# Hidden Firewall?



## Tryptamind (Jun 17, 2010)

Hi, i'm having problems with my computer. There seems to be a hidden firewall blocking many applications from access to the internet. I used HijackThis to show all my currently running apps. PLEASE HELP ME! This has been an ongoing problem interfering with COUNTLESS programs. P.S. I have windows 7, if that helps?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:07 PM, on 6/16/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2528058
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {a84c9e75-cb32-4928-bab6-25460a3b19b3} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a84c9e75-cb32-4928-bab6-25460a3b19b3} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {a84c9e75-cb32-4928-bab6-25460a3b19b3} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Qwest Live - {BACF4FA5-056C-48D8-BA70-D31EE42A2B17} - http://qwest.live.com (file missing) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} - http://www.earn2life.com/plugin/Earn2Life.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{994EDE97-FCBE-4248-BA77-D908CA993D1E}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\Program Files\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\Program Files\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c93e8cea2f1ef0) (gupdate1c93e8cea2f1ef0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10408 bytes


----------



## mseifman (Jun 17, 2010)

Did you have a virus? My post just above yours is the same thing. Only I don't know how to run that report you did. My firewall and windows defender are off. Adware - off, Ms Security essentials.. off. My router settings haven't changed.. I go in to open the ports for one of the blocked programs and its already there.. I can SEE the traffic going out.. but like you, there are programs who's port appear to be... blocked by a firewall


----------



## Tryptamind (Jun 17, 2010)

Yeah, i disabled windows firewall and UAC and still nothing has changed. I also removed all my anti-virus for the time being. CS:S doesn't connect to servers, Itunes can't open the store, my NEW anti-virus can't update, even windows can't update. HELP, SOMEONE!


----------



## Cookiegal (Aug 27, 2003)

Did you have Comodo installed at one time? I see an entry for it in the HijackThis log.

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## Tryptamind (Jun 17, 2010)

I actually did have Comodo Firewall once! It was around the same time problems starting occurring with my computer..

Here's the list:
Actiontec Gateway
Addictive Drums
Adobe After Effects CS3
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Download Manager
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe MotionPicture Color Files
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Audiosurf
AVS Audio Converter version 6.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
BitTorrent
BlackBerry Desktop Software 4.6
BlackBerry Desktop Software 4.6
Bonjour
Camtasia Studio 6
Canon MP Navigator EX 1.0
Canon MP210 series
Canon MP210 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
ClientTools
Compatibility Pack for the 2007 Office system
Connect
Counter-Strike: Source
Creative MediaSource 5
Dell Getting Started Guide
Dell Support Center
DFX for Winamp
Diablo II
Digidesign Pro Tools M-Powered 7.4
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Easy GIF Animator 5.02
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.3.0119
FoxyTunes for Firefox
Fraps (remove only)
Free Video to MP3 Converter version 3.4
Game Vindicator
GameTracker 1.1
Garry's Mod
GoGear VIBE Device Manager
Google Gmail Notifier
Google Update Helper
GTA San Andreas
Guitar Pro 5.2
Hero Editor V0.96
HijackThis 2.0.2
ijji REACTOR
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.11.0
Intel(R) PRO Network Connections 12.1.11.0
Intel(R) TV Wizard
Interlok driver setup x32
InterVideo FilterSDK for Panasonic
iTunes
Java(TM) SE Runtime Environment 6
kuler
Lennar Digital Sylenth VSTi v1.2.1
Live 8.0.1
Magic ISO Maker v5.4 (build 0239)
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.7.105
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
Media Converter for Philips
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft WSE 3.0 Runtime
Miroslav Philharmonik
MobileMe Control Panel
Modem Diagnostic Tool
MotionSD STUDIO 1.3E
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music, Photos & Videos Launcher
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
NetWaiting
Nomad Factory Blue Tubes Bundle v2.0
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Pando Media Booster
PC Drummer Pro 5.05
PDF Settings CS4
Photo Viewer
Photoshop Camera Raw
PIXMA Extended Survey Program
Power Tab Editor 1.7
PowerISO
Product Documentation Launcher
QuickConnect
QuickTime
Qwest QuickAssist Desktop Tools
Real Alternative 2.0.1
Realtek High Definition Audio Driver
Reason 4.0
rgcAudio z3ta Plus v1.40
Rhythm Rascal
Rosetta Stone Version 3
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio Media Manager
Roxio Update Manager
RuneScape
San Andreas Mod Installer
ScanSoft OmniPage SE 4
Scratch Live 1.9.1 (19136)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Sid Meier's Civilization 4
Sonic Activation Module
Sonnox Oxford Inflator Native VST v1.5.1
Sonnox Oxford Limiter Native VST v1.1.1
Sonnox Oxford R3 Dynamics Native VST v1.3.1
Sonnox Oxford R3 EQ Native VST v1.6.1
Sonnox Oxford Reverb Native VST v1.0
Sonnox Oxford TransMod Native VST v1.3.1
Sony Media Manager 2.3
Source SDK
Spy Sweeper
Steam
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
Suite Shared Configuration CS4
SyncroSoft Emu (Remove only)
System Requirements Lab
The Sims 3
T-RackS 3 Deluxe
Uninstall 1.0.0.1
Unity Web Player
User's Guides
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Viewpoint Media Player
Virtual DJ - Atomix Productions
Vista Codec Package
V-Station 1.5.1
Waves Mercury Bundle
Winamp
Windows 7 Upgrade Advisor Beta
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Movie Maker 2.6
WinRAR archiver
WLTB Custom Buttons
WWAYM - NWSynth V1.3
Xvid 1.1.2 final uninstall
ZEN Media Explorer
ZENcast Organizer
Zune
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)


