In need of help and assistance

[mellowship]

Hey

In my attempts to delete Symantec Endpoint Protection, I think I did something wrong.

The aniti virus dosent have an uninstall button and cannot be deleted through Add/Remove programs in the Control Panel, SO i deleted the folder at C:

Now, Windows keeps trying to reinstall i think, by configuring the Antivirus software over and over again. I let it run, but it goes through a never ending cycle of configuring... Now combofix needs it gone... and i dunno how to do it.

Please advice??

Thanks alot

[mellowship]

This is combo fix,

ComboFix 10-05-07.07 - Mellowship 08/05/2010  11:24:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.65.1033.18.3069.1497 [GMT 8:00]
Running from: c:\users\Mellowship\Downloads\combo-fix.exe
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettings.dll
c:\program files\Dealio Toolbar\SearchSettings.exe
c:\program files\Dealio Toolbar\SearchSettingsRes409.dll
c:\program files\Dealio Toolbar\sscfg.ini
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\users\Mellowship\AppData\Roaming\.#
c:\users\Mellowship\AppData\Roaming\.#\MBX@1014@A22990.###
c:\users\Mellowship\AppData\Roaming\.#\MBX@1014@A229C0.###
c:\users\Mellowship\AppData\Roaming\.#\MBX@1014@A229F0.###
c:\users\Mellowship\AppData\Roaming\.#\MBX@1470@672990.###
c:\users\Mellowship\AppData\Roaming\.#\MBX@1470@6729C0.###
c:\users\Mellowship\AppData\Roaming\.#\MBX@1470@6729F0.###
c:\users\Mellowship\AppData\Roaming\.#\MBX@504@392990.###
c:\users\Mellowship\AppData\Roaming\.#\MBX@504@3929C0.###
c:\users\Mellowship\AppData\Roaming\.#\MBX@504@3929F0.###

.
(((((((((((((((((((((((((   Files Created from 2010-04-08 to 2010-05-08  )))))))))))))))))))))))))))))))
.

