0

MY FRIENDS, iM TRYING TO DO AS ASKED. BUT MY COMP IS A BOOKERS ORIGINAL. OKAY I CLEANED MY HARD DRIVES DID THE MALWARE TRICK. BUT I GOT PROGRAMS IN ADD AND REMOVE THAT CANT BE REMOVED. I WAS ABLE TO START MY COMP WITH OUT USING THE ABORT BAT ARE SETTING MY CALANDER AHEAD A MONTH THEN BACK AGAIN WHILE THE 1 MINUTE COUNT DOWN IS COUNTING DOWN ONLY ONCE AFTER USING MALWARE AND NOW i THINK MY COMP FIGURED OUT THAT THERES TWO VERIFIED XP PARTITIONS ON ONE HARD DRIVE. THERE IS NO RHYMNE OR REASON TO ANY FILE R WHERE ITS PLACED ALOT OF UNZIPPED AND NOTHING REZIPPED ARE FILED WITH NAME AND PLACEMENT FILING WISE AND NOW IN BOOT UP IM TOLD NO PARTIATION

AND AS U CAN SEE I TYPE WITHOUT LOOKING AT MONITER I LOOK AT KEYBOARD HENCE Y I HAVE SO MANY FILES CALLED NEWFILE AND IM TERRIFIED OF LOSING WHAT I HAVE WITH HIJACK THIS CAUSE I HIJACK MY OTHER HARD DRIVE AND ITS COMPLETELY A LOCK OUT ANY WAYS DONT KNOW WHAT IM ASKING BUT SAYING THANKS FOR AT LEAST NOT TOSSING ME RIGHT OUT ON MY PARTITION

4
Contributors
24
Replies
25
Views
8 Years
Discussion Span
Last Post by gerbil
0

even looking at other post that you should have posted this answer to,i still can figure out what you mean totally and also i hate reading all caps~ turn off cap lock key

0

even looking at other post that you should have posted this answer to,i still can figure out what you mean totally and also i hate reading all caps~ turn off cap lock key

sad castic jack wow it goes like this. I build and maintain the machines that lets you be hateful towards my caps. i myself can find alot more things to be hateful too like who to vote for in 08. but to be honest hating is a waste of time and effort the only one who knows that something is hated is the one who wasting the time to hate. my opion of course but for the rest of you out theresorry but i dont read very wll so my typing none the better so if you all can bear with me im sure we can get rid of me in a few short helpfull hints are points of direction and in return ill make sure the power plants that send electricity to ur comp will still run mainly because they pay me very good to do so

0

ok.

post the hijackthis log ,maybe i can decipher it ,what programs are in the add and remove that you cant remove !

0

sad castic jack wow it goes like this. I build and maintain the machines that lets you be hateful towards my caps. i myself can find alot more things to be hateful too like who to vote for in 08. but to be honest hating is a waste of time and effort the only one who knows that something is hated is the one who wasting the time to hate. my opion of course but for the rest of you out theresorry but i dont read very wll so my typing none the better so if you all can bear with me im sure we can get rid of me in a few short helpfull hints are points of direction and in return ill make sure the power plants that send electricity to ur comp will still run mainly because they pay me very good to do so

With a reply like that to someone who only wants to help you free of charge, I would not even bother trying to help you at all, even if I understood what you were asking and what was wrong. That is assuming that I could assist you and I was not too busy reading your c#*# and I was inclined to help you and I am not nor will I ever be while you treat others as you do.
If you want help from the good people here, be nice, ask your question and supply as much information as you can about your PC and the situation. Every one here is only here to help or get help, and not to be abused or as it is accepted "YELLED AT" when you use capitals.
I trust that you will come back with some helpful information and a better atitude!!!

0

ok.

post the hijackthis log ,maybe i can decipher it ,what programs are in the add and remove that you cant remove !

windows workflow foundation, windows presentation foundation, windows comunication foundation, web folders xp, urge (12/02/06), stickman(08/03/07),smartftp client2.0 (2/13/07),security update for capicom(kb931906)(08/11/07,rhapsody player engine, platform, norton security scan, mvision, msxml 4.0 sp2 (kb8927978) and 35 more things i cant remove.
Im sorry, i get so frustrated trying to type correctly. Even tho i know im not, and to put the words from one window to the other. So i can give u the list of files in the add or remove.