----------



## Cookiegal (Aug 27, 2003)

I'm not very familiar with Windows 7 but I assume the registry keys are the same.

Are you at all familiar with getting around in the registry?


----------



## Tryptamind (Jun 17, 2010)

Yeah, it's just regedit in the run bar.


----------



## Cookiegal (Aug 27, 2003)

Please navigate to this key in the registry and then in the right-hand pane, double-click on *AppInit_DLLs* and tell me what you see in the "data value" box.


----------



## Tryptamind (Jun 17, 2010)

Cookiegal said:


> Please navigate to this key in the registry...


What key are you talking about here? I have registry editor open and ready to go.


----------



## Tryptamind (Jun 17, 2010)

Is this what you meant?


----------



## Cookiegal (Aug 27, 2003)

Sorry, no it's this one:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows


----------



## Tryptamind (Jun 17, 2010)




----------



## Cookiegal (Aug 27, 2003)

You must have right-clicked on AppInit_Dlls and then selected "modify binary". Please just double-click on AppInit_Dlls and then you should get an Edit String box. It should just say "C:\WINDOWS\system32\guard32.dll" (without the quotes) and nothing else. Please post that screenshot.


----------



## mseifman (Jun 17, 2010)

umm.. this may be a silly suggestion, but actually it was my problem (blush). Apparently the virus had modified my internet explorer options to use a proxy server. Since I don't use IE, and only use Firefox, I didn't really notice it was changed. However, once I changed this in IE back to what it should be, my yahoo, itunes and other programs worked just fine.


----------



## Cookiegal (Aug 27, 2003)

It's odd that it didn't show that in the HIjackThis log.

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## Tryptamind (Jun 17, 2010)

Malwarebytes' Anti-Malware 1.46 beta
www.malwarebytes.org

Database version: 4040

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/22/2010 4:07:43 AM
mbam-log-2010-06-22 (04-07-43).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 446487
Time elapsed: 2 hour(s), 57 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## Cookiegal (Aug 27, 2003)

Delete the contents of the value data box (in other words remove C:\WINDOWS\system32\guard32.dll so the box is blank) then click on OK.

Please post a new HijackThis log and explain if there are any problems remaining.


----------



## Tryptamind (Jun 17, 2010)

Did what you said, nothing's changed.

Here's my hijackthis! log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:29 AM, on 7/1/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
s
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a84c9e75-cb32-4928-bab6-25460a3b19b3} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {a84c9e75-cb32-4928-bab6-25460a3b19b3} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Qwest Live - {BACF4FA5-056C-48D8-BA70-D31EE42A2B17} - http://qwest.live.com (file missing) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} - http://www.earn2life.com/plugin/Earn2Life.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{994EDE97-FCBE-4248-BA77-D908CA993D1E}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\Program Files\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\Program Files\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 7249 bytes


----------



## Cookiegal (Aug 27, 2003)

Your DNS settings indicate that you're using Comodo's secure DNS. Are you still using that set-up? I thought you weren't running Comodo any longer.


