Jump to content


Photo
- - - - -

Unable to uninstall completely

uninstall live watch security center

  • Please log in to reply
17 replies to this topic

#1 DawkinsDog

DawkinsDog

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 07 March 2013 - 03:58 AM

Hi there,

Sorry if I'm putting this in the wrong part of the forum but I'm tearing my hair out here and hoping somebody will know what is going on.

I am trying to completely uninstall Ad-Aware, or more precisely I thought I already had months ago - but apparently not. In Security Center it says that I have Lavasoft Ad-Aware Live! Anti-virus protection up to date and scanning, which it shouldn't be given that, as I said, I uninstalled it ages ago. I've tried reinstalling the old version of Ad-Aware but it won't scan, the option is grayed out, uninstalling it doesn't clear up the Watch Live! problem and nor does installing the latest version of Ad-Aware, which also won't scan at all and also doesn't remove the setting in Security Center when uninstalled.

I'm at a loss as to what else to try. I've run several registry cleaners, none find any problems relating to it and I'm loath to start digging around the registry without any guide as to what to look for.

The problem this is causing is that I am now without any active virus scanner. If I try to install another, such as Avast or AVG, my PC immediately causes a Blue Screen of Death and I have to go into Safe Mode to uninstall it. It would appear, due to the BSOD error (No_More_IRP_Stack_Locations) that the system erroneously thinks there's another virus scanner running, which is presumably Watch Live.

If anybody knows how to resolve this problem I would be extremely grateful!

#2 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7522 posts

Posted 07 March 2013 - 11:27 AM

Hi DawkinsDog,

Please, tell us the version of Ad-Aware that you haven't been able to fully uninstall.

Save DDS to your desktop: http://download.blee...om/sUBs/dds.scr

Double-click on the DDS tool to run it.

When finished, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save them to your desktop and paste their content into your answer.

#3 DawkinsDog

DawkinsDog

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 08 March 2013 - 02:02 AM

Hi, thanks for the response.

Without reinstalling it, I can't recall which version of Ad-aware it was I was running, possibly 8, but the installation file dates to last April if that helps any.

I've tried Revo Uninstall without success. I've also tried repairing the Security Center with Advanced System Care 6, again without success. I've tried turning off Security Center and rebooting, same problem. Nothing wants to shift this setting and I'm getting increasingly concerned it's effectively killed my PC as I don't relish having to reinstall Windows XP and it's pretty much my lifeline. The problem isn't just stopping me installing Avast, it happens with AVG too.

The contents of the files requested are;

