Jump to content


Photo

Cpvfeed :'(


  • Please log in to reply
2 replies to this topic

#1 Tom Gerritsen1

Tom Gerritsen1

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 15 April 2007 - 09:08 AM

I can not get the stupid popups to go. Firefox and MSIE are infected. I first thought google toolbar was the thing infected, but without that it still goes. I tried to look through the registry and did to search for new DLLS. I got some, but still there are the popups. Even for another user profile.
;)






ComboScan v20070306.20 run by Tom Gerritsen on 2007-04-15 at 09:13:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Performed disk cleanup.


-- HijackThis (run as Tom Gerritsen.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 09:16:22, on 15/04/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Users\Zilka Gerritsen\AppData\Local\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\COMMON~1\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Zilka Gerritsen\AppData\Local\Skype\Plugin Manager\SkypePM.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Zilka Gerritsen\AppData\Local\Skype\Phone\Skype.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Tom Gerritsen\Desktop\comboscan.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\HIJACK~1\Tom Gerritsen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8113F7CD-64BE-41F3-9AEE-01FB1C46F76E} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Users\Zilka Gerritsen\AppData\Local\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: wvusttr - C:\Windows\SYSTEM32\wvusttr.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "%SystemRoot%\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\winhlp32.exe %1
.inf - inffile - %SystemRoot%\system32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\system32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - "%SystemRoot%\System32\WScript.exe" "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1R aswRdr - C:\Windows\System32\drivers\aswRdr.sys
1R AvgClean (AVG7 Clean Driver) - C:\Windows\System32\drivers\avgclean.sys
1R AvgMfx86 (AVG Minifilter x86 Resident Driver) - C:\Windows\System32\drivers\avgmfx86.sys
3R bcm4sbxp (Broadcom 440x 10/100 Integrated Controller XP Driver) - C:\Windows\System32\drivers\bcm4sbxp.sys
3R BthEnum (Bluetooth Request Block Driver) - C:\Windows\System32\drivers\bthenum.sys
3R BthPan (Bluetooth Device (Personal Area Network)) - C:\Windows\System32\drivers\bthpan.sys
3S BTHPORT (Bluetooth Port Driver) - C:\Windows\System32\drivers\bthport.sys
3R BTHUSB (Bluetooth Radio USB Driver) - C:\Windows\System32\drivers\BTHUSB.SYS
3R GEARAspiWDM - C:\Windows\System32\drivers\GEARAspiWDM.sys
3S HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) - C:\Windows\System32\drivers\HdAudio.sys
3R HSFHWAZL - C:\Windows\System32\drivers\VSTAZL3.SYS
3R HSF_DPV - C:\Windows\System32\drivers\VSTDPV3.SYS
1S IKFileFlt (File Filter Driver) - C:\Windows\System32\drivers\ikfileflt.sys
3S IKFileSec (File Security Driver) - C:\Windows\System32\drivers\ikfilesec.sys
1S IkSysFlt (System Filter Driver) - C:\Windows\System32\drivers\iksysflt.sys
3S IKSysSec (System Security Driver) - C:\Windows\System32\drivers\iksyssec.sys
3S LVcKap (Logitech AEC Driver) - C:\Windows\System32\drivers\Lvckap.sys
3R LVMVDrv (Logitech Machine Vision Engine Loader) - C:\Windows\System32\drivers\LVMVdrv.sys
3R LVUSBSta (Logitech USB Monitor Filter) - C:\Windows\System32\drivers\LVUSBSta.sys
3R LVUVC (QuickCam for Dell Notebooks(UVC)) - C:\Windows\System32\drivers\lvuvc.sys
3R NETw3v32 (Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit) - C:\Windows\System32\drivers\NETw3v32.sys
3R nvlddmkm - C:\Windows\System32\drivers\nvlddmkm.sys
3R RFCOMM (Bluetooth Device (RFCOMM Protocol TDI)) - C:\Windows\System32\drivers\rfcomm.sys
3R rimmptsk - C:\Windows\System32\drivers\rimmptsk.sys
3R rimsptsk - C:\Windows\System32\drivers\rimsptsk.sys
2R rismxdp (Ricoh xD-Picture Card Driver) - C:\Windows\System32\drivers\rixdptsk.sys
3R sdbus - C:\Windows\System32\drivers\sdbus.sys
3R STHDA (SigmaTel High Definition Audio CODEC) - C:\Windows\System32\drivers\stwrt.sys
3R SynTP (Synaptics TouchPad Driver) - C:\Windows\System32\drivers\SynTP.sys
3R usbaudio (USB Audio Driver (WDM)) - C:\Windows\System32\drivers\USBAUDIO.sys
3S USBSTOR (USB Mass Storage Driver) - C:\Windows\System32\drivers\USBSTOR.SYS
3S vaxscsi - C:\Windows\System32\drivers\vaxscsi.sys
3R winachsf - C:\Windows\System32\drivers\VSTCNXT3.SYS
3S WpdUsb - C:\Windows\System32\drivers\WpdUsb.sys
3S WUDFRd - C:\Windows\System32\drivers\WUDFRd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2R Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
2R Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
2R AvgCoreSvc (AVG7 Resident Shield Service) - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
2R BthServ (Bluetooth Support Service) - C:\Windows\system32\svchost.exe -k bthsvcs
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
3S NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
3S odserv (Microsoft Office Diagnostics Service) - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R sdAuxService (Spyware Doctor Auxiliary Service) - C:\Program Files\Spyware Doctor\svcntaux.exe
2R sdCoreService (Spyware Doctor Service) - C:\Program Files\Spyware Doctor\swdsvc.exe
3S ServiceLayer - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
2R STacSV (SigmaTel Audio Service) - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
2R StarWindService (StarWind iSCSI Service) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
3R usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe"