----------



## Tryptamind (Jun 17, 2010)

I'm not? I uninstalled Comodo awhile back, but i'm guessing it's still there..how do i remove it completely?


----------



## Cookiegal (Aug 27, 2003)

Rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

*O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {a84c9e75-cb32-4928-bab6-25460a3b19b3} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {a84c9e75-cb32-4928-bab6-25460a3b19b3} - (no file)*

I'm not familiar with Windows 7 so I will ask you to do the following and post a screenshot of your settings there:

Go to the Control Panel and right-click on the connection that you use and click on "Properties" then select "Internet Protocol Version 4 (TCP/IPv4)" and click on "Properties". Don't change anything just post the screenshot of what you see please.


----------



## Tryptamind (Jun 17, 2010)




----------



## Cookiegal (Aug 27, 2003)

Rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

O17 - HKLM\System\CCS\Services\Tcpip\..\{994EDE97-FCBE-4248-BA77-D908CA993D1E}: NameServer = 156.154.70.22,156.154.71.22

Then reboot and post a new HijackThis log.


----------



## Tryptamind (Jun 17, 2010)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:07 PM, on 7/3/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Qwest Live - {BACF4FA5-056C-48D8-BA70-D31EE42A2B17} - http://qwest.live.com (file missing) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} - http://www.earn2life.com/plugin/Earn2Life.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\Program Files\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\Program Files\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 6456 bytes

Still no change..adobe flash won't even install


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *All Programs *and click *Accessories*.

b. Right-click *Command Prompt* and click *Run as administrator*. You may be prompted for an administrator password or confirmation.

Type the following command and press Enter.

*Netsh winsock reset*

Then reboot the machine and let me know if there's any change.


----------



## Tryptamind (Jun 17, 2010)

No change i noticed this when trying to install adobe though

http://i48.tinypic.com/fep35e.png

Says i'm behind some sort of proxy?


----------



## Cookiegal (Aug 27, 2003)

Please post the screenshot here.


----------



## Tryptamind (Jun 17, 2010)




----------



## Cookiegal (Aug 27, 2003)

Which Adobe product are you trying to install?

It could be a security program interfering.

Are you still using SpySweeper?


----------



## Tryptamind (Jun 17, 2010)

Adobe Flash Player..no i don't have spy sweeper installed. I don't want it to be installed either haha. Whatever it takes to get rid of the firewall..


----------



## Cookiegal (Aug 27, 2003)

I'm thinking it could be one of your security programs that's interfering with the download.

SpySweeper was listed in your uninstall list so it must still be showing in Add or Remove Programs in the Control Panel. Please try to uninstall it from there. If you can uninstall it, reboot afterwards and then let me know if there's any change please.


----------



## ArsalanRet (Jul 1, 2010)

Go to Control Pannel>Network and Internet Connections>Network Connections. Then right click your ISP connection and select Properties. Click on the Advanced tab and untick the "Protect My........" box. That should leave the firewall off from here on.

If you want a firewall then go download a good one, like Sygate Personal Firewall, or Zone Alarm. The XP firewall shouldn't be trusted in the first place as it's a Microsoft product, and just look at the huge security flaws that they shipped this OS with. Aside from that you want a firewall from a company who updates occasionally.


----------



## Cookiegal (Aug 27, 2003)

It's not wise to run without any firewall even if it's only the Windows one other than for a short test period. We are not trying to turn off the Windows firewall, we are trying to remove one or some other component of a security program that may still have leftover entries that are interfering with downloads.


----------



## Tryptamind (Jun 17, 2010)

Cookiegal said:


> I'm thinking it could be one of your security programs that's interfering with the download.
> 
> SpySweeper was listed in your uninstall list so it must still be showing in Add or Remove Programs in the Control Panel. Please try to uninstall it from there. If you can uninstall it, reboot afterwards and then let me know if there's any change please.


It's not in my remove programs..still no change!