DDS.TXT


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Steve_Bedroom at 0:42:34 on 2013-03-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.866 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
f:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Shutter\Shutter.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\FlashFolder\FlashFolder.exe
C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Steve_Bedroom\Application Data\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Facebook\Messenger\2.1.4801.0\FacebookMessenger.exe
D:\My Documents\downloads\AlwaysOnTopMaker\AlwaysOnTopMaker.exe
C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uProxyServer = 127.0.0.1:81
uProxyOverride = local;*.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVe0.dll
uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVe0.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: TVersitybar Toolbar: {66BD2442-241B-44CD-8C7A-B51037053CDB} - c:\program files\tversitybar\prxtbTVe0.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVe0.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\steve_bedroom\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [Dit] Dit.exe
mRun: [Shutter] c:\program files\shutter\Shutter.exe
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x081b -f video -m logitech -d 13.31.1044.0
StartupFolder: c:\docume~1\steve_~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\steve_bedroom\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\steve_~1\startm~1\programs\startup\facebo~1.lnk - c:\documents and settings\steve_bedroom\local settings\application data\facebook\messenger\2.1.4801.0\FacebookMessenger.exe
StartupFolder: c:\docume~1\steve_~1\startm~1\programs\startup\shortc~1.lnk - d:\my documents\downloads\alwaysontopmaker\AlwaysOnTopMaker.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1362534922171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 212.139.132.44 212.139.132.43
TCP: Interfaces\{43AD480C-46B9-4167-9003-BF66714727DD} : DHCPNameServer = 212.139.132.44 212.139.132.43
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
Hosts: 127.0.0.1 www.spywareinfoforum.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\steve_bedroom\application data\mozilla\firefox\profiles\qqihpkoa.steve\
FF - plugin: c:\documents and settings\steve_bedroom\application data\pixelplan\pixelplan o4c viewer web\1.2.7\npPIXELPLANWebViewer.dll
FF - plugin: c:\documents and settings\steve_bedroom\local settings\application data\facebook\messenger\2.1.4651.0\npFbDesktopPlugin.dll
FF - plugin: c:\documents and settings\steve_bedroom\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
FF - ExtSQL: 2013-01-11 03:54; UIEnhancer@girishsharma; c:\documents and settings\steve_bedroom\application data\mozilla\firefox\profiles\qqihpkoa.steve\extensions\UIEnhancer@girishsharma.xpi
FF - ExtSQL: 2049-12-31 15:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\documents and settings\steve_bedroom\application data\mozilla\firefox\profiles\qqihpkoa.steve\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-3-7 13560]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-6-21 526640]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-3-7 465216]
R2 FlashFolder;FlashFolder;c:\program files\flashfolder\FlashFolder.exe [2008-3-21 71680]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-4-30 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-4-30 497280]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-6-17 47640]
R2 PaceLicenseDServices;PACE License Services;c:\program files\common files\pace\services\licenseservices\LDSvc.exe [2012-5-18 2938880]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-8-3 5554552]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2011-6-18 66944]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-8-3 451960]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-2-9 802048]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-1-20 1287296]
R3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2007-7-11 13824]
R3 RD1003;EDIROL UM-2;c:\windows\system32\drivers\RDWM1003.SYS [2005-7-15 60730]
R3 RDID1061;EDIROL UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [2011-10-26 172865]
R3 SbieDrv;SbieDrv;f:\program files\sandboxie\SbieDrv.sys [2012-2-7 133392]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-8-3 10752]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2005-2-9 19928]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a9c6503cfc04;Google Update Service (gupdate1c9a9c6503cfc04);c:\program files\google\update\GoogleUpdate.exe [2009-3-21 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 a2acc;a2acc;\??\c:\program files\mamutu\a2accx86.sys --> c:\program files\mamutu\a2accx86.sys [?]
S3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt);c:\windows\system32\drivers\bhrngr_m.sys [2010-6-17 35904]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-2-9 17408]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2011-10-29 163616]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2011-3-30 24056]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-9-7 19056]
S3 USBDFU;USBDFU;c:\windows\system32\drivers\usbdfu.sys --> c:\windows\system32\drivers\usbdfu.sys [?]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys --> c:\windows\system32\drivers\vsc.sys [?]
S3 WISOVD;WISOVD;c:\program files\winiso computing\winiso\bin\driver\WISOVD_xp.sys [2012-3-21 4992]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\games\magix\common\database\bin\fbserver.exe [2007-11-5 1527900]
S4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-6-8 374152]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
S4 ZentimoService;Zentimo Assistant;f:\program files\zentimo\ZentimoService.exe [2011-12-13 259072]
.
=============== File Associations ===============
.
ShellExec: CrazyTalk60.exe: Open=f:\program files\reallusion\crazytalk 6\ct program\CTIEMain.exe "%1"
ShellExec: CT4Skype.exe: open=blank
ShellExec: Premiere.exe: open=blank
.
=============== Created Last 30 ================
.
2013-03-07 04:16:00 -------- d-----w- c:\documents and settings\all users\application data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-03-07 04:15:58 -------- d-----w- c:\documents and settings\all users\application data\IObit
2013-03-07 04:15:56 -------- d-----w- c:\documents and settings\steve_bedroom\application data\IObit
2013-03-07 04:15:50 -------- d-----w- c:\program files\IObit
2013-03-07 03:09:45 -------- d-----w- c:\program files\VS Revo Group
2013-03-07 02:02:59 -------- d-----w- c:\documents and settings\steve_bedroom\application data\LavasoftStatistics
2013-03-07 01:43:54 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations
2013-03-07 01:43:52 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2013-03-07 01:43:47 -------- d-----w- c:\program files\adawaretb.old
2013-03-07 01:43:47 -------- d-----w- c:\documents and settings\steve_bedroom\application data\adawaretb
2013-03-07 01:43:46 -------- d-----w- c:\program files\Toolbar Cleaner
2013-03-07 01:24:36 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-03-07 01:24:35 -------- d-----w- c:\documents and settings\steve_bedroom\application data\Ad-Aware Antivirus
2013-03-07 01:16:10 -------- d-----w- c:\documents and settings\all users\application data\GFI Software
2013-03-07 00:57:15 -------- d-----w- c:\documents and settings\steve_bedroom\local settings\application data\adaware
2013-03-07 00:53:36 -------- d-----w- c:\documents and settings\steve_bedroom\local settings\application data\Downloaded Installations
2013-03-06 02:32:29 -------- d-----w- c:\windows\system32\scripting
2013-03-06 02:32:29 -------- d-----w- c:\windows\system32\en
2013-03-06 02:32:29 -------- d-----w- c:\windows\system32\bits
2013-03-06 02:32:29 -------- d-----w- c:\windows\l2schemas
2013-03-06 02:25:23 -------- d-----w- c:\windows\EHome
2013-03-06 02:19:58 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2013-03-05 17:17:45 -------- d-----w- c:\program files\AVAST Software
2013-03-05 03:48:25 -------- d-----w- c:\program files\AVG
2013-03-05 03:45:20 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-03-05 03:45:20 -------- d-----w- c:\documents and settings\steve_bedroom\local settings\application data\MFAData
2013-03-05 03:45:20 -------- d-----w- c:\documents and settings\steve_bedroom\local settings\application data\Avg2013
2013-03-05 03:45:20 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-03-05 02:46:24 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-02-27 04:08:59 478104 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2013-02-27 04:08:58 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2013-02-27 04:08:53 2954136 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2013-02-27 04:08:52 277400 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2013-02-27 04:08:51 917400 ----a-w- c:\program files\mozilla firefox\firefox.exe
2013-02-27 04:08:44 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2013-02-27 04:08:42 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-02-27 04:08:38 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-02-27 04:08:36 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-02-27 04:08:34 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-02-27 04:08:31 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-02-26 14:38:27 -------- d-----w- c:\program files\AC3Filter
2013-02-22 04:47:23 -------- d-----w- c:\program files\Xiph.Org
.
==================== Find3M ====================
.
2014-05-25 03:23:40 11 -c--a-w- c:\windows\system32\tscrip22.dll
2013-03-08 00:30:34 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2013-03-05 16:23:18 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-03-02 02:11:01 3088 -csha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2013-02-14 01:55:25 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-14 01:55:24 71024 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-13 01:20:25 163616 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys
.
============= FINISH: 0:43:51.60 ===============