-- Files created between 2007-03-15 and 2007-04-15 -----------------------------



-- Find3M Report ---------------------------------------------------------------

2007-04-15 09:16:19 13401 --a------ C:\Users\Tom Gerritsen\AppData\Roaming\nvModes.001
2007-04-15 09:02:21 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Skype
2007-04-15 09:00:08 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\AVG7
2007-04-14 11:17:48 0 d-------- C:\Program Files\NoAdware5.0<NOADWA~1.0>
2007-04-13 22:50:57 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-13 22:47:06 0 d-------- C:\Program Files\InterActual<INTERA~1>
2007-04-13 22:46:29 0 d-------- C:\Program Files\Winamp
2007-04-13 22:43:38 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Lavasoft
2007-04-13 22:42:34 0 d-------- C:\Program Files\Lavasoft
2007-04-13 22:42:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-04-13 17:16:43 2484 --a------ C:\Windows\bthservsdp.dat<BTHSER~1.DAT>
2007-04-13 07:07:45 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-04-13 06:46:52 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\PC Tools<PCTOOL~1>
2007-04-12 07:32:01 0 d-------- C:\Program Files\Windows Defender<WINDOW~3>
2007-04-12 07:04:58 13401 --a------ C:\Users\Tom Gerritsen\AppData\Roaming\nvModes.dat
2007-04-11 22:07:08 376320 --a------ C:\Windows\system32\winsrv.dll
2007-04-11 22:07:08 49664 --a------ C:\Windows\system32\csrsrv.dll
2007-04-11 22:05:58 0 d-------- C:\Program Files\Windows Mail<WINDOW~1>
2007-04-11 19:11:03 9216 --a------ C:\Windows\system32\avgwlntf.dll
2007-04-11 19:10:56 0 d-------- C:\Program Files\Grisoft
2007-04-11 18:33:00 0 d-------- C:\Program Files\Microsoft Games<MICROS~1>
2007-04-11 18:32:57 105434 --a------ C:\Windows\VTTC.exe
2007-04-11 18:32:53 8464 --a------ C:\Windows\system32\sporder.dll
2007-04-11 18:32:43 26694 --a------ C:\Windows\system32\wvusttr.dll
2007-04-09 18:04:23 184320 --a------ C:\Windows\win3206416337511.exe<WIN320~1.EXE>
2007-04-06 21:49:43 53248 --a------ C:\Windows\111uninst.exe<111UNI~1.EXE>
2007-04-05 07:40:02 111763 --a------ C:\Windows\LogRover - Web Interface Uninstaller.exe<LOGROV~2.EXE>
2007-04-05 07:39:47 110030 --a------ C:\Windows\LogRover Uninstaller.exe<LOGROV~1.EXE>
2007-04-04 06:24:39 2026496 --a------ C:\Windows\system32\win32k.sys
2007-04-04 06:24:39 633856 --a------ C:\Windows\system32\user32.dll
2007-04-03 06:56:26 0 d-------- C:\Program Files\DivX
2007-04-01 16:45:17 952 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2007-04-01 07:54:30 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Winamp
2007-03-31 16:53:26 0 d---s---- C:\Users\Tom Gerritsen\AppData\Roaming\Microsoft<MICROS~1>
2007-03-31 16:35:19 0 d-------- C:\Program Files\Alcohol Soft<ALCOHO~1>
2007-03-27 08:55:57 524288 --a------ C:\Windows\system32\DivXsm.exe
2007-03-27 08:55:48 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-03-27 08:55:31 118520 -----n--- C:\Windows\system32\pxinsi64.exe
2007-03-27 08:55:31 116472 -----n--- C:\Windows\system32\pxcpyi64.exe
2007-03-27 08:55:31 129784 --a------ C:\Windows\system32\pxafs.dll
2007-03-27 08:55:23 200704 --a------ C:\Windows\system32\ssldivx.dll
2007-03-27 08:55:23 1044480 --a------ C:\Windows\system32\libdivx.dll
2007-03-27 08:49:07 196608 --a------ C:\Windows\system32\dtu100.dll
2007-03-27 08:49:07 73728 --a------ C:\Windows\system32\dpl100.dll
2007-03-27 08:49:05 53248 --a------ C:\Windows\system32\dpuGUI10.dll
2007-03-27 08:49:03 593920 --a------ C:\Windows\system32\dpuGUI11.dll
2007-03-27 08:49:02 57344 --a------ C:\Windows\system32\dpv11.dll
2007-03-27 08:49:02 344064 --a------ C:\Windows\system32\dpus11.dll
2007-03-27 08:49:02 294912 --a------ C:\Windows\system32\dpu11.dll
