Help! windows vista

[Forensick]

I managed to get myself a virus...
i cannot get rid of it...
the virus causing the problem does nothing but allow other virus's access to my system.
eventually i lose control of my browsers.

system restore has "last known good" as after the initial infection, but before the secondary ones.
so after restore i can use my computer normally for a few hours.

trendmicro housecall can't competely remove the virus
AVG can't find it
and adaware BSODs halfway through a scan.

basicly, i am fed up, and just want to reinstall....

however, i dont have a copy of windows vista business on CD... but i DO have a licence key (that i paid for).

i can't find a downloadable copy anywhere (except for hacked copies that aren't installable WITHOUT the hack)

i am wondering if anyone has a copy they can leech or post to me

thanks

 

[Forensick]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:02 PM, on 21/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm*****
C:\Windows\system32\taskeng*****
C:\Windows\System32\rundll32*****
C:\Program Files\Windows Defender\MSASCui*****
C:\Windows\System32\igfxtray*****
C:\Windows\System32\hkcmd*****
C:\Windows\System32\igfxper*********
C:\Program Files\Synaptics\SynTP\SynTPEnh*****
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain*****
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg*****
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL*****
C:\Program Files\Hp\HP Software Update\hpwuSchd2*****
C:\Program Files\Google\Gmail Notifier\gnotify*****
C:\Program Files\iTunes\iTunesHelper*****
C:\Program Files\Java\jre1.6.0_03\bin\jusched*****
C:\Windows\mrofinu2000352*****
C:\Program Files\Windows Sidebar\sidebar*****
C:\Program Files\Windows Live\Messenger\msnmsgr*****
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier*****
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite*****
C:\Program Files\Windows Media Player\wmpnscfg*****
C:\Windows\system32\igfxsrvc*****
C:\Program Files\OpenOffice.org 2.3\program\soffice*****
C:\Program Files\Hewlett-Packard\Shared\HpqToaster*****
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox*****
C:\Program Files\Java\jre1.6.0_03\bin\jucheck*****
C:\Windows\system32\rundll32*****
C:\Windows\system32\rundll32*****
C:\Program Files\Internet Explorer\iexplore*****
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy*****
C:\Windows\explorer*****
C:\Windows\system32\SearchFilterHost*****
C:\Program Files\Trend Micro\HijackThis\HijackThi*********

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=74&bd=smb&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=74&bd=smb&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=74&bd=smb&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {dfcd5343-30cc-43a1-a0fd-87933f8c9266} - C:\Windows\system32\wvUkJyXo.dll
O2 - BHO: (no name) - {ee5a1465-1e73-4784-8f63-45983fdf0db8} - C:\Windows\system32\vtUlMebc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui***** -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray*****
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd*****
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxper*********
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh*****
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain*****
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg*****
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler*****
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl***** /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2*****
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify*****
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask*****" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper*****"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched*****"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck*****
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl*****"
O4 - HKLM\..\Run: [MSServer] rundll32***** C:\Windows\system32\vtUlMebc.dll,#1
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu2000352***** 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [BM630b6e3c] Rundll32***** "C:\Windows\system32\eqlqohgi.dll",s
O4 - HKLM\..\Run: [60385da0] rundll32***** "C:\Windows\system32\wxadaped.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar***** /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr*****" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier*****
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite*****" /systray /nologon
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart*****
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck*****
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet*****/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet*****/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet*****/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL*****/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService*****
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb*****
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService*****
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service*****
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex*****
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT*****
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService*****
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr*****
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing*****
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr*****
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio*****

--
End of file - 8708 bytes



OR, thats my hijack this log file, in case anyone can see the little bastard, and tell me how to remove it

 

[falconboy]

I'd be looking at the following lines to start with. Start in safe mode, run hijack this, tick them, FIX, reboot.