----------



## Cookiegal (Aug 27, 2003)

Download the Registry Search Tool By Bobbi Flekman from the following link to your desktop:

http://www.bleepingcomputer.com/files/regsearch.php

Unzip it and double click on the file to run it. If your antivirus interferes you may have to disable script blocking in the antivirus. Copy and Paste the following in the search box:

*Webroot*

Copy and paste the results here please.


----------



## Tryptamind (Jun 17, 2010)

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 7/19/2010 2:52:47 PM for strings:
; 'webroot'
; Strings excluded from search:
; (None)
; Search in: 
; Registry Keys Registry Values Registry Data 
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1281A68F-9E75-418F-B3AC-D5B23DD86408}]
"LocalService"="WebrootSpySweeperService"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8A0934AB-9231-4054-8955-6C491EDB6047}\3.5\0\win32]
@="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8A0934AB-9231-4054-8955-6C491EDB6047}\3.5\HELPDIR]
@="C:\\Program Files\\Webroot\\Spy Sweeper\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96267573-9F34-42A6-9E75-FFEC8686FEFE}]
"AppPath"="C:\\Program Files\\Webroot\\Spy Sweeper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\startupreg\SpySweeper]
"command"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot]

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\ClientRegistry]

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\ClientRegistry]
"C:\\Program Files\\Webroot\\Spy Sweeper\\SafeSweeper.exe"="W3tjDnTF16b0pH9AKJsLSmKRlc+kVpsIzj4bfQNYd4PToMFbQZJbmXn+cOAUSbtsPDr+2Ynudj6Zcr9aceKRWA=="
"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe"="jXDOPVzRpYO6KnE+4WKUSK7xsiu+erVexIfL2NfHpW6i683fd+Rg2Jhj4kcBduuSs8/qRFo0/ajzQJWtE01RYw=="
"C:\\Program Files\\Webroot\\Spy Sweeper\\wrsshp.exe"="W3tjDnTF16b0pH9AKJsLSmKRlc+kVpsIzj4bfQNYd4PToMFbQZJbmXn+cOAUSbtsPDr+2Ynudj6Zcr9aceKRWA=="

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper]

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper]
"id"="C:\\Program Files\\Webroot\\Spy Sweeper"
"uninstallurl"="http://products.webroot.com/disp0201.php?pc=64150&rc=1&ps=R&oc=33&mjv=5&mnv=5&rel=7&bld=48&cd=&dcc=&drc=&mo=&sid=&lang=en&loc=USA&opi=2&omj=6&omn=0&frq=1&dnv=20&guid=5B42393F-14BB-4560-BAA7-31CCCD9CA3B8&kc=NO+KEYCODE"
"ignorewebrootproducts"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\Affiliates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\Branding]

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\ExtSW]

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\Partners]

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\Partners]
"InstallDir"="C:\\Program Files\\Webroot\\Spy Sweeper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\reports]

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\reports\{00B52AAD-6034-4971-B830-493EDC048360}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\reports\{EE93A859-E163-4A9D-8F1A-E9E667FB798B}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSKBFD]
"DisplayName"="Webroot Spy Sweeper Keylogger Shield Keyboard Filter"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebrootSpySweeperService]
"Description"="Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function."
"DisplayName"="Webroot Spy Sweeper Engine"
; Contents of value:
; "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" 
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,57,00,65,00,62,00,72,00,6f,\
00,6f,00,74,00,5c,00,53,00,70,00,79,00,20,00,53,00,77,00,65,00,65,00,70,00,\
65,00,72,00,5c,00,53,00,70,00,79,00,53,00,77,00,65,00,65,00,70,00,65,00,72,\
00,2e,00,65,00,78,00,65,00,22,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebrootSpySweeperService\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SSKBFD]
"DisplayName"="Webroot Spy Sweeper Keylogger Shield Keyboard Filter"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WebrootSpySweeperService]
"Description"="Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function."
"DisplayName"="Webroot Spy Sweeper Engine"
; Contents of value:
; "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" 
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,57,00,65,00,62,00,72,00,6f,\
00,6f,00,74,00,5c,00,53,00,70,00,79,00,20,00,53,00,77,00,65,00,65,00,70,00,\
65,00,72,00,5c,00,53,00,70,00,79,00,53,00,77,00,65,00,65,00,70,00,65,00,72,\
00,2e,00,65,00,78,00,65,00,22,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WebrootSpySweeperService\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSKBFD]
"DisplayName"="