We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help laptop Vista file permission & virus PLEASE!
calmspirit
Posts: 2,962 Forumite
in Techie Stuff
Hi
Thanks for reading!
Please can anyone point me in the right direction?
Laptop is Compaq presario 71135SA running vista home basic. In a moment of madness my son downloaded something which has (presumably) given us a virus of some sort.
I have in the past solved any such problems using AVG/Spybot/Superantispyware etc run in safe mode and I have Kaspersky internet security 2010 on CD which I have also been trying to install.......all of these seem to install but then either disappear or cannot be opened/started with error message 'path or file cannot be found or you dont have correct permissions to access....'
I can also not download some windows updates.
Windows installer is 'stopped' on the list of services and when started it just stops again.......cannot seem to download windows installer either it says not compatible with my system!
I have tried running each program as administrator and also tried changing the permissions through properties/security to no avail.
I cant even run the antivirus stuff in safe mode......help please!
sorry for waffling - hope this makes sense to somebody?!
Thanks for reading!
Please can anyone point me in the right direction?
Laptop is Compaq presario 71135SA running vista home basic. In a moment of madness my son downloaded something which has (presumably) given us a virus of some sort.
I have in the past solved any such problems using AVG/Spybot/Superantispyware etc run in safe mode and I have Kaspersky internet security 2010 on CD which I have also been trying to install.......all of these seem to install but then either disappear or cannot be opened/started with error message 'path or file cannot be found or you dont have correct permissions to access....'
I can also not download some windows updates.
Windows installer is 'stopped' on the list of services and when started it just stops again.......cannot seem to download windows installer either it says not compatible with my system!
I have tried running each program as administrator and also tried changing the permissions through properties/security to no avail.
I cant even run the antivirus stuff in safe mode......help please!
sorry for waffling - hope this makes sense to somebody?!
YNWA JFT96 :A
0
Comments
-
download combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
as its vista no need to worry about the Recovery console bit for XP
you may need to rename combofix.exe to something else by Righ Clicking on the file and renaming to cleanmypc.exe or something
post the log file when its doneEx forum ambassador
Long term forum member0 -
Hi
thank you for taking time for me...log below.....i hope!
It found rootkit? in mt very limited knowledge this does not look good!
ComboFix 09-10-23.01 - Chris 24/10/2009 16:18.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3002.1966 [GMT 1:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2888066058-3356708808-3619285060-500
c:\$recycle.bin\S-1-5-21-3568603088-3932699868-2357333914-500
c:\program files\IEToolbar
c:\program files\IEToolbar\Bullseye Tool Bar\basis.xml
c:\program files\IEToolbar\Bullseye Tool Bar\date2.html
c:\program files\IEToolbar\Bullseye Tool Bar\icons.bmp
c:\program files\IEToolbar\Bullseye Tool Bar\info.txt
c:\program files\IEToolbar\Bullseye Tool Bar\lw.crc
c:\program files\IEToolbar\Bullseye Tool Bar\lwpopper.html
c:\program files\IEToolbar\Bullseye Tool Bar\popper3.html
c:\program files\IEToolbar\Bullseye Tool Bar\popup1.html
c:\program files\IEToolbar\Bullseye Tool Bar\popup2.html
c:\program files\IEToolbar\Bullseye Tool Bar\version.txt
c:\program files\IEToolbar\Bullseye Tool Bar\your_logo.png
c:\program files\runit
c:\program files\runit\config.txt
Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.