C:\Windows\mrofinu2000352***** (definitely a trojan)

C:\Windows\System32\rundll32*****
C:\Windows\System32\rundll32*****
C:\Windows\System32\rundll32***** (the 3 of these as they are calling the dll's further down - the randomish file names are a giveaway)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {dfcd5343-30cc-43a1-a0fd-87933f8c9266} - C:\Windows\system32\wvUkJyXo.dll

O2 - BHO: (no name) - {ee5a1465-1e73-4784-8f63-45983fdf0db8} - C:\Windows\system32\vtUlMebc.dll


O4 - HKLM\..\Run: [MSServer] rundll32***** C:\Windows\system32\vtUlMebc.dll,#1

O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu2000352***** 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

O4 - HKLM\..\Run: [BM630b6e3c] Rundll32***** "C:\Windows\system32\eqlqohgi.dll",s

O4 - HKLM\..\Run: [60385da0] rundll32***** "C:\Windows\system32\wxadaped.dll",b

 

[meshe1969]

Download and run as many of these as suggested:

http://wiki.castlecops.com/Roll_your_own_Free_Security_Suite

This is a brilliant forum for helping with sort of stuff, but they are very bust and it may take a while:

http://www.castlecops.com/f67-Trend_Micro_HijackThis_Logs.html


www.castlecops.com is a good read to pick up extra info.

 

[Forensick]

cleaned that stuff out...

must be missing something tho, as about 30mins later... pop ups and error messages begin...

no one has a copy of vista business ed?

 

[falconboy]

Can you re-post your current Hijack this log?

 

[Forensick]

i'll have to download it again...
after virus sarts playing again i lose control of all browsers, and have to system restore...

hang on

 

[Forensick]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:21 PM, on 22/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\sms*********
C:\Windows\system32\csrs*********
C:\Windows\system32\wininit*****
C:\Windows\system32\csrs*********
C:\Windows\system32\service*********
C:\Windows\system32\lsas*********
C:\Windows\system32\winlogon*****
C:\Windows\system32\lsm*****
C:\Windows\system32\svchost*****
C:\Windows\system32\svchost*****
C:\Windows\System32\svchost*****
C:\Windows\System32\svchost*****
C:\Windows\System32\svchost*****
C:\Windows\system32\svchost*****
C:\Windows\system32\SLsvc*****
C:\Windows\system32\svchost*****
C:\Windows\system32\svchost*****
C:\Windows\System32\spoolsv*****
C:\Windows\system32\svchost*****
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService*****
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc*****
C:\Windows\system32\svchost*****
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr*****
C:\Windows\system32\svchost*****
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser*****
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter*****
C:\Windows\system32\svchost*****
C:\Windows\System32\svchost*****
C:\Windows\system32\SearchIndexer*****
C:\Windows\system32\DRIVERS\xaudio*****
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex*****
C:\Windows\system32\taskeng*****
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service*****
C:\Windows\system32\Dwm*****
C:\Windows\system32\taskeng*****
C:\Windows\Explorer*****
C:\Windows\System32\svchost*****
C:\Program Files\Windows Defender\MSASCui*****
C:\Windows\System32\igfxtray*****
C:\Windows\System32\hkcmd*****
C:\Windows\System32\igfxper*********
C:\Program Files\Synaptics\SynTP\SynTPEnh*****
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain*****
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg*****
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL*****
C:\Program Files\Hp\HP Software Update\hpwuSchd2*****
C:\Program Files\Google\Gmail Notifier\gnotify*****
C:\Program Files\iTunes\iTunesHelper*****
C:\Program Files\Java\jre1.6.0_03\bin\jusched*****
C:\Windows\mrofinu2000352*****
C:\Program Files\Windows Sidebar\sidebar*****
C:\Program Files\Windows Live\Messenger\msnmsgr*****
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier*****
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite*****
C:\Windows\system32\igfxsrvc*****
C:\Program Files\OpenOffice.org 2.3\program\soffice*****
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Windows Media Player\wmpnscfg*****
C:\Program Files\Windows Media Player\wmpnetwk*****
C:\Windows\system32\wbem\wmiprvse*****
C:\Program Files\iPod\bin\iPodService*****
C:\Program Files\Hewlett-Packard\Shared\HpqToaster*****
C:\Program Files\Mozilla Firefox\firefox*****
C:\Program Files\Java\jre1.6.0_03\bin\jucheck*****
C:\Windows\system32\vssvc*****
C:\Windows\system32\rundll32*****
C:\Program Files\Internet Explorer\iexplore*****
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy*****
C:\Windows\system32\SearchProtocolHost*****
C:\Windows\system32\SearchFilterHost*****
C:\Program Files\Trend Micro\HijackThis\HijackThi*********