ATTACH.TXT

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/9/2011 4:57:27 AM
System Uptime: 3/8/2013 12:29:12 AM (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7091
Processor: Intel® Pentium® 4 CPU 3.20GHz | Socket 478 | 3192/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 39.418 GiB free.
D: is FIXED (NTFS) - 69 GiB total, 19.016 GiB free.
E: is FIXED (FAT32) - 6 GiB total, 1.359 GiB free.
F: is FIXED (NTFS) - 149 GiB total, 128.014 GiB free.
G: is CDROM ()
H: is CDROM ()
M: is FIXED (NTFS) - 1863 GiB total, 1056.944 GiB free.
S: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: RT2500 USB Wireless LAN Card
Device ID: USB\VID_148F&PID_2570\6&2BA0E92B&0&1
Manufacturer: Ralink Technology Corp.
Name: RT2500 USB Wireless LAN Card
PNP Device ID: USB\VID_148F&PID_2570\6&2BA0E92B&0&1
Service: RT2500USB
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: X10 USB Wireless Transceiver (ACPI-compliant)
Device ID: USB\VID_0BC7&PID_0006\6&2BA0E92B&0&3
Manufacturer: X10 Wireless Technology, Inc.
Name: X10 USB Wireless Transceiver (ACPI-compliant)
PNP Device ID: USB\VID_0BC7&PID_0006\6&2BA0E92B&0&3
Service: XUIF
.
==== System Restore Points ===================
.
RP554: 3/3/2013 1:20:32 AM - Removed Evernote v. 4.5.3
RP555: 3/5/2013 2:08:57 AM - avast! Free Antivirus Setup
RP556: 3/5/2013 2:27:08 AM - avast! Free Antivirus Setup
RP557: 3/5/2013 2:47:21 AM - avast! Free Antivirus Setup
RP558: 3/5/2013 3:16:52 AM - avast! Free Antivirus Setup
RP559: 3/5/2013 3:48:23 AM - Installed AVG 2013
RP560: 3/5/2013 4:09:39 AM - Installed AVG 2013
RP561: 3/5/2013 4:08:38 AM - avast! Free Antivirus Setup
RP562: 3/5/2013 4:46:26 AM - avast! Free Antivirus Setup
RP563: 3/5/2013 5:17:45 PM - avast! Free Antivirus Setup
RP564: 3/6/2013 2:02:19 AM - Before SP3 install
RP565: 3/6/2013 2:08:45 AM - Software Distribution Service 3.0
RP566: 3/6/2013 2:21:44 AM - Software Distribution Service 3.0
RP567: 3/6/2013 3:00:47 AM - After SP3 Before Antivirus
RP568: 3/6/2013 3:02:07 AM - After SP3 and setting Reg
RP569: 3/6/2013 3:09:12 AM - avast! Free Antivirus Setup
RP570: 3/6/2013 3:35:51 AM - Removed Ad-Aware Antivirus.
RP571: 3/6/2013 4:02:15 AM - avast! Free Antivirus Setup
RP572: 3/7/2013 12:43:42 AM - Before reinstall Ad-Aware
RP573: 3/7/2013 1:15:40 AM - Removed Ad-Aware Antivirus.
RP574: 3/7/2013 2:40:05 AM - Removed Ad-Aware Antivirus.
RP575: 3/7/2013 3:10:32 AM - Revo Uninstaller's restore point - Ad-Aware Browsing Protection
RP576: 3/7/2013 5:08:17 AM - After Sec Cent disable attempt
.
==== Installed Programs ======================
.