2007-03-27 08:49:02 294912 --a------ C:\Windows\system32\dpu10.dll
2007-03-27 08:48:59 823296 --a------ C:\Windows\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-03-27 08:48:58 802816 --a------ C:\Windows\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-03-27 08:48:58 823296 --a------ C:\Windows\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-03-27 08:48:58 639066 --a------ C:\Windows\system32\DivX.dll
2007-03-26 23:07:09 0 d-------- C:\Program Files\Common Files\Corel
2007-03-26 23:07:06 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Corel
2007-03-26 23:06:07 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-26 23:06:04 0 d-------- C:\Program Files\Corel
2007-03-26 19:47:59 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-03-26 18:34:05 0 d-------- C:\Program Files\SigmaTel
2007-03-26 18:08:05 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Dell
2007-03-26 18:08:00 0 d-------- C:\Program Files\Dell
2007-03-26 17:47:38 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\dvdcss
2007-03-26 17:08:10 0 d-------- C:\Program Files\iTunes
2007-03-26 17:08:07 0 d-------- C:\Program Files\iPod
2007-03-26 17:07:18 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-26 17:05:19 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-03-26 16:53:49 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Apple Computer<APPLEC~1>
2007-03-26 16:46:17 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-25 13:44:18 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\Adobe
2007-03-25 13:43:38 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-25 10:22:37 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-25 10:21:09 414208 --a------ C:\Windows\system32\msscp.dll
2007-03-25 10:20:49 4153344 --a------ C:\Windows\system32\GameUXLegacyGDFs.dll
2007-03-25 10:20:49 1686016 --a------ C:\Windows\system32\gameux.dll
2007-03-25 10:13:35 0 d-------- C:\Program Files\Real
2007-03-24 20:05:48 0 d-------- C:\Program Files\BitLocker<BITLOC~1>
2007-03-24 19:54:00 1171848 --a------ C:\Windows\system32\SecureKeyBackupCPL.dll
2007-03-24 19:53:49 229888 --a------ C:\Windows\system32\msshsq.dll
2007-03-15 15:46:35 57344 --a------ C:\Windows\uni_eh10.exe
2007-03-10 17:27:59 104448 --a------ C:\Windows\system32\DWWIN.EXE
2007-03-10 17:27:31 383488 --a------ C:\Windows\system32\ieapfltr.dll
2007-03-10 17:27:11 974336 --a------ C:\Windows\system32\crypt32.dll
2007-03-05 13:34:28 676224 --a------ C:\Windows\system32\OGACheckControl.DLL<OGACHE~1.DLL>
2007-03-02 03:43:00 1411072 --a------ C:\Windows\system32\nvwgf2um.dll
2007-03-02 03:43:00 36352 --a------ C:\Windows\system32\nvcodins.dll
2007-03-02 03:43:00 36352 --a------ C:\Windows\system32\nvcod.dll
2007-03-02 03:43:00 521128 --a------ C:\Windows\system32\dpinst.exe
2007-02-18 22:12:01 0 d-------- C:\Users\Tom Gerritsen\AppData\Roaming\vlc
2007-02-18 22:11:21 0 d-------- C:\Program Files\VideoLAN
2007-02-16 02:40:35 124472 --a------ C:\Windows\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-01-19 12:53:04 51056 --a------ C:\Windows\system32\sirenacm.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"Skype"="\"C:\\Users\\Zilka Gerritsen\\AppData\\Local\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\
6e,64,6f,77,73,20,44,65,66,65,6e,64,65,72,5c,4d,53,41,53,43,75,69,2e,65,78,\
65,20,2d,68,69,64,65,00
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SigmatelSysTrayApp"="sttray.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SDTray"="C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C4C362EA-C1AE-4399-B47C-33061562BD88}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=dword:00000002
"DontDisplayLogonHoursWarnings"=dword:00000001