2009-10-24 15:25 . 2009-10-24 15:28
d
w- c:\users\Chris\AppData\Local\temp
2009-10-24 15:25 . 2009-10-24 15:25
d
w- c:\users\Default\AppData\Local\temp
2009-10-23 19:22 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-23 19:22 . 2009-10-23 19:22
d
w- c:\program files\Panda Security
2009-10-23 19:16 . 2009-10-23 19:16
d
w- c:\users\Chris\AppData\Roaming\Malwarebytes
2009-10-23 19:16 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 19:16 . 2009-10-23 19:16
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 19:16 . 2009-10-23 19:16
d
w- c:\programdata\Malwarebytes
2009-10-23 19:16 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 17:43 . 2009-10-23 17:51
d
w- c:\program files\Spybot - Search & Destroy
2009-10-23 17:43 . 2009-10-23 17:49
d
w- c:\programdata\Spybot - Search & Destroy
2009-10-23 17:41 . 2009-10-23 17:47 117760 ----a-w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-23 17:39 . 2009-10-24 15:23
d
w- c:\program files\SUPERAntiSpyware
2009-10-23 17:22 . 2009-10-23 17:22
d
w- c:\program files\Kaspersky Lab
2009-10-23 14:23 . 2009-10-23 14:46
d
w- C:\$AVG
2009-10-23 14:22 . 2009-10-23 17:10
d
w- c:\programdata\avg9
2009-10-23 14:07 . 2009-10-23 14:07
d
w- c:\programdata\F-Secure
2009-10-23 13:52 . 2009-10-23 13:52
d
w- c:\programdata\Comodo
2009-10-18 11:11 . 2009-10-18 11:11
d
w- c:\users\Chris\AppData\Roaming\Blitware
2009-10-18 11:09 . 2009-02-23 11:08 394240 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-10-18 11:09 . 2009-02-23 11:08 835072 ----a-w- c:\windows\system32\stapo.dll
2009-10-18 11:09 . 2009-02-23 11:08 430592 ----a-w- c:\windows\system32\stapi32.dll
2009-10-18 11:09 . 2009-02-23 11:08 404992 ----a-w- c:\windows\system32\stcplx.dll
2009-10-18 11:09 . 2009-10-18 11:12
d
w- c:\program files\IDT
2009-10-18 10:45 . 2009-10-18 10:45
d
w- c:\program files\Microsoft Silverlight
2009-10-18 10:41 . 2009-10-18 10:41 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-18 10:41 . 2009-07-15 10:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-18 10:41 . 2009-07-15 10:48 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-10-18 10:41 . 2009-10-18 10:41 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-18 10:41 . 2009-10-18 10:41
d
w- c:\users\Chris\AppData\Roaming\TuneUp Software
2009-10-18 10:40 . 2009-10-18 10:40
d
w- c:\program files\TuneUp Utilities 2009
2009-10-18 10:40 . 2009-10-18 10:40
d
w- c:\programdata\TuneUp Software
2009-10-18 10:39 . 2009-10-18 10:39
d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-10-17 15:58 . 2009-10-10 17:25
d
w- c:\program files\Numark Cue(22)
2009-10-15 19:16 . 2009-10-15 19:17
d
w- c:\program files\ASIO4ALL v2
2009-10-15 16:32 . 2009-10-15 16:32
dc-h--w- c:\programdata\{2ED18044-7049-4E7A-A58D-4017348FCDB7}
2009-10-15 16:32 . 2009-10-15 16:32
d
w- c:\programdata\Native Instruments
2009-10-15 16:31 . 2009-10-15 16:31
dc-h--w- c:\programdata\{902029B2-957E-4066-85FA-30DA31731718}
2009-10-15 16:31 . 2009-10-15 16:32
d
w- c:\program files\Native Instruments
2009-10-15 16:31 . 2009-10-15 16:31
d
w- c:\program files\Common Files\Native Instruments
2009-10-14 17:05 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0(183).dll
2009-10-14 17:05 . 2009-08-27 12:40 834048 ----a-w- c:\windows\system32\wininet(194).dll
2009-10-14 17:04 . 2009-08-27 12:40 1176064 ----a-w- c:\windows\system32\urlmon(190).dll
2009-10-14 17:04 . 2009-08-27 12:39 6079488 ----a-w- c:\windows\system32\ieframe(166).dll
2009-10-14 17:04 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1(178).dll
2009-10-11 10:25 . 2009-10-23 21:53
d
w- c:\programdata\Kaspersky Lab Setup Files
2009-10-10 20:34 . 2009-10-24 15:27
d
w- c:\windows\system32\wbem\repository
2009-10-10 18:16 . 2009-10-18 11:24
d
w- c:\program files\VirtualDJ
2009-10-10 17:50 . 2009-10-10 17:50
d
w- c:\program files\Emission UK
2009-10-10 17:41 . 2009-10-10 17:41
d
w- c:\program files\Serato
2009-10-10 16:38 . 2009-10-10 16:40
d
w- c:\users\Chris\AppData\Roaming\LimeWire
2009-10-10 16:38 . 2009-10-10 16:38
d
w- c:\program files\360Share Pro
2009-10-08 16:49 . 2009-10-08 16:49
d
w- c:\program files\Common Files\Napster Shared(1)
2009-10-03 12:35 . 2009-10-01 09:29 195440
w- c:\windows\system32\MpSigStub.exe
2009-10-03 12:32 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 12:32 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 12:32 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 12:32 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 12:31 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 12:31 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 12:31 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 12:31 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 12:31 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-09-28 15:14 . 2009-10-10 20:27