3D Shadow by Lokas Software
7-Zip 9.20
AC3Filter 2.5b
Acrobat.com
AcroPano Photo Stitcher, Panorama software
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe PDF Library Files
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Adobe SVG Viewer
Adobe Type Support
Advanced SystemCare 6
AHV content for Acrobat and Flash
Aiseesoft DVD Creator 5.1.20
Aiseesoft Total Video Converter Platinum 6.3.26
Amazon Kindle
Amazon Send to Kindle
AMCap
AnalogX SayIt
AnvSoft Photo Flash Maker Professional 5.40
Any Video Converter 3.2.7
AOL UK (Choose which version to remove)
ArcSoft TotalMedia 3.5
ArtRage 2
Ashampoo Undeleter v.1.1.0
Aspell English Dictionary-0.50-2
Astra Image Webcam Video Grabber 1.0c
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AVI&WMV 1.0
Avi2Dvd 0.6.2
AVIcodec (remove only)
AviSynth 2.5
AXIS Media Control Embedded
Bamboo
Bass Audio Decoder (remove only)
BEHRINGER USB MIDI DRIVER
Bink and Smacker
Blender
BlueSoleil
Boilsoft Video Joiner 6.57
Boilsoft Video Splitter 6.34
C-Media High Definition Audio Driver
calibre
CameraHelperMsi
CamStudio
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD Audio Reader Filter (remove only)
Content
CoreAAC Audio Decoder (remove only)
Creatix V.92 Data Fax Modem
Data Lifeguard Diagnostic for Windows 1.24
DCoder Image Source (remove only)
Debut Video Capture Software
Defraggler
DeviceControl
Digitalizer 1.24
DirectVobSub (remove only)
DivX Web Player
DivxToDVD 0.5.2
DjVuLibre+DjView
DP Animation Maker
Driver Magician 3.65
Dropbox
Drv
EASEUS Partition Master 9.1.1 Professional
eBand Song List Editor
erLT
Eusing Free Registry Cleaner
Facebook Messenger 2.1.4801.0
FacebookMessenger version 2.0
ffdshow v1.2.4453 [2012-05-21]
FFMPEG Core Files (remove only)
FileZilla Client 3.5.3
Firebird SQL Server - MAGIX Edition 2.0.0.1 (US)
FlashFolder
Folder Guide
Folder Marker v 1.4
Foto Fusion Platinum
FoxyTunes for Firefox
Free Unix Spectrum Emulator (Fuse) 1.0.0.1
Gabest MPEG Splitter (remove only)
Generic USB CardReader 2.0
GIMP 2.6.11
Glary Utilities Pro 2.41.0.1358
GNU Aspell 0.50-3
Google Chrome
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GraphicView 32
Greenshot
GTK+ Runtime 2.12.1 rev a (remove only)
Haali Media Splitter
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hopper (Messenger Plus! plug-in)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB942423)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
IconHandler 32 bit
ieSpell
ImageShack Uploader 2.2.0
Information about your PC
Inkscape 0.46
Inpaint 4.7
Interlok driver setup x32
iPixSoft SWF to Video Converter (1.6.2.0)
iResizer 2.1
J2SE Runtime Environment 5.0 Update 1
Java Auto Updater
Java™ 6 Update 31
Java™ SE Runtime Environment 6 Update 1
Junk Mail filter update
K-Lite Codec Pack 3.4.5 Full
Karen's Directory Printer
KeyStat
KONICA MINOLTA magicolor 2500W
Langauge
LAV Filters 0.55.3
Learn2 Player (Uninstall Only)
LibreOffice 3.3
License Support
Light Artist 1.5
Logitech Vid HD
Logitech Webcam Software
LogMeIn
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
MadVR (remove only)
MagicCamera 8.0.0
MagicScore
Matrox VFW Software Codecs, build 28
MediaMonkey 3.1
MediaShow 3.0
Messenger Plus! 3
Messenger Plus! 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Digital Image Library 9 - Blocker
Microsoft Office 2000 Premium
Microsoft Photo Premium 10
Microsoft Picture It! Library 10
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser
Microtek ScanWizard
mIRC
Miro
Mobipocket Reader 6.2
MonkeyJam 3_050529
Mozilla Firefox 19.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Music Manager
MusicBrainz Picard
Musicmatch® Jukebox
Neat Image v5 Demo (with plug-in)
NeoDownloader 2.8.1 (GiveAwayOfTheDay Version)
Nero Suite
OpenAL
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Opera 12.14
Paragon Migrate OS to SSD™ 2.0 Special Edition
PC Inspector File Recovery
PDF Settings
Photo Stamp Remover 4.2
PhotoNow! 1.0
PhotoStitcher 1.0
Photoupz 1.6
PixScan 2000
Plus! Image
PowerCinema 4.0
PowerDirector
PowerDVD
PowerISO
PowerProducer
Process Lasso
Project64 1.6
QuickTime
RAMpage
RealPlayer
Recover Passwords
Registry Mechanic 5.0
Remove Logo Now! 1.0
Retouch Pilot Free 3.5.3
Revo Uninstaller 1.94
RT2500 USB Wireless LAN Card
Sandboxie 3.64 (32-bit)
SDP Downloader
Second Sight
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Shockwave
shortcircuit
shortcircuit²
SHOUTcast Radio Toolbar
Shutter
Sketch Drawer 1.1
Skins
Skype Click to Call
Skype™ 6.1
Smart Manager
Sony USB Driver
Spartan
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.6
Sqirlz Morph
Stellarium 0.10.6.1
swMSM
t@b ZS4 Video Editor v0.958-686
Taito Legends
Taito Legends 2
Teach Me Piano Deluxe
Teaching-you 31 Languages CD #1
TVersity Codec Pack 1.7
TVersity Media Server 1.0.0.8 RC5
TVersitybar Toolbar
TweetDeck
TwistingPixels
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB20 PC Camera-268
VC 9.0 Runtime
videon
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ Redistributables
W83L518D
WebFldrs XP
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinHTTrack Website Copier 3.41-2
WinISO
WinMorph™ 3.01
WinUAE 1.3.3
WordBiz version 1.8
WordWeb
Works Upgrade
X10 Hardware™
Xiph.Org Open Codecs 0.85.17777
Xvid 1.2.2 final uninstall
XYplorer 11.90
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
You Rock Guitar App
Zentimo PRO 1.4
Zero Assumption Recovery Version 8.3
ZipGenius 6 (6.0.3.1150)
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
ZoneAlarm Spy Blocker
Zoner Photo Studio 14
Zoom Player (remove only)
.
==== Event Viewer Messages From Past Week ========
.
3/7/2013 1:03:08 AM, error: Service Control Manager [7022] - The GFI VIPRE Antivirus Service service hung on starting.
3/6/2013 4:08:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi Fips intelppm Lbd SBRE SCDEmu
3/6/2013 3:40:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SBRE
3/6/2013 3:25:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/6/2013 3:19:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi Fips intelppm Lbd sbaphd SCDEmu
3/6/2013 2:42:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
3/6/2013 2:33:55 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}
3/6/2013 2:33:50 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
3/6/2013 2:33:50 AM, error: Service Control Manager [7003] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the following nonexistent service: winmgmt
3/6/2013 2:33:50 AM, error: Service Control Manager [7003] - The Security Center service depends on the following nonexistent service: winmgmt
3/6/2013 2:33:50 AM, error: Service Control Manager [7003] - The IPv6 Helper Service service depends on the following nonexistent service: winmgmt
3/6/2013 2:13:29 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Windows XP Service Pack 3 (KB936929).
3/5/2013 5:33:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/5/2013 5:27:48 PM, error: sfsync02 [12] -
3/5/2013 3:48:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================