2010-05-08 03:32 . 2010-05-08 03:40   --------   d-----w-   c:\users\Mellowship\AppData\Local\temp
2010-05-08 03:32 . 2010-05-08 03:32   --------   d-----w-   c:\users\TEMP\AppData\Local\temp
2010-05-07 23:43 . 2010-05-07 23:43   --------   d-----w-   C:\_OTL
2010-05-07 23:39 . 2010-05-07 23:39   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-05-07 11:51 . 2010-05-07 11:51   --------   d-----w-   c:\programdata\Seagate
2010-05-07 11:50 . 2010-05-07 11:50   --------   d-----w-   c:\program files\Carbonite
2010-05-07 11:50 . 2010-05-07 11:50   --------   d-sh--w-   c:\windows\ftpcache
2010-05-07 11:48 . 2010-05-07 11:51   --------   d-----w-   c:\program files\Seagate
2010-05-07 11:48 . 2010-05-07 11:49   --------   d-----w-   c:\program files\Common Files\muvee Technologies
2010-05-07 11:46 . 2010-05-07 11:46   --------   d-----w-   c:\users\Mellowship\AppData\Roaming\Leadertech
2010-05-06 01:51 . 2010-05-06 01:51   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-05-06 01:50 . 2010-05-06 01:50   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-05-06 01:50 . 2010-05-06 01:50   --------   d-----w-   c:\users\Mellowship\AppData\Roaming\SUPERAntiSpyware.com
2010-05-06 01:41 . 2010-05-06 01:41   --------   d-----w-   c:\program files\Trend Micro
2010-05-05 22:26 . 2010-05-05 22:26   --------   d-----w-   c:\users\Mellowship\AppData\Roaming\Malwarebytes
2010-05-05 22:26 . 2010-04-29 07:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 22:26 . 2010-05-05 22:26   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-05 22:26 . 2010-05-05 22:26   --------   d-----w-   c:\programdata\Malwarebytes
2010-05-05 22:26 . 2010-04-29 07:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-05-05 22:23 . 2010-05-05 22:23   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-05-05 22:17 . 2010-05-05 22:17   --------   d-----w-   c:\program files\CCleaner
2010-05-05 22:10 . 2010-05-05 22:10   --------   d-----w-   c:\program files\Microsoft Security Essentials
2010-05-05 20:38 . 2010-05-06 01:38   --------   d-----w-   c:\users\Mellowship\AppData\Local\eulubivka
2010-04-14 05:38 . 2010-02-23 11:32   78848   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 05:38 . 2010-02-23 11:32   212992   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 05:38 . 2010-02-23 11:32   105984   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 05:17 . 2010-02-18 14:49   3598216   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-04-14 05:17 . 2010-02-18 14:49   3545992   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-04-14 05:17 . 2010-03-04 18:54   430080   ----a-w-   c:\windows\system32\vbscript.dll
2010-04-14 05:16 . 2010-02-18 14:49   898952   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2010-04-14 05:16 . 2010-02-18 14:11   190464   ----a-w-   c:\windows\system32\iphlpsvc.dll
2010-04-14 05:16 . 2010-02-18 11:52   25088   ----a-w-   c:\windows\system32\drivers\tunnel.sys
2010-04-14 05:09 . 2009-12-23 12:43   171520   ----a-w-   c:\windows\system32\wintrust.dll
2010-04-14 05:09 . 2010-01-15 00:04   98304   ----a-w-   c:\windows\system32\cabview.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 03:32 . 2009-04-24 17:02   12   ----a-w-   c:\windows\bthservsdp.dat
2010-05-08 01:48 . 2009-05-22 09:18   8268   ----a-w-   c:\users\Mellowship\AppData\Local\d3d9caps.dat
2010-05-07 15:11 . 2009-02-25 09:35   146602   ----a-w-   c:\programdata\nvModes.dat
2010-05-07 14:14 . 2009-03-10 06:17   --------   d-----w-   c:\program files\Symantec
2010-05-07 11:52 . 2009-01-09 04:42   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-05-06 01:51 . 2010-05-06 01:51   52224   ----a-w-   c:\users\Mellowship\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-06 01:51 . 2010-05-06 01:51   117760   ----a-w-   c:\users\Mellowship\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-02 11:29 . 2009-05-16 13:39   --------   d-----w-   c:\users\Mellowship\AppData\Roaming\BitTorrent
2010-04-14 23:32 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-04-14 19:06 . 2009-01-09 04:54   --------   d-----w-   c:\programdata\Microsoft Help
2010-04-14 10:31 . 2009-01-09 05:11   --------   d-----w-   c:\program files\Google
2010-04-05 19:42 . 2010-03-14 08:13   45056   ----a-w-   c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-05 19:42 . 2010-03-14 08:13   45056   ----a-w-   c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-05 19:42 . 2010-03-14 08:13   45056   ----a-w-   c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-05 19:42 . 2010-03-14 08:13   308808   ----a-w-   c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-05 19:42 . 2010-04-05 19:42   14848   ----a-w-   c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-05 19:42 . 2010-03-14 08:13   341600   ----a-w-   c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-05 19:42 . 2009-12-06 07:35   --------   d-----w-   c:\program files\Common Files\Real
2010-04-05 19:41 . 2009-12-06 07:36   --------   d-----w-   c:\program files\Real
2010-04-05 19:41 . 2010-04-05 19:41   --------   d-----w-   c:\program files\Common Files\xing shared
2010-04-04 16:16 . 2010-04-04 16:16   79368   ----a-w-   c:\users\Mellowship\AppData\Roaming\Real\Update\setup3.11\RUP\vista.exe
2010-04-04 08:16 . 2010-04-04 08:16   439816   ----a-w-   c:\users\Mellowship\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-03-30 21:56 . 2010-03-18 01:06   --------   d-----w-   c:\program files\Garena
2010-03-23 16:22 . 2009-10-08 10:39   --------   d-----w-   c:\program files\Counter-Strike 1.6
2010-03-14 08:13 . 2010-03-14 08:13   118784   ----a-w-   c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-14 08:13 . 2010-03-14 08:13   118784   ----a-w-   c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-14 08:13 . 2010-03-14 08:13   118784   ----a-w-   c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-14 08:06 . 2010-03-14 08:06   734728   ----a-w-   c:\users\Mellowship\AppData\Roaming\Real\RealPlayer\setup\AU_setup12.exe
2010-03-09 16:28 . 2010-03-31 09:13   833024   ----a-w-   c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-31 09:13   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-31 09:13   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-03-05 10:34 . 2010-03-05 10:34   439816   ----a-w-   c:\users\Mellowship\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-02-25 00:00 . 2009-11-18 08:24   104000   ----a-w-   c:\users\Mellowship\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 02:16 . 2009-10-03 12:27   181632   ------w-   c:\windows\system32\MpSigStub.exe
2010-02-20 23:39 . 2010-03-11 01:42   24064   ----a-w-   c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-11 01:42   31232   ----a-w-   c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-11 01:42   411136   ----a-w-   c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BitTorrent DNA"="c:\users\Mellowship\Program Files\DNA\btdna.exe" [2009-10-07 323392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-20 6711840]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-12 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-11-25 875016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-01 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-01 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"VitaKeyPdtWzd"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-12 3679744]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-09 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-09 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-03-17 524288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-05 202256]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-20 1093208]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-18 115560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-24 727592]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-25 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 07:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 135664]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-11-18 23888]
R3 GarenaPEngine;GarenaPEngine;c:\users\MELLOW~1\AppData\Local\Temp\QIV33C3.tmp

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-05-26 81704]
S0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2009-01-12 42608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-04-27 61440]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-10-01 24576]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 IGBASVC;EgisTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2009-01-12 3611648]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-11-19 57856]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-11-03 107360]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-29 3664384]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-24 45600]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 15:14]

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 15:14]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=2&o=vp32&d=0209&m=aspire_4937
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Mellowship\AppData\Roaming\Mozilla\Firefox\Profiles\lrd5cyq2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://prognosticate-doubts.blogspot.com/
FF - prefs.js: keyword.URL - hxxp://sg.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Mellowship\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe
SafeBoot-Symantec Antvirus
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



**************************************************************************
scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\MELLOW~1\AppData\Local\Temp\QIV33C3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4244)
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Microsoft Security Essentials\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2010-05-08  11:47:19 - machine was rebooted
ComboFix-quarantined-files.txt  2010-05-08 03:46

Pre-Run: 13,045,837,824 bytes free
Post-Run: 12,176,687,104 bytes free

- - End Of File - - A1D4E7B74C1DF8A3B837E70E75A0D66C

[Dr Jay]

GMER

Note about this tool:

• This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
• This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
• No matter what is in the log, please post all the information/contents of the log.

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.

Once the scan is complete, you may receive another notice about rootkit activity.

• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

[mellowship]

Im worried about Symatec Antivirus which keeps re configuring itself. Will it interfere with this very scary scan??

[Dr Jay]

Not sure. Try the scan first. See if it produces a log.

[mellowship]

Sir

I am very hesitant as to run this scan. I am not prepared to take the risk involved. I use this machine for school and assisnments and stuff... is there an alternative that dosent involve that great of a risk?

yours,

Mellowship.

[Dr Jay]

How is it a risk? It is only a scanner.

It will not damage your machine.

If it gives a blue screen, it means there is a hidden problem with your computer. In no way is this damaging.

The other way is complicated. Do you want to attempt it?