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvusttr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ nsilltdsvcSSDPSRVupnphostSCardSvrw32timeEventSystemRemoteRegistryWinHttpAutoProxySvclanmanworkstationTBSSLUINotifyTHREADORDERfdrespubnetprofmfdphostwcncsvcQWAVEMcx2SvcWebClient\
LocalSystemNetworkRestricted REG_MULTI_SZ hidservUxSmsWdiSystemHostNetmantrkwksAudioEndpointBuilderWUDFSvcirmonsysmainIPBusEnumdot3svcPcaSvcCscServicewlansvcUmRdpServiceEMDMgmtWPDBusEnumTabletInputService\
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\
LocalServiceNoNetwork REG_MULTI_SZ PLADPSBFEmpssvcehstart\
NetworkService REG_MULTI_SZ CryptSvcDHCPTermServiceKtmRmDNSCacheNapAgentnlasvcWinRMWECSVCTapisrv\
termsvcs REG_MULTI_SZ TermService\
WerSvcGroup REG_MULTI_SZ wersvc\
swprv REG_MULTI_SZ swprv\
LocalServiceNetworkRestricted REG_MULTI_SZ DHCPeventlogAudioSrvLmHostswscsvcp2pimsvcPNRPSvcp2psvcWPCSvcPnrpAutoReg\
rpcss REG_MULTI_SZ RpcSs\
regsvc REG_MULTI_SZ RemoteRegistry\
wcssvc REG_MULTI_SZ WcsPlugInService\
DcomLaunch REG_MULTI_SZ PlugPlayDcomLaunch\
wdisvc REG_MULTI_SZ WdiServiceHost\
sdrsvc REG_MULTI_SZ sdrsvc\
imgsvc REG_MULTI_SZ StiSvc\
secsvcs REG_MULTI_SZ WinDefend\
bthsvcs REG_MULTI_SZ BthServ\

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv
hkmsvc



-- End of ComboScan: finished at 2007-04-15 at 09:17:16 ------------------------

ComboScan v20070306.20 run by Tom Gerritsen on 2007-04-15 at 09:13:31
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2400 @ 1.83GHz
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 1533.57 MiB / 369.3 MiB
Pagefile Memory (total/avail): 3299.45 MiB / 1170.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1949.13 MiB

C: is Fixed (NTFS) - 24.41 GiB total, 5.63 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 26.69 GiB total, 9.31 GiB free.
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.446 v7.5.446 (GRISOFT)
AV: avast! antivirus 4.7.892 [VPS 0659-1] v4.7.892 (ALWIL Software)
AS: Spyware Doctor v5.0.0.179 (PC Tools)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Tom Gerritsen\AppData\Roaming
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VISTABAK
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Tom Gerritsen
LOCALAPPDATA=C:\Users\Tom Gerritsen\AppData\Local
LOGONSERVER=\\VISTABAK
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\TOMGER~1\AppData\Local\Temp
TMP=C:\Users\TOMGER~1\AppData\Local\Temp
USERDOMAIN=VistaBak
USERNAME=Tom Gerritsen
USERPROFILE=C:\Users\Tom Gerritsen
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Tom Gerritsen
Zilka Gerritsen


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
3ivx D4 4.5.1 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
InterVideo WinDVD 7 --> "C:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
Logitech QuickCam --> MsiExec.exe /X{BFD0113A-BD9F-489D-96CE-AA0382C006A7}
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Medieval Total War --> C:\Windows\IsUninst.exe -f"C:\Program Files\Total War\Medieval - Total War\Uninst.isu"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office OneNote 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ONENOTER /dll OSETUP.DLL
Microsoft Office OneNote 2007 --> MsiExec.exe /X{91120000-00A1-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
Mozilla Firefox (2.0.0.3) --> C:\progra~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672) --> MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PC Connectivity Solution --> MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB932080) --> msiexec /package {91120000-00A1-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Outlook 2007 Junk Email Filter (KB932338) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E90DA454-DE6C-45FA-A702-47B614A0159F}
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- End of ComboScan: finished at 2007-04-15 at 09:17:16 ------------------------

Attached Files


Edited by Tom Gerritsen1, 15 April 2007 - 09:12 AM.


#2 Tom Gerritsen1

Tom Gerritsen1

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 15 April 2007 - 09:32 AM

I am running Vista btw. The more secure OS. ;)

#3 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 12 May 2007 - 04:13 PM

Hi Tom,

Hi ,

Apologies for the late reply, we've been quite swamped in here as you can probably see.

Are you still needing help?

I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.

I do see what looks like Vundo or a variant of it on that log, however, that HijackThis version isn't Vista compatible. Please uninstall that one via Add/Remove programs in the Control Panel, if listed. Delete the current HijackThis.exe and get a fresh copy of v. 2 from Trend-Micro here:
http://www.download....4-10379544.html

If you still need help, please post a fresh HijackThis log so I can see where you are at this point

Also, update your Ad-Aware SE program and do a scan with it. Let me know if it finds anything.
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users