If there is anything you can suggest to get this PC back to where I can install any antivirus software I would appreciate it!

#4 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7522 posts

Posted 08 March 2013 - 02:40 AM

Hi,

You are welcome :)

Ad-Aware 8 was released several years ago, and Ad-Aware 10 was released a year ago.

1. Please, uninstall:
TVersitybar Toolbar, due to http://www.systemloo...tbTVe2_dll.html

J2SE Runtime Environment 5.0 Update 1
Java™ 6 Update 31
Java™ SE Runtime Environment 6 Update 1
Those are old versions of Java with many known vulnerabilities that can be used to infect the computer from a web site.

2. Please, run the special AVG Remover to remove everything of AVG: http://www.avg.com/us-en/utilities
Run the special Avast Uninstall Utility to remove everything of Avast: http://www.avast.com/uninstall-utility

3. Have you configured a proxy server yourself?
uProxyServer = 127.0.0.1:81

4. Removal of Ad-Aware drivers:

Start - All programs - Accessories - Command Prompt

Enter the following commands:
sc stop gfibto
sc delete gfibto
sc delete Lbd
sc delete SBRE
sc delete soqwx32

5. Restart the computer.
Run DDS again and paste DDS.txt into your answer. No need for Attach.txt this time.

#5 DawkinsDog

DawkinsDog

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 09 March 2013 - 03:07 AM

Hi, thanks again for the help.

1. I've uninstalled the TVersity toolbar.

I couldn't see where to update Java.

2. I've run both of the uninstall programs (I'd tried both previously anyway)

3. I'm not sure about the proxy server setting.

4. I've gone into the command prompt and run all of the requested commands, and performed a system restart.

Restarting still shows Ad Watch Live as running and up-to-date though, nothing seems to want to get rid of that setting.

