-
Windows Installer does not show up in services. That is what i meant in the previous post when i was saying that it was missing.
Here is what u asked for.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\FaithLives\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\FaithLives\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\FaithLives\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\FaithLives\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFXV0ktWFpMVjItTllGTjMtUURQTUgtNFdGVFMtSg&inst=NzYtOTM1MjA4MzM5LVhPMzYrMS1UQjkrMi1OMUQrMS1QTCs5LUREVCs0MTY2NS1JOTArMS1ERDkwKzEtU1Q5MEFQUCsxLVZPUDkrMS1TVDEyT0krMS1FVUxBKzEtU1QxMkFQUCsx&prod=94&ver=2012.0.1809&mid=01312ffd6725a2eafdf8f2fdc65dedee-4baa18fb1f48eccd05a4a8a2a01284a1a85c9300" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave9"=Digi32.dll
"MIDI10"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\avg\avg10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dynex Wireless Networking Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
backup=c:\windows\pss\Dynex Wireless Networking Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^FaithLives^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\FaithLives\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^FaithLives^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\FaithLives\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 22:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 12:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2006-06-29 22:34 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-09-23 11:31 2404704 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link RangeBooster G WUA-2340]
2006-09-01 17:09 1880064 ----a-w- c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 06:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 13:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
2009-07-27 18:44 236040 ----a-w- c:\windows\system32\DeltaIITray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 15:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\niDevMon]
2008-07-28 15:24 106576 ----a-w- c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 21:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 21:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-08 04:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-24 16:55 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOps.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Documents and Settings\\FaithLives\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS4\\Photoshop.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Mp3tag\\Mp3tag.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\edcast\\edcastStandalone.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [4/30/2011 9:03 PM 16384]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [8/21/2008 8:04 PM 15448]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [7/23/2011 10:05 PM 16400]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [6/25/2008 11:01 AM 11344]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [6/20/2008 9:27 PM 11360]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [8/21/2010 4:33 AM 302472]
S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe --> c:\windows\system32\nipalsm.exe [?]
S2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe --> c:\windows\system32\nipalsm.exe [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [5/8/2006 7:10 PM 347648]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [6/23/2008 6:11 PM 20104]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [7/23/2011 10:06 PM 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [7/23/2011 10:06 PM 21904]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [11/11/2008 1:50 PM 26192]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [11/11/2008 1:52 PM 11344]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [11/11/2008 1:53 PM 22608]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [9/4/2008 6:04 PM 16456]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [7/24/2008 11:32 AM 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [7/31/2008 8:21 PM 11336]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [6/13/2008 3:51 PM 11360]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [8/1/2008 12:30 PM 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [7/25/2008 11:04 AM 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [7/31/2008 8:21 PM 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [7/31/2008 8:21 PM 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [7/29/2008 7:21 PM 11352]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [6/13/2008 3:51 PM 11360]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [7/23/2008 1:00 PM 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [4/4/2007 9:06 AM 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [4/4/2007 9:06 AM 151683]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [7/23/2008 12:54 PM 11360]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [7/23/2008 12:55 PM 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [7/30/2008 9:58 AM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [12/16/2008 1:57 AM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [12/16/2008 1:55 AM 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [6/25/2008 11:02 AM 20568]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [7/30/2008 4:26 AM 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [8/7/2008 5:23 PM 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [7/30/2008 9:59 AM 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [7/30/2008 4:26 AM 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [7/31/2008 8:21 PM 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [7/25/2008 9:44 AM 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [7/25/2008 9:44 AM 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [7/28/2008 3:08 PM 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [7/24/2008 5:38 PM 11360]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [7/31/2008 8:21 PM 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [6/20/2008 9:28 PM 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [6/20/2008 9:27 PM 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [7/31/2008 8:21 PM 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [7/31/2008 8:21 PM 11336]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/21/2010 4:28 AM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NIPALK
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/421
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\FaithLives\Application Data\Mozilla\Firefox\Profiles\3luu9z50.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com//web?src=ffb&appid=0&systemid=421&sr=0&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53414
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-DATAMNGR - c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE
MSConfigStartUp-DigidesignMMERefresh - c:\program files\Digidesign\Drivers\MMERefresh.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Searchqu 0 MediaBar - c:\program files\Windows Searchqu Toolbar\uninstall.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
-
Please check malwarebytes for updates and do a scan with it.
If you look in C: Windows/System32 do you see this file: msiexec.exe
-
malware log
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8004
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
10/23/2011 10:27:15 AM
mbam-log-2011-10-23 (10-27-15).txt
Scan type: Full scan (C:\|)
Objects scanned: 360948
Time elapsed: 2 hour(s), 14 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 34
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Qoobox\quarantine\C\program files\startnow toolbar\startnowtoolbaruninstall.exe.vir (PUP.Zugo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP396\A0099936.exe (PUP.Zugo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP355\A0089497.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP355\A0090497.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP355\A0091497.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP355\A0093501.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP355\A0094509.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP355\A0092497.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP356\A0095856.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP357\A0095934.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP357\A0095983.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP358\A0096067.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP358\A0096089.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP358\A0096099.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP359\A0096117.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP359\A0096136.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP360\A0096150.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP360\A0096195.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP360\A0096207.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP360\A0096214.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP361\A0096239.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP361\A0096250.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP362\A0096303.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP362\A0096311.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP363\A0096317.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP363\A0096322.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP364\A0096330.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP364\A0096338.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP364\A0096352.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP365\A0096369.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP365\A0096381.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP365\A0096436.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP366\A0096491.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP366\A0096509.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
-
ok thanks for the info. Can you post the rest of the combofix log. Everything after:((((((((((((( Reg Loading Points )))))))))))) or whatever will fit.
Lets get one more download also. Download this tool to your desktop. Double click to start and follow the prompts. Post the log it generates on your desktop when its finished.
For the Windows installer problem: Are you good at following directions?
There are two methods here.
-
so that antiaccesszero came up with nothing...that seems good. also i may have fixed the windowsinstaller service thing i was able to reinstall AVG which i couldnt do before. Also itunes works now.....will get the combo fix info up but is it still necessary? wow...what an adventure this has been....
-
Yes please post the rest of the combofix log.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