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=74&bd=smb&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=74&bd=smb&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=74&bd=smb&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {3eabbe9f-e590-4df7-8ecd-a2c72adf2f1f} - C:\Windows\system32\wvUkJyXo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui***** -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray*****
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd*****
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxper*********
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh*****
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain*****
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg*****
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler*****
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl***** /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2*****
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify*****
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask*****" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper*****"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched*****"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck*****
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl*****"
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu2000352***** 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [BM630b6e3c] Rundll32***** "C:\Windows\system32\oofypcur.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar***** /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr*****" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier*****
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite*****" /systray /nologon
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart*****
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck*****
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet*****/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet*****/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet*****/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL*****/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O20 - Winlogon Notify: rhcloxli - C:\Windows\SYSTEM32\rhcloxli.dll
O20 - Winlogon Notify: __c004a330 - C:\Windows\SYSTEM32\__c004A330.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService*****
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb*****
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService*****
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service*****
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex*****
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT*****
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService*****
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr*****
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing*****
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr*****
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio*****

--
End of file - 10116 bytes

 

[Forensick]

popup takes me to a bogus anti spyware site.

googled it and got this

AntiSpywareSuite Description


AntiSpywareSuite is a corrupt antispyware application designed to goad users into purchasing its full version. AntiSpywareSuite may be installed onto your machine without your knowledge or consent through various browser security exploits. AntiSpywareSuite may be pushed by Trojans onto your machine without your permission and may start issuing fake warning regarding your PC security. AntiSpywareSuite may be difficult to remove manually because of its ability to secretly re-install. AntiSpywareSuite is affiliated with TrustedProtection and AntivirusPCSuite.


How can I get rid of AntiSpywareSuite?

The most common spyware removal tactic is to uninstall AntiSpywareSuite by using the "Add/Remove Programs" utility. However, as there may still be hidden AntiSpywareSuite files, it's possible that AntiSpywareSuite will reappear after reboot. Follow the AntiSpywareSuite detection and removal methods below.

 

[Forensick]

the program isnt installed tho....

not to that extent anyway, just eventully makes it to that site is the only site my browser can load

 

[slacker]

I would strongly advise you to format and install a decent OS ;-)

 

[Ramsayi]

http://www.google.com.au/search?hl=en&q=removing+antispywaresuite&btnG=Google+Search&meta=

 

[Forensick]

alas.... linux caused too many issues with using lptop at uni....
xp i dont own (and technically never did )
vista i at least technically own.... even if they make it so you cant reinstal the OS without buying it again

 

[falconboy]

PM'ed you

 

[lycanthropica]

alas.... linux caused too many issues with using lptop at uni....
xp i dont own (and technically never did )
vista i at least technically own.... even if they make it so you cant reinstal the OS without buying it again

i have visat homeo n my new vaio and i hate it

i could send you that but i don't think it would help.

i am seriously thinging of downgrading windows.

did you get the OS with a new PC or buy it seperately?

as my OS was the only one available with my lappy i can have it downgraded and use my licence key with XP. YAY

if you want vista home premium i can sent it to you tho

 

[Forensick]

it was bundled... and you cant downgrade busness ed apparantly

 

[Mrs I]

If you ring the help line they should be able to get you instructions to reinstall seeing as you have the product key, just tell them you lost the original disk.

 

[Forensick]

i didnt get a disk, it came preloaded....

and last time i rang MS for anything there was 4 hours of hold

 

[lycanthropica]

i didnt get a disk, it came preloaded....

and last time i rang MS for anything there was 4 hours of hold

thats no good.

maybe you could ask where you got it from? i got my lappy from Harris technology and they are really good with after sales support.

i guess it's one of those lessons in life about making back up disks of the OS if it comes preloaded.

 

[meshe1969]

If it was already pre-installed they often create a partition on the hard drive and have the software on a separate drive.