The content of the new DDS file is as follows:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Steve_Bedroom at 1:58:19 on 2013-03-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1128 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
f:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Shutter\Shutter.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FlashFolder\FlashFolder.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Steve_Bedroom\Application Data\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Facebook\Messenger\2.1.4801.0\FacebookMessenger.exe
D:\My Documents\downloads\AlwaysOnTopMaker\AlwaysOnTopMaker.exe
C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve_Bedroom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uProxyServer = 127.0.0.1:81
uProxyOverride = local;*.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\steve_bedroom\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [Dit] Dit.exe
mRun: [Shutter] c:\program files\shutter\Shutter.exe
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x081b -f video -m logitech -d 13.31.1044.0
StartupFolder: c:\docume~1\steve_~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\steve_bedroom\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\steve_~1\startm~1\programs\startup\facebo~1.lnk - c:\documents and settings\steve_bedroom\local settings\application data\facebook\messenger\2.1.4801.0\FacebookMessenger.exe
StartupFolder: c:\docume~1\steve_~1\startm~1\programs\startup\shortc~1.lnk - d:\my documents\downloads\alwaysontopmaker\AlwaysOnTopMaker.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1362534922171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 212.139.132.44 212.139.132.43
TCP: Interfaces\{43AD480C-46B9-4167-9003-BF66714727DD} : DHCPNameServer = 212.139.132.44 212.139.132.43
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
Hosts: 127.0.0.1 www.spywareinfoforum.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\steve_bedroom\application data\mozilla\firefox\profiles\qqihpkoa.steve\
FF - plugin: c:\documents and settings\steve_bedroom\application data\pixelplan\pixelplan o4c viewer web\1.2.7\npPIXELPLANWebViewer.dll
FF - plugin: c:\documents and settings\steve_bedroom\local settings\application data\facebook\messenger\2.1.4801.0\npFbDesktopPlugin.dll
FF - plugin: c:\documents and settings\steve_bedroom\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
FF - ExtSQL: 2013-01-11 03:54; UIEnhancer@girishsharma; c:\documents and settings\steve_bedroom\application data\mozilla\firefox\profiles\qqihpkoa.steve\extensions\UIEnhancer@girishsharma.xpi
FF - ExtSQL: 2049-12-31 15:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\documents and settings\steve_bedroom\application data\mozilla\firefox\profiles\qqihpkoa.steve\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-6-21 526640]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-3-7 465216]
R2 FlashFolder;FlashFolder;c:\program files\flashfolder\FlashFolder.exe [2008-3-21 71680]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-4-30 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-4-30 497280]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-6-17 47640]
R2 PaceLicenseDServices;PACE License Services;c:\program files\common files\pace\services\licenseservices\LDSvc.exe [2012-5-18 2938880]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-8-3 5554552]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2011-6-18 66944]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-8-3 451960]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-2-9 802048]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-1-20 1287296]
R3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2007-7-11 13824]
R3 RD1003;EDIROL UM-2;c:\windows\system32\drivers\RDWM1003.SYS [2005-7-15 60730]
R3 RDID1061;EDIROL UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [2011-10-26 172865]
R3 SbieDrv;SbieDrv;f:\program files\sandboxie\SbieDrv.sys [2012-2-7 133392]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-8-3 10752]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2005-2-9 19928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a9c6503cfc04;Google Update Service (gupdate1c9a9c6503cfc04);c:\program files\google\update\GoogleUpdate.exe [2009-3-21 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 a2acc;a2acc;\??\c:\program files\mamutu\a2accx86.sys --> c:\program files\mamutu\a2accx86.sys [?]
S3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt);c:\windows\system32\drivers\bhrngr_m.sys [2010-6-17 35904]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-2-9 17408]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2011-10-29 163616]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2011-3-30 24056]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-9-7 19056]
S3 USBDFU;USBDFU;c:\windows\system32\drivers\usbdfu.sys --> c:\windows\system32\drivers\usbdfu.sys [?]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys --> c:\windows\system32\drivers\vsc.sys [?]
S3 WISOVD;WISOVD;c:\program files\winiso computing\winiso\bin\driver\WISOVD_xp.sys [2012-3-21 4992]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\games\magix\common\database\bin\fbserver.exe [2007-11-5 1527900]
S4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-6-8 374152]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
S4 ZentimoService;Zentimo Assistant;f:\program files\zentimo\ZentimoService.exe [2011-12-13 259072]
.
=============== File Associations ===============
.
ShellExec: CrazyTalk60.exe: Open=f:\program files\reallusion\crazytalk 6\ct program\CTIEMain.exe "%1"
ShellExec: CT4Skype.exe: open=blank
ShellExec: Premiere.exe: open=blank
.
=============== Created Last 30 ================
.
2013-03-07 04:16:00 -------- d-----w- c:\documents and settings\all users\application data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-03-07 04:15:58 -------- d-----w- c:\documents and settings\all users\application data\IObit
2013-03-07 04:15:56 -------- d-----w- c:\documents and settings\steve_bedroom\application data\IObit
2013-03-07 04:15:50 -------- d-----w- c:\program files\IObit
2013-03-07 03:09:45 -------- d-----w- c:\program files\VS Revo Group
2013-03-07 02:02:59 -------- d-----w- c:\documents and settings\steve_bedroom\application data\LavasoftStatistics
2013-03-07 01:43:54 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations
2013-03-07 01:43:52 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2013-03-07 01:43:47 -------- d-----w- c:\program files\adawaretb.old
2013-03-07 01:43:47 -------- d-----w- c:\documents and settings\steve_bedroom\application data\adawaretb
2013-03-07 01:43:46 -------- d-----w- c:\program files\Toolbar Cleaner
2013-03-07 01:24:36 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-03-07 01:24:35 -------- d-----w- c:\documents and settings\steve_bedroom\application data\Ad-Aware Antivirus
2013-03-07 01:16:10 -------- d-----w- c:\documents and settings\all users\application data\GFI Software
2013-03-07 00:57:15 -------- d-----w- c:\documents and settings\steve_bedroom\local settings\application data\adaware
2013-03-07 00:53:36 -------- d-----w- c:\documents and settings\steve_bedroom\local settings\application data\Downloaded Installations
2013-03-06 02:32:29 -------- d-----w- c:\windows\system32\scripting
2013-03-06 02:32:29 -------- d-----w- c:\windows\system32\en
2013-03-06 02:32:29 -------- d-----w- c:\windows\system32\bits
2013-03-06 02:32:29 -------- d-----w- c:\windows\l2schemas
2013-03-06 02:25:23 -------- d-----w- c:\windows\EHome
2013-03-06 02:19:58 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2013-03-05 03:45:20 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-03-05 02:46:24 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-02-27 04:08:59 478104 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2013-02-27 04:08:58 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2013-02-27 04:08:53 2954136 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2013-02-27 04:08:52 277400 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2013-02-27 04:08:51 917400 ----a-w- c:\program files\mozilla firefox\firefox.exe
2013-02-27 04:08:44 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2013-02-27 04:08:42 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-02-27 04:08:38 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-02-27 04:08:36 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-02-27 04:08:34 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-02-27 04:08:31 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-02-26 14:38:27 -------- d-----w- c:\program files\AC3Filter
2013-02-22 04:47:23 -------- d-----w- c:\program files\Xiph.Org
.
==================== Find3M ====================
.
2014-05-25 03:23:40 11 -c--a-w- c:\windows\system32\tscrip22.dll
2013-03-09 01:49:37 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2013-03-05 16:23:18 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-03-02 02:11:01 3088 -csha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2013-02-14 01:55:25 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-14 01:55:24 71024 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-13 01:20:25 163616 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys
.
============= FINISH: 2:00:00.42 ===============

#6 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7522 posts

Posted 09 March 2013 - 11:59 AM

Hi,

You're welcome :)

1. Most people don't need to have Java installed, but if you do, you fetch the latest Java here: http://www.java.com/getjava/

2. Good, now the drivers of the programs disappeared. You can delete this folder, if you want:
c:\documents and settings\all users\application data\AVAST Software

3. Let us see if you can remove it, since it's suspicious to have it. Please, take a note of the current settings before changing them, then you can enter them again if you can't connect to internet.

Control panel - Internet Options - Connections - LAN settings
Click on Advanced
Remove content in such a way that all fields belonging to the header "Servers" are empty.
Click OK
If anything in the field Address, remove it.
Uncheck "Use a proxy server..."

4. Good, all drivers are gone. Now you need to tell Windows that Ad-Watch has been deleted.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

Start - Run
Enter:
wbemtest

Click OK

When the program has started, do as in these five pictures:
http://img.photobuck...AV_From_WMI.gif

That is:

Connect
root\SecurityCenter
Query
SELECT * FROM AntivirusProduct
Apply

Mark "A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33" which means Ad-Watch.

Delete

Restart the computer after turning off all programs.

5. How is the computer now?

#7 DawkinsDog

DawkinsDog

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 12 March 2013 - 02:43 AM

Sorry for the delay in replying, life got in the way :unsure:

I followed the procedure you outlined above and found Windows Security Center accepted there was no virus scanner installed. This has allowed me to finally install one, so hopefully the PC is now back to its usual self (as in it tries its best to drive me insane, something for which I really don't need a chauffeur, it's not a long journey!)

Thank you so much for the help you've given. I was getting concerned I was either going to have to completely reinstall Windows, which I dread on a system this old, or convince myself to buy a new one, which would probably require selling a spare kidney. You've saved me the misery of either :D

#8 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7522 posts

Posted 12 March 2013 - 02:06 PM

You are welcome :)

No need to apologize :)

Note, that it's possible to use the latest Ad-Aware together with another antivirus program, when it's installed in on-demand scan mode. Ad-Aware can then scan the computer to check if the other antivirus program has missed something. See release notes for 10.5 to know how to install Ad-Aware 10.5 when another antivirus program is installed: http://www.lavasofts...e-105-released/

#9 DawkinsDog

DawkinsDog

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 13 March 2013 - 02:47 AM

I've used Ad-Aware as long as I can remember and always liked it so it's nice to know I can still have it there as a 2nd line of defence, so I've just installed it in on-demand mode. Thanks for letting me know, and thanks again for all of the help you've given.

#10 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7522 posts

Posted 13 March 2013 - 03:28 AM

You are welcome :)

I'm sure Lavasoft appreciates that you have installed Ad-Aware.

#11 moggles

moggles

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 13 June 2013 - 04:34 AM

I'm having the same problem...

I tried to  follow your instructions...but at the command prompt it said

{SC} open service failed (5)

access denied

 

this is my dds file...I want to reinstall ad aware late as second line of defense but right now I have nothing because I can't install anything until I remove ad-watch live

 

I appreciate any help...and sorry about hijacking this post!

 

Attached File  DDS1.txt   21.63KB   1 downloads



#12 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7522 posts

Posted 13 June 2013 - 12:03 PM

Hi moggles,

 