d
w- c:\program files\Numark Cue
2009-09-27 20:47 . 2009-09-27 20:49
d
w- c:\users\Chris\AppData\Roaming\Roxio
2009-09-27 20:41 . 2009-10-10 20:27
d
w- c:\program files\Common Files\Roxio Shared
2009-09-27 20:41 . 2009-10-10 20:27
d
w- c:\program files\Common Files\PX Storage Engine
2009-09-27 20:41 . 2009-10-10 20:27
d
w- c:\program files\Common Files\Napster Shared
2009-09-27 20:40 . 2009-09-27 20:47
d
w- c:\programdata\Napster
2009-09-27 20:40 . 2009-10-19 17:20
d
w- c:\program files\Napster
2009-09-27 20:40 . 2009-09-27 20:40
d
w- c:\users\Chris\AppData\Roaming\InstallShield
2009-09-26 16:02 . 2009-09-26 16:02
d
w- c:\users\Chris\AppData\Roaming\EasyView
2009-09-26 15:53 . 2009-09-26 17:17
d
w- C:\SL2006
2009-09-25 17:37 . 2009-09-25 17:37
d
w- c:\programdata\Office Genuine Advantage
2009-09-25 16:41 . 2009-09-25 16:41
d
w- c:\users\Chris\AppData\Local\Microsoft Help
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 15:28 . 2009-07-25 09:43 6080 ----a-w- c:\users\Chris\AppData\Local\d3d9caps.dat
2009-10-24 15:26 . 2009-04-07 11:36 4742 ----a-w- c:\windows\bthservsdp.dat
2009-10-24 10:59 . 2009-09-17 16:33 0 ----a-r- c:\windows\win32k.sys
2009-10-23 17:38 . 2009-09-18 07:31
d
w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 17:32 . 2009-05-24 14:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-10-19 16:19 . 2009-07-22 11:19
d
w- c:\program files\Vuze
2009-10-19 16:19 . 2009-07-22 11:20
d
w- c:\users\Chris\AppData\Roaming\Azureus
2009-10-18 10:51 . 2009-02-24 15:18
d
w- c:\programdata\Microsoft Help
2009-09-29 18:34 . 2009-07-22 09:29 76032 ----a-w- c:\users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-27 20:40 . 2009-02-24 14:23
d
w- c:\program files\Common Files\InstallShield
2009-09-27 20:40 . 2009-02-24 14:23
d--h--w- c:\program files\InstallShield Installation Information
2009-09-24 21:28 . 2009-02-24 14:50
d
w- c:\programdata\WildTangent
2009-09-24 21:28 . 2009-02-24 14:50
d
w- c:\program files\HP Games
2009-09-24 21:27 . 2009-07-30 20:27
d
w- c:\program files\Pro-53
2009-09-24 21:24 . 2009-07-23 15:43
d
w- c:\program files\Common Files\DVDVideoSoft
2009-09-18 15:07 . 2009-08-31 09:59
d
w- c:\programdata\McAfee(28)
2009-09-18 08:55 . 2009-09-13 19:05
d
w- c:\program files\FreeStyler
2009-09-18 07:33 . 2009-09-18 07:33
d
w- c:\programdata\SUPERAntiSpyware.com
2009-09-18 07:32 . 2009-09-18 07:32
d
w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2009-09-10 16:13 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2009-09-03 12:13 . 2009-09-03 12:13
d
w- c:\programdata\LightScribe
2009-09-01 12:41 . 2009-09-01 12:41
d
w- c:\program files\Microsoft
2009-08-31 09:57 . 2009-02-24 14:25
d
w- c:\programdata\Norton
2009-08-29 00:27 . 2009-09-02 21:04 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 21:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 18:23 . 2009-08-17 18:23 292878 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut6_504C9DBC7EE645B2A9CF47F39BEDA88E.exe
2009-08-17 18:23 . 2009-08-17 18:23 292878 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut2_C8CBC5632A224D2D83650A01AF12D5F6.exe
2009-08-17 18:23 . 2009-08-17 18:23 292878 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut1_F627668DCED74C3B92937B05B370A211.exe
2009-08-17 18:23 . 2009-08-17 18:23 292878 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\ARPPRODUCTICON.exe
2009-08-14 16:27 . 2009-09-09 19:50 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 19:49 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 19:50 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 19:50 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 19:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 19:50 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 19:50 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 19:50 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 19:50 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 19:50 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 19:50 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-02-24 15:44 . 2009-02-24 15:37 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NapsterShell"="c:\program files\Napster\napster.exe" [2009-09-30 323280]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-02-23 483420]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi7"=KORGUMDD.DRV