I keep running malware and virus keep popping up but ill go ahead and run hijack this.

its amazing those tests. We took as kids, i got junior senior colloge level in all the tests. 4th grade in grammar and reading and do u think they stopped and ? it Well i tell u my friend. Just read how i type. If they ever found out at the nuke plants i just look at the pictures It would blow them away any how
For every good man theres a better man and i know im a good man so the better man must be you for helping me thank you booker

0

Randal.. these are the instructions for the hijackthis scan that we prefer to commence with:
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

0

thank you ill try still trying to get to the hi jack part of life running eset scan it found 7 so far
i was also wondering if i have my xp cd and code and the hard drives they were installed on is there any way to just reload xp even tho i used up my xp setups and just reload the drives and prove its the same original setup but i wouldnt know how to do that thank you any ways even tho im exhausted trying to fix this i do appreciate learning and also knowing that there is good people like yourselves who take pride and enjoyment on helping another again thank u

0

Logfile of HijackThis v1.99.1
Scan saved at 4:32:10 AM, on 8/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Verizon Wireless\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\booker.HOME-5214237687\Desktop\ddddaannniiwwweeebb\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: QuickLink Mobile.lnk = C:\Program Files\Verizon Wireless\QuickLink Mobile\QuickLink Mobile.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://cnet.custhelp.com
O15 - Trusted Zone: *.download.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79344.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: repairs303169590.dll C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe

0

Mmm... nothing malicious in that lot; if you fix these entries it will clean up a few loose ends and a couple of questionable ones...
Start hijackthis, press Open the Misc Tools Section, press Delete an NT Service, paste or type in...
Boonty Games -and press OK.
Now press the Back button, and press Scan. Place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemp...ogin-devel.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Delete this file:
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Programs you cannot uninstall - sometimes if you reinstall a program over the top of itself it recreates the uninstaller correctly, and you can then go ahead and uninstall properly. And you can always brute-force uninstall stuff by just deleting all the components you can find and then perhaps running a registry cleaner.
There is a simple and free registry cleaner in CCleaner, which is anyway a very good temp file cleaner.
The "verifying dmi pool data NO ACTIVE PARTITION" error msg... I am not sure how you got past that one. Do you have two XP partitions on the same drive? Anyway, only the system partition [the one with the boot files] needs to be marked Active.

0

my friend i thank you, i will do as you suggest. your assumption about a double loaded drive is correct. hell i even got a nother drive that is a double loaded xp highjack this i ran on back in xmas completely lock out of that drive but thats a different booker story anyways i guess thats it for me here i wish i was a better typer and reader cause this site is cool and im sure you people love to help.
Oh by the way be aware that the unaware are unaware of being unaware thank u gerb il hell i already miss you and i dont even know you

0

Oh by the way beware that the unaware are unaware of being unaware !

that's it ,thank you ,Im all better now !!lol

just kidding ,good luck with you computer

0

You know, Randal, you can just delete the xp installations that you are not using/do not use. Delete the C:/Windows folder entirely, keep any documents etc until you sort through them, and clean up your boot.ini file to remove any mention of it. Go Start, run, paste in:
control sysdm.cpl,,3
-press Startup n Recovery Settings, press Edit. Modify [carefully!!] and save.
Of course, repartitioning, formatting and reinstalling is up to you. Best of luck.

0

One more thing... I missed some adware. Because of the way it loads it is tricky to remove manually, so use this tool:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

A CCleaner guide...
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
Run CCleaner in any other Accounts.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
[Note that CCleaner is also a free registry cleaner. Explore all its options, but skip the prefetch folder cleaning option. That one is unnecessary because windows automatically dumps old unused entries anyway, they can do no harm, and further, if there is no prefetch entry for an app you wish to load then your sys will just be a lil bit slower loading it. And an entry will then be generated anyway.]

Apologies...

0

well my friend gerbil, i hope its ok to call you friend, for i feel any one who is willing to help another without a monitery gain. Could only be a friend to all around them, so few in the world know the richness of the satisfaction of being able to teach and help another. You may not be able to deposit my thank you in a bank but into your heart and soul i'm sure it will goe. THANK YOU! for your help

0

gerbil i apologie not doing what u suggested i was stuck working 16 hour dats the last 7 days but here it is im really tired and baffled but i'm always booker with a thank u for ur help
HERES COMBO FIX REPORT

0

ComboFix 08-09-05.05 - booker 2008-09-07 0:45:44.1 - NTFSx86

Running from: C:\Documents and Settings\booker.HOME-5214237687\Desktop\ddddaannniiwwweeebb\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\iolo\Common\Lib\sguard.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\booker.HOME-5214237687\ResErrors.log
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\tdgdrs33.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_DHLP
-------\Legacy_IPRIP
-------\Service_6to4
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-10-06 18:51 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WERe9e6.dir00
2008-10-06 18:48 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WER6ac8.dir00
2008-09-23 07:09 . 2008-08-23 00:45 <DIR> d-------- C:\temp\QuickCam_11.80.1065
2008-09-23 03:06 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WERf0b7.dir00
2008-09-23 01:06 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WER8778.dir00
2008-09-07 00:55 . 2008-09-07 00:55 53,248 --a------ C:\temp\catchme.dll
2008-09-07 00:54 . 2008-09-07 00:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-07 00:54 . 2008-09-07 00:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-07 00:53 . 2008-09-07 00:53 <DIR> d-------- C:\temp\WPDNSE
2008-09-07 00:51 . 2008-09-07 00:51 16,384 --a----t- C:\temp\Perflib_Perfdata_32c.dat
2008-09-06 19:45 . 2008-09-07 00:54 <DIR> d-------- C:\temp\{C90C518C-0720-4961-B9B5-B579B33311AB}
2008-09-06 15:18 . 2008-09-07 00:52 <DIR> d-------- C:\temp\nsb6.tmp
2008-09-06 15:07 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WER5e41.dir00
2008-09-06 14:55 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WERad76.dir00
2008-09-05 08:38 . 2008-09-05 08:38 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-09-05 08:38 . 2008-09-05 08:38 <DIR> d-------- C:\temp\Picasa3
2008-09-05 08:38 . 2008-09-07 00:52 <DIR> d-------- C:\temp\nsu7D.tmp
2008-09-04 20:44 . 2008-09-04 20:44 <DIR> d-------- C:\temp\Google Gadget Cache
2008-08-30 22:19 . 2008-08-30 22:41 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-30 15:44 . 2008-09-04 21:06 <DIR> d-------- C:\temp\wzf3e4
2008-08-30 15:42 . 2008-09-04 21:06 <DIR> d-------- C:\temp\wz0a83
2008-08-30 07:57 . 2008-08-30 07:57 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 07:57 . 2008-08-30 07:57 <DIR> d-------- C:\Documents and Settings\booker.HOME-5214237687\Application Data\Malwarebytes
2008-08-30 07:57 . 2008-08-30 07:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-30 07:57 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-30 07:57 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-23 01:24 . 2008-08-23 01:24 <DIR> d-------- C:\temp\{ECAB36B7-1453-4DA2-8308-CCA67D1DA735}
2008-08-23 01:24 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{8F5E9A50-4A68-43F2-86D4-A696B7E2A532}
2008-08-23 01:20 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{D9C5206A-F48C-443C-84FE-F673674A4322}
2008-08-23 01:20 . 2008-08-23 01:20 <DIR> d-------- C:\temp\{A3516346-06FD-4EB7-93D1-803542A697C1}
2008-08-23 00:47 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{A90AA336-24E8-4F06-9977-29ED693FC233}
2008-08-23 00:35 . 2008-09-23 03:03 <DIR> d-------- C:\temp\~nsu.tmp
2008-08-23 00:08 . 2008-08-23 00:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ascentive
2008-08-23 00:05 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{6E58355A-6911-4A35-8A3B-808AB3A22FA7}
2008-08-23 00:05 . 2008-08-23 00:05 <DIR> d-------- C:\temp\{3EC28456-29D6-40AB-B438-41CF3CCAD4CF}
2008-08-23 00:05 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{2A89E315-2DEC-42E4-934C-C94533E628E1}
2008-08-23 00:05 . 2007-07-03 11:48 20,480 --a------ C:\WINDOWS\system32\SysRestore.dll
2008-08-23 00:03 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{CCDC7478-97CC-4933-92F4-B836890DEFCB}
2008-08-23 00:01 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{2FAFDCAB-0E6C-4547-BB5E-96367B673B4C}
2008-08-22 23:59 . 2008-09-06 19:46 <DIR> d-------- C:\Program Files\Ascentive
2008-08-22 23:59 . 2007-08-10 12:56 303,104 --a------ C:\WINDOWS\system32\ciplListBar.ocx
2008-08-22 23:59 . 2007-08-10 12:56 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-08-22 23:59 . 2008-04-29 13:14 208,896 --a------ C:\WINDOWS\system32\ConTest.dll
2008-08-22 23:59 . 2007-08-10 12:56 155,648 --a------ C:\WINDOWS\system32\ciplImageList.ocx
2008-08-22 23:58 . 2008-08-22 23:59 <DIR> d-------- C:\temp\{C36080B7-84C3-4839-8B16-973DBC1CA2D7}
2008-08-22 23:58 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{408419FF-C461-4DCE-814D-8CD1C398DE23}
2008-08-22 22:41 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WERf713.dir00
2008-08-22 16:45 . 2008-08-22 16:48 <DIR> d-------- C:\temp\plugtmp-6
2008-08-21 01:02 . 2008-08-21 01:03 <DIR> d-------- C:\temp\iss33.tmp
2008-08-21 01:00 . 2008-08-21 01:00 <DIR> d-------- C:\temp\iss17.tmp
2008-08-20 21:53 . 2008-08-21 16:20 <DIR> d-------- C:\temp\WER2ba3.dir00
2008-08-20 19:38 . 2008-08-21 16:20 <DIR> d-------- C:\temp\WER2a7a.dir00
2008-08-20 04:31 . 2008-08-20 04:31 53,365 --a------ C:\WINDOWS\system32\COMPROHESIVE
2008-08-19 20:22 . 2008-08-22 21:07 <DIR> d-------- C:\temp\plugtmp-5
2008-08-19 17:12 . 2008-08-19 17:12 <DIR> d-------- C:\Program Files\Solitaire.Com
2008-08-19 13:59 . 2008-08-19 22:13 <DIR> d-------- C:\temp\WERe465.dir00
2008-08-19 05:22 . 2008-08-21 09:38 <DIR> d-------- C:\Program Files\Steam
2008-08-18 21:41 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERb528.dir00
2008-08-18 21:34 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERf5a3.dir00
2008-08-18 21:33 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERdc43.dir00
2008-08-18 21:17 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER8a9e.dir00
2008-08-18 20:43 . 2008-08-18 20:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-17 15:10 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER43b3.dir00
2008-08-17 15:05 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERadbd.dir00
2008-08-14 03:06 . 2008-09-07 00:52 <DIR> d--h----- C:\temp\Temporary Directory 3 for OpticalMouse-MicroInnovations-.zip
2008-08-14 03:05 . 2008-09-07 00:52 <DIR> d--h----- C:\temp\Temporary Directory 2 for OpticalMouse-MicroInnovations-.zip
2008-08-14 01:02 . 2008-08-21 16:55 <DIR> d-------- C:\WINDOWS\Logs
2008-08-12 20:30 . 2008-08-19 12:47 <DIR> d-------- C:\temp\plugtmp-4
2008-08-12 18:29 . 2008-08-12 18:29 <DIR> d-------- C:\temp\MCA6D.tmp
2008-08-12 18:29 . 2002-03-13 08:50 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2008-08-12 18:28 . 2008-09-04 21:06 <DIR> d-------- C:\temp\vsoaol8026.tmp
2008-08-12 17:18 . 2008-08-12 17:19 <DIR> d-------- C:\temp\CDM
2008-08-12 11:19 . 2008-08-31 08:48 <DIR> d-------- C:\Program Files\PowerArchiver
2008-08-12 11:19 . 2008-08-12 11:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ConeXware
2008-08-12 09:49 . 2008-09-07 00:52 <DIR> d--h----- C:\temp\Temporary Directory 1 for OpticalMouse-MicroInnovations-.zip
2008-08-12 09:49 . 2008-08-12 09:49 <DIR> d-------- C:\Program Files\Browser Mouse
2008-08-12 09:49 . 2000-05-09 22:29 6,205 --a------ C:\WINDOWS\system32\LWBHMVXD.VXD
2008-08-12 05:27 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER6d96.dir00
2008-08-12 05:23 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERfd71.dir00
2008-08-12 05:22 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER3812.dir00
2008-08-10 17:18 . 2008-08-19 12:47 <DIR> d-------- C:\temp\pftA.tmp
2008-08-10 16:31 . 2008-08-19 12:46 <DIR> d-------- C:\temp\pft13.tmp
2008-08-10 03:29 . 2008-08-10 03:29 6,656 --ahs---- C:\Thumbs.db
2008-08-09 03:23 . 2008-08-09 03:24 <DIR> d-------- C:\temp\plugtmp-3
2008-08-07 20:12 . 2008-09-07 00:56 <DIR> d-------- C:\Documents and Settings\booker.HOME-5214237687\Application Data\OpenOffice.org2
2008-08-07 20:10 . 2008-08-07 20:10 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 02:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-06 22:18 --------- d-----w C:\Program Files\Google
2008-08-31 15:35 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-08-31 01:11 --------- d-----w C:\Program Files\NovaLogic
2008-08-30 15:56 --------- d-----w C:\Program Files\PremierOpinion
2008-08-21 18:49 --------- d-----w C:\Program Files\GPL 2004 DEMO
2008-08-21 18:39 --------- d-----w C:\Program Files\SpaceHaste
2008-08-21 12:04 --------- d-----w C:\Program Files\Common Files\Logitech
2008-08-21 08:03 --------- d-----w C:\Program Files\Logitech
2008-08-21 08:01 --------- d-----w C:\Program Files\DivX
2008-08-21 08:00 --------- d-----w C:\Program Files\Creative
2008-08-21 07:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech
2008-08-21 07:54 --------- d-----w C:\Program Files\GedSmart
2008-08-20 00:12 --------- d-----w C:\Documents and Settings\booker.HOME-5214237687\Application Data\Solitaire.Com
2008-08-19 12:56 --------- d-----w C:\Program Files\Java
2008-08-13 01:29 --------- d-----w C:\Program Files\McAfee.com
2008-08-12 22:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-08-12 18:46 --------- d-----w C:\Program Files\WinAce
2008-08-11 00:20 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-08-07 18:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-07-23 03:28 --------- d-----w C:\Documents and Settings\booker.HOME-5214237687\Application Data\ErrorSmart
2008-07-22 23:06 --------- d-----w C:\Program Files\NOS
2008-07-22 23:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
2008-07-22 05:54 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-22 05:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-20 20:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MumboJumbo
2008-07-14 11:04 --------- d-----w C:\Program Files\EZ Emoticons
2008-05-01 09:54 784 ----a-w C:\Documents and Settings\booker.HOME-5214237687\Application Data\mpauth.dat
1998-10-24 07:00 700 -csha-w C:\WINDOWS\dv11mxv_0$1_783482.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 557056]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe" [2008-02-01 173312]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-04 29744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2008-05-02 C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-02 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" [2008-04-14 C:\WINDOWS\system32\narrator.exe]
"DefaultP17MIDI"="MIDIDEF.EXE" [2002-12-02 C:\WINDOWS\MIDIDEF.EXE]
"DefaultP17"="P17Def.Exe" [2005-05-02 C:\WINDOWS\P17DEF.EXE]

C:\Documents and Settings\booker.HOME-5214237687\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
QuickLink Mobile.lnk - C:\Program Files\Verizon Wireless\QuickLink Mobile\QuickLink Mobile.exe [2006-06-27 917504]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 fasttrak;fasttrak;C:\WINDOWS\system32\DRIVERS\fasttrak.sys [2002-04-23 73856]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 KFilter;KFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys [2008-01-31 53329]
R3 TFilter;TFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\TFilter.sys [2008-01-31 20225]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-04 29744]
S3 lgatbus;LG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\lgatbus.sys [2002-10-15 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;C:\WINDOWS\system32\DRIVERS\lgatmdm.sys [2002-10-15 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\lgatserd.sys [2002-10-15 60816]
S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\MailScan.sys [2008-02-01 20464]
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-03-04 7936]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys [2007-05-01 132232]
S3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys [2007-05-01 28416]
S4 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2007-08-10 69120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
SharedTaskScheduler-{588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
SharedTaskScheduler-{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\booker.HOME-5214237687\Application Data\Mozilla\Firefox\Profiles\k0zmzvbx.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin9.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin9.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
.
------- File Associations (Beta) -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 00:55:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\TEMP\sv9l5.tmp
C:\TEMP\sv9l5.tmp

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-09-07 1:09:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 08:09:37

Pre-Run: 38,670,258,176 bytes free
Post-Run: 38,901,612,544 bytes free

292 --- E O F --- 2008-09-07 07:58:14

0

==Please go to this web page http://virusscan.jotti.org/, click browse and submit this file for examination:
C:\WINDOWS\dv11mxv_0$1_783482.drv
Post the report in your next reply.
Okay, now disconnect from the web and turn off your Antivirus and Firewall while this next part runs.
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to a folder or your desktop.

Killall::

Rootkit::
2008-08-31 15:35 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs

Folder::
2008-10-06 18:51 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WERe9e6.dir00
2008-10-06 18:48 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WER6ac8.dir00
2008-09-23 03:06 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WERf0b7.dir00
2008-09-23 01:06 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WER8778.dir00
2008-09-06 19:45 . 2008-09-07 00:54 <DIR> d-------- C:\temp\{C90C518C-0720-4961-B9B5-B579B33311AB}
2008-09-06 15:18 . 2008-09-07 00:52 <DIR> d-------- C:\temp\nsb6.tmp
2008-09-06 15:07 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WER5e41.dir00
2008-09-06 14:55 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WERad76.dir00
2008-09-05 08:38 . 2008-09-07 00:52 <DIR> d-------- C:\temp\nsu7D.tmp
2008-08-30 15:44 . 2008-09-04 21:06 <DIR> d-------- C:\temp\wzf3e4
2008-08-30 15:42 . 2008-09-04 21:06 <DIR> d-------- C:\temp\wz0a83
2008-08-23 01:24 . 2008-08-23 01:24 <DIR> d-------- C:\temp\{ECAB36B7-1453-4DA2-8308-CCA67D1DA735}
2008-08-23 01:24 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{8F5E9A50-4A68-43F2-86D4-A696B7E2A532}
2008-08-23 01:20 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{D9C5206A-F48C-443C-84FE-F673674A4322}
2008-08-23 01:20 . 2008-08-23 01:20 <DIR> d-------- C:\temp\{A3516346-06FD-4EB7-93D1-803542A697C1}
2008-08-23 00:47 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{A90AA336-24E8-4F06-9977-29ED693FC233}
2008-08-23 00:35 . 2008-09-23 03:03 <DIR> d-------- C:\temp\~nsu.tmp
2008-08-23 00:05 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{6E58355A-6911-4A35-8A3B-808AB3A22FA7}
2008-08-23 00:05 . 2008-08-23 00:05 <DIR> d-------- C:\temp\{3EC28456-29D6-40AB-B438-41CF3CCAD4CF}
2008-08-23 00:05 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{2A89E315-2DEC-42E4-934C-C94533E628E1}
2008-08-23 00:03 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{CCDC7478-97CC-4933-92F4-B836890DEFCB}
2008-08-23 00:01 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{2FAFDCAB-0E6C-4547-BB5E-96367B673B4C}
2008-08-22 23:58 . 2008-08-22 23:59 <DIR> d-------- C:\temp\{C36080B7-84C3-4839-8B16-973DBC1CA2D7}
2008-08-22 23:58 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{408419FF-C461-4DCE-814D-8CD1C398DE23}
2008-08-22 22:41 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WERf713.dir00
2008-08-22 16:45 . 2008-08-22 16:48 <DIR> d-------- C:\temp\plugtmp-6
2008-08-21 01:02 . 2008-08-21 01:03 <DIR> d-------- C:\temp\iss33.tmp
2008-08-21 01:00 . 2008-08-21 01:00 <DIR> d-------- C:\temp\iss17.tmp
2008-08-20 21:53 . 2008-08-21 16:20 <DIR> d-------- C:\temp\WER2ba3.dir00
2008-08-20 19:38 . 2008-08-21 16:20 <DIR> d-------- C:\temp\WER2a7a.dir00
2008-08-19 20:22 . 2008-08-22 21:07 <DIR> d-------- C:\temp\plugtmp-5
2008-08-19 17:12 . 2008-08-19 17:12 <DIR> d-------- C:\Program Files\Solitaire.Com
2008-08-19 13:59 . 2008-08-19 22:13 <DIR> d-------- C:\temp\WERe465.dir00
2008-08-18 21:41 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERb528.dir00
2008-08-18 21:34 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERf5a3.dir00
2008-08-18 21:33 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERdc43.dir00
2008-08-18 21:17 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER8a9e.dir00
2008-08-17 15:10 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER43b3.dir00
2008-08-17 15:05 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERadbd.dir00
2008-08-12 20:30 . 2008-08-19 12:47 <DIR> d-------- C:\temp\plugtmp-4
2008-08-12 18:29 . 2008-08-12 18:29 <DIR> d-------- C:\temp\MCA6D.tmp
2008-08-12 18:28 . 2008-09-04 21:06 <DIR> d-------- C:\temp\vsoaol8026.tmp
2008-08-12 17:18 . 2008-08-12 17:19 <DIR> d-------- C:\temp\CDM
2008-08-12 05:27 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER6d96.dir00
2008-08-12 05:23 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERfd71.dir00
2008-08-12 05:22 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER3812.dir00
2008-08-10 17:18 . 2008-08-19 12:47 <DIR> d-------- C:\temp\pftA.tmp
2008-08-10 16:31 . 2008-08-19 12:46 <DIR> d-------- C:\temp\pft13.tmp

Driver::
1998-10-24 07:00 700 -csha-w C:\WINDOWS\dv11mxv_0$1_783482.drv

Good. Now drag CFScript.txt onto Combofix [drag the icon if on your desktop, or the filename if in a folder]. Combofix will start, let it run, if your firewall prompts then allow all; post the log.
==Run CCleaner in all accounts.
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/activescan/index/
-First Register [otherwise there will be no disinfection, merely detection] with a valid email address for the free online virus scan and follow through.
Unlike Kaspersky this scan does not require Java.
Please ATTACH to your post the log it produces.
==Post a fresh hijackthis scan log also.

0

Randal, I modified the code to run with Combofix; if you have not already done this step please use the following script instead of that in the post above [it includes a couple of files I missed].
And I would like to see the results of a PandaActiveScan. I am interested in those NewFiles you mention.

Killall::

File::
2008-08-31 15:35 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
C:\TEMP\sv9l5.tmp
C:\TEMP\sv9l5.tmp
1998-10-24 07:00 700 -csha-w C:\WINDOWS\dv11mxv_0$1_783482.drv

Folder::
2008-10-06 18:51 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WERe9e6.dir00
2008-10-06 18:48 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WER6ac8.dir00
2008-09-23 03:06 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WERf0b7.dir00
2008-09-23 01:06 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WER8778.dir00
2008-09-06 19:45 . 2008-09-07 00:54 <DIR> d-------- C:\temp\{C90C518C-0720-4961-B9B5-B579B33311AB}
2008-09-06 15:18 . 2008-09-07 00:52 <DIR> d-------- C:\temp\nsb6.tmp
2008-09-06 15:07 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WER5e41.dir00
2008-09-06 14:55 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WERad76.dir00
2008-09-05 08:38 . 2008-09-07 00:52 <DIR> d-------- C:\temp\nsu7D.tmp
2008-08-30 15:44 . 2008-09-04 21:06 <DIR> d-------- C:\temp\wzf3e4
2008-08-30 15:42 . 2008-09-04 21:06 <DIR> d-------- C:\temp\wz0a83
2008-08-23 01:24 . 2008-08-23 01:24 <DIR> d-------- C:\temp\{ECAB36B7-1453-4DA2-8308-CCA67D1DA735}
2008-08-23 01:24 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{8F5E9A50-4A68-43F2-86D4-A696B7E2A532}
2008-08-23 01:20 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{D9C5206A-F48C-443C-84FE-F673674A4322}
2008-08-23 01:20 . 2008-08-23 01:20 <DIR> d-------- C:\temp\{A3516346-06FD-4EB7-93D1-803542A697C1}
2008-08-23 00:47 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{A90AA336-24E8-4F06-9977-29ED693FC233}
2008-08-23 00:35 . 2008-09-23 03:03 <DIR> d-------- C:\temp\~nsu.tmp
2008-08-23 00:05 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{6E58355A-6911-4A35-8A3B-808AB3A22FA7}
2008-08-23 00:05 . 2008-08-23 00:05 <DIR> d-------- C:\temp\{3EC28456-29D6-40AB-B438-41CF3CCAD4CF}
2008-08-23 00:05 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{2A89E315-2DEC-42E4-934C-C94533E628E1}
2008-08-23 00:03 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{CCDC7478-97CC-4933-92F4-B836890DEFCB}
2008-08-23 00:01 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{2FAFDCAB-0E6C-4547-BB5E-96367B673B4C}
2008-08-22 23:58 . 2008-08-22 23:59 <DIR> d-------- C:\temp\{C36080B7-84C3-4839-8B16-973DBC1CA2D7}
2008-08-22 23:58 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{408419FF-C461-4DCE-814D-8CD1C398DE23}
2008-08-22 22:41 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WERf713.dir00
2008-08-22 16:45 . 2008-08-22 16:48 <DIR> d-------- C:\temp\plugtmp-6
2008-08-21 01:02 . 2008-08-21 01:03 <DIR> d-------- C:\temp\iss33.tmp
2008-08-21 01:00 . 2008-08-21 01:00 <DIR> d-------- C:\temp\iss17.tmp
2008-08-20 21:53 . 2008-08-21 16:20 <DIR> d-------- C:\temp\WER2ba3.dir00
2008-08-20 19:38 . 2008-08-21 16:20 <DIR> d-------- C:\temp\WER2a7a.dir00
2008-08-19 20:22 . 2008-08-22 21:07 <DIR> d-------- C:\temp\plugtmp-5
2008-08-19 17:12 . 2008-08-19 17:12 <DIR> d-------- C:\Program Files\Solitaire.Com
2008-08-19 13:59 . 2008-08-19 22:13 <DIR> d-------- C:\temp\WERe465.dir00
2008-08-18 21:41 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERb528.dir00
2008-08-18 21:34 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERf5a3.dir00
2008-08-18 21:33 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERdc43.dir00
2008-08-18 21:17 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER8a9e.dir00
2008-08-17 15:10 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER43b3.dir00
2008-08-17 15:05 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERadbd.dir00
2008-08-12 20:30 . 2008-08-19 12:47 <DIR> d-------- C:\temp\plugtmp-4
2008-08-12 18:29 . 2008-08-12 18:29 <DIR> d-------- C:\temp\MCA6D.tmp
2008-08-12 18:28 . 2008-09-04 21:06 <DIR> d-------- C:\temp\vsoaol8026.tmp
2008-08-12 17:18 . 2008-08-12 17:19 <DIR> d-------- C:\temp\CDM
2008-08-12 05:27 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER6d96.dir00
2008-08-12 05:23 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERfd71.dir00
2008-08-12 05:22 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER3812.dir00
2008-08-10 17:18 . 2008-08-19 12:47 <DIR> d-------- C:\temp\pftA.tmp
2008-08-10 16:31 . 2008-08-19 12:46 <DIR> d-------- C:\temp\pft13.tmp
0

Randal, normally I would have simply deleted your whole C:\temp folder with its contents but it would appear that you have used it as a download folder, plus as a store for some of your own files. This directory should be reserved for system use, then its contents can be systematically deleted from time to time. May I suggest that you create Downloads and Scratch Pad folders?
Anyway, the prospect of deleting all those file idents made me hopeful that Combofix would ignore them... it doesn't so I have had to reissue the block of text for saving as CFScript.txt. Use this lot:

Killall::

File::
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\TEMP\sv9l5.tmp
C:\TEMP\sv9l5.tmp
C:\WINDOWS\dv11mxv_0$1_783482.drv

Folder::
C:\temp\WERe9e6.dir00
C:\temp\WER6ac8.dir00
C:\temp\WERf0b7.dir00
C:\temp\WER8778.dir00
C:\temp\{C90C518C-0720-4961-B9B5-B579B33311AB}
C:\temp\nsb6.tmp
C:\temp\WER5e41.dir00
C:\temp\WERad76.dir00
C:\temp\nsu7D.tmp
C:\temp\wzf3e4
C:\temp\wz0a83
C:\temp\{ECAB36B7-1453-4DA2-8308-CCA67D1DA735}
C:\temp\{8F5E9A50-4A68-43F2-86D4-A696B7E2A532}
C:\temp\{D9C5206A-F48C-443C-84FE-F673674A4322}
C:\temp\{A3516346-06FD-4EB7-93D1-803542A697C1}
C:\temp\{A90AA336-24E8-4F06-9977-29ED693FC233}
C:\temp\~nsu.tmp
C:\temp\{6E58355A-6911-4A35-8A3B-808AB3A22FA7}
C:\temp\{3EC28456-29D6-40AB-B438-41CF3CCAD4CF}
C:\temp\{2A89E315-2DEC-42E4-934C-C94533E628E1}
C:\temp\{CCDC7478-97CC-4933-92F4-B836890DEFCB}
C:\temp\{2FAFDCAB-0E6C-4547-BB5E-96367B673B4C}
C:\temp\{C36080B7-84C3-4839-8B16-973DBC1CA2D7}
C:\temp\{408419FF-C461-4DCE-814D-8CD1C398DE23}
C:\temp\WERf713.dir00
C:\temp\plugtmp-6
C:\temp\iss33.tmp
C:\temp\iss17.tmp
C:\temp\WER2ba3.dir00
C:\temp\WER2a7a.dir00
C:\temp\plugtmp-5
C:\Program Files\Solitaire.Com
C:\temp\WERe465.dir00
C:\temp\WERb528.dir00
C:\temp\WERf5a3.dir00
C:\temp\WERdc43.dir00
C:\temp\WER8a9e.dir00
C:\temp\WER43b3.dir00
C:\temp\WERadbd.dir00
C:\temp\plugtmp-4
C:\temp\MCA6D.tmp
C:\temp\vsoaol8026.tmp
C:\temp\CDM
C:\temp\WER6d96.dir00
C:\temp\WERfd71.dir00
C:\temp\WER3812.dir00
C:\temp\pftA.tmp
C:\temp\pft13.tmp

And run that PandaActiveScan!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.