I'll start with pasting your log since that makes it easier for me to check the various entries in it. I'll be back when I have gone through it.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.21.2
Run by TogsRUs at 23:11:00 on 2013-06-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7991.5162 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\oovoo\ooVoo.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Users\TogsRUs\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\splwow64.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uWindow Title = Windows Internet Explorer provided by AOL
uDefault_Page_URL = hxxp://www.aol.com/?ncid=customie9
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mWinlogon: Userinit = userinit.exe,
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TBSB03376 Class: {F71E70A4-1200-4A3F-846C-18B8F0DCD5AD} - C:\Program Files (x86)\Shopping Assistant\tbcore3.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: ShoppingAssistant: {68F3A1D2-BC05-4E0F-AD31-722F1B37E758} - C:\Program Files (x86)\Shopping Assistant\tbcore3.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: ShoppingAssistant: {68F3A1D2-BC05-4E0F-AD31-722F1B37E758} - C:\Program Files (x86)\Shopping Assistant\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Facebook Update] "C:\Users\TogsRUs\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "C:\Users\TogsRUs\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ooVoo.exe] C:\program files (x86)\oovoo\oovoo.exe /minimized
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
uRun: [AdobeBridge] <no file>
uRunOnce: [Uninstall C:\Users\TogsRUs\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\TogsRUs\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
uRunOnce: [Uninstall C:\Users\TogsRUs\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\TogsRUs\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{ABC83470-35C5-4303-B9A0-87A80D1BD418} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: TBSB03376 Class: {F71E70A4-1200-4A3F-846C-18B8F0DCD5AD} - C:\Program Files\Shopping Assistant_64\tbcore3.dll
x64-TB: ShoppingAssistant: {68F3A1D2-BC05-4E0F-AD31-722F1B37E758} - C:\Program Files\Shopping Assistant_64\tbcore3.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-11-13 69376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-12 55856]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-9-25 231752]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-12 1692480]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-4-13 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-13 271872]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-4-13 321064]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
RUnknown SASKUTIL;SASKUTIL; [x]
S0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-12 14456]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/04/12 21:04:09;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-4-13 158976]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-13 02:58:23 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-06-13 02:58:23 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-06-13 02:31:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DDC70334-8B3F-4FC3-B143-A123E4C0D309}\offreg.dll
2013-06-13 02:24:00 -------- d-----w- C:\ProgramData\CA
2013-06-11 22:10:32 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-11 20:05:26 -------- d-----w- C:\Users\TogsRUs\AppData\Local\{EB2941AE-EAC3-4C50-9235-2F53044B0BA4}
2013-06-11 17:03:56 -------- d-----w- C:\Program Files\office.tmp
2013-06-11 17:01:17 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 00:36:35 -------- d-----w- C:\Users\TogsRUs\AppData\Local\{B984A697-A05C-4AAB-956A-D7BAEA17A1EF}
2013-05-29 11:40:46 -------- d-----w- C:\Users\TogsRUs\AppData\Local\{1789FA4A-B68F-46F9-AC43-4F454E43ECF1}
2013-05-28 21:38:01 -------- d-----w- C:\Users\TogsRUs\AppData\Local\{0115839B-40BA-46A9-931E-C16463743B07}
2013-05-22 23:06:53 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2013-05-22 23:06:25 -------- d-----w- C:\Program Files\My Dell
2013-05-15 00:39:16 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 00:39:16 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 00:39:16 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 00:39:00 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 00:38:59 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 00:38:59 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 00:38:59 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 00:38:49 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 00:38:49 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 00:38:48 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2013-06-12 01:34:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 01:34:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-03-29 20:51:03 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-29 20:51:03 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 23:11:34.60 ===============



#13 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7522 posts

Posted 13 June 2013 - 12:21 PM

Hi again,

 

1. Please, uninstall ShoppingAssistant, see http://www.systemloo...&search=tbcore3 where a lot of suspicious toolbars use the same file name as the ShoppingAssistant in your computer, and Java™ 6 Update 23 och 32, which is an old versions of Java with many known vulnerabilities that can be used to infect the computer from a web site.

 

2. There are drivers from both Ad-Aware 9 and 10 in the computer.

Removal of them:

 

Start - All programs - Accessories - Command Prompt

Enter the following commands:

sc delete gfibto
sc stop Lbd

sc delete Lbd

 

3. Restart the computer.
Run DDS again and paste DDS.txt into your answer.


  • moggles likes this

#14 moggles

moggles

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 14 June 2013 - 03:15 AM

I uninstalled shopping assistant

 

when I enter commands at command prompt...

I get [sc] openservice failed 5 

access denied

 

I am admin...so I should have access?


Edited by moggles, 14 June 2013 - 03:27 AM.


#15 Pierre67

Pierre67

    Valued Member and Beta Tester

  • Valued Member
  • PipPipPip
  • 1302 posts

Posted 14 June 2013 - 06:53 AM

To run as administrator:

 

Start - All programs - Accessories - right click on Command Prompt and select 'Run as administrator' then retry the commands as posted by CeciliaB. 

 


  • CeciliaB and moggles like this
regards, Peter.

I do NOT use Lavasoft Ad-Aware and do NOT work for Lavasoft. I just monitor the Forum from time to time.

IF IT AIN'T BROKE - DON'T FIX IT!!!

#16 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7522 posts

Posted 14 June 2013 - 12:03 PM

Sorry, that I forgot the "right-click" :(


  • Pierre67 and moggles like this

#17 moggles

moggles

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 14 June 2013 - 10:25 PM

Thanks so much!

That worked... :D


  • Pierre67 likes this

#18 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7522 posts

Posted 14 June 2013 - 11:59 PM

You are welcome :) and I'm glad it worked.







Also tagged with one or more of these keywords: uninstall, live, watch, security, center

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users