"midi4"=KORGUMDD.DRV
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):aa,ac,5f,d8,4a,22,ca,01
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [23/10/2009 20:22 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_b9d13b43\AEstSrv.exe [18/10/2009 12:09 81920]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [22/07/2009 12:19 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [22/07/2009 12:19 234888]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\System32\drivers\dlportio.sys [13/09/2009 20:05 3584]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [24/02/2009 16:36 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [23/10/2009 18:43 1153368]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [18/10/2009 11:41 604488]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [24/02/2009 15:38 222512]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [22/09/2008 06:49 112128]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\System32\drivers\KORGUMDS.SYS [29/03/2007 01:11 21984]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\System32\drivers\tascusb2.sys [12/09/2009 11:54 392864]
S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\System32\drivers\tscusb2m.sys [23/07/2009 14:04 18944]
S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\System32\drivers\tscusb2a.sys [12/09/2009 11:54 18112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-10-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 09:30]
.
.
Supplementary Scan
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6fmh46xk.default\
FF - prefs.js: browser.startup.homepage - https://www.google.co.uk
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-MCODS
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(380)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
Other Running Processes
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_b9d13b43\STacSV.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\combofix\CF23104.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-24 16:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-24 15:33
Pre-Run: 55,718,363,136 bytes free
Post-Run: 56,033,107,968 bytes free
- - End Of File - - B5D08C76CFA988003E7FFE6FE87E3FCAYNWA JFT96 :A0 -
edit: can anyone help please?YNWA JFT96 :A0
-
anyone? please?YNWA JFT96 :A0
-
Download MALWAREBYTES (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_malwarebytes_anti_malware/
UPDATE and FULL SCAN
Post the log here AFTER youve deleted everything it finds
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click DO A SCAN AND SAVE A LOGFILE (Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log):idea:0 -
Malwarebytes' Anti-Malware 1.41
Database version: 3029
Windows 6.0.6002 Service Pack 2
25/10/2009 10:40:34
mbam-log-2009-10-25 (10-40-34).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 278461
Time elapsed: 1 hour(s), 5 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\Windows\System32\cngaudit.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Users\Chris\Documents\Chris\Live\Plugins\Moog Modular V 2\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Windows\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.YNWA JFT96 :A0 -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:19, on 25/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_b9d13b43\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_b9d13b43\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
--
End of file - 10088 bytesYNWA JFT96 :A0 -
UNINSTALL ~
ASK TOOLBAR (Also known as 'ASKBARDIS')
Then TICK these in HIJACK to FIX them ~
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
Open TUNEUP UTILITIES and switch it off from 'auto registry cleanup'
Use the AVG removal tool
http://www.kaspersky.com/support/downloads/products2009/avg8.zip
Use the Norton removal tool
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
Attempt to install kaspersky:idea:0 -
How's it doing now ??
I'd get rid of the Ask toolbar personally, should be able to remove from control panel - programs & features
(slap) didn't refresh again
, sorry RIK 
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
thank you so much
i fell at the first hurdle though! how do i uninstall ask toolbar? its not on the uninstall list on control panel?YNWA JFT96 :A0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.3K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.4K Spending & Discounts
- 245.4K Work, Benefits & Business
- 601.1K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards