZ StiSvc\

secsvcs REG_MULTI_SZ WinDefend\

bthsvcs REG_MULTI_SZ BthServ\

 

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*

AeLookupSvc

wercplsupport

CertPropSvc

SCPolicySvc

gpsvc

IKEEXT

LogonHours

PCAudit

iphlpsvc

AppInfo

msiscsi

MMCSS

ProfSvc

EapHost

SessionEnv

hkmsvc

 

 

 

-- End of ComboScan: finished at 2007-04-15 at 09:17:16 ------------------------

 

ComboScan v20070306.20 run by Tom Gerritsen on 2007-04-15 at 09:13:31

Supplementary logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft® Windows Vista™ Ultimate (build 6000)

Architecture: X86; Language: English

 

CPU 0: Genuine Intel® CPU T2400 @ 1.83GHz

Percentage of Memory in Use: 75%

Physical Memory (total/avail): 1533.57 MiB / 369.3 MiB

Pagefile Memory (total/avail): 3299.45 MiB / 1170.5 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1949.13 MiB

 

C: is Fixed (NTFS) - 24.41 GiB total, 5.63 GiB free.

D: is CDROM (No Media)

E: is Fixed (NTFS) - 26.69 GiB total, 9.31 GiB free.

F: is CDROM (No Media)

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

 

AV: AVG 7.5.446 v7.5.446 (GRISOFT)

AV: avast! antivirus 4.7.892 [VPS 0659-1] v4.7.892 (ALWIL Software)

AS: Spyware Doctor v5.0.0.179 (PC Tools)

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Tom Gerritsen\AppData\Roaming

CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=VISTABAK

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\Tom Gerritsen

LOCALAPPDATA=C:\Users\Tom Gerritsen\AppData\Local

LOGONSERVER=\\VISTABAK

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0e08

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\TOMGER~1\AppData\Local\Temp

TMP=C:\Users\TOMGER~1\AppData\Local\Temp

USERDOMAIN=VistaBak

USERNAME=Tom Gerritsen

USERPROFILE=C:\Users\Tom Gerritsen

windir=C:\Windows

 

 

-- User Profiles ---------------------------------------------------------------

 

Tom Gerritsen

Zilka Gerritsen

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL

--> C:\Windows\UNNeroShowTime.exe /UNINSTALL

--> C:\Windows\UNNeroVision.exe /UNINSTALL

--> C:\Windows\UNRecode.exe /UNINSTALL

3ivx D4 4.5.1 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"

Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}

Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}

Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}

AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL

Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}

Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}

DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

InterVideo WinDVD 7 --> "C:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL

iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}

Logitech QuickCam --> MsiExec.exe /X{BFD0113A-BD9F-489D-96CE-AA0382C006A7}

Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly

Medieval Total War --> C:\Windows\IsUninst.exe -f"C:\Program Files\Total War\Medieval - Total War\Uninst.isu"

Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office OneNote 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ONENOTER /dll OSETUP.DLL

Microsoft Office OneNote 2007 --> MsiExec.exe /X{91120000-00A1-0000-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL

Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}

Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe

Mozilla Firefox (2.0.0.3) --> C:\progra~1\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB925672) --> MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}

MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}

neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI

PC Connectivity Solution --> MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}

QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}

QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}

Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}

SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly

Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}

Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Update for Office 2007 (KB932080) --> msiexec /package {91120000-00A1-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}

Update for Outlook 2007 Junk Email Filter (KB932338) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E90DA454-DE6C-45FA-A702-47B614A0159F}

VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe

Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"

Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}

Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

 

 

-- End of ComboScan: finished at 2007-04-15 at 09:17:16 ------------------------

ComboScan.txt

Edited by Tom Gerritsen1

Share this post


Link to post
Share on other sites

Hi Tom,

 

Hi ,

 

Apologies for the late reply, we've been quite swamped in here as you can probably see.

 

Are you still needing help?

 

I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.

 

I do see what looks like Vundo or a variant of it on that log, however, that HijackThis version isn't Vista compatible. Please uninstall that one via Add/Remove programs in the Control Panel, if listed. Delete the current HijackThis.exe and get a fresh copy of v. 2 from Trend-Micro here:

http://www.download.com/HijackThis/3000-8022_4-10379544.html

 

If you still need help, please post a fresh HijackThis log so I can see where you are at this point

 

Also, update your Ad-Aware SE program and do a scan with it. Let me know if it finds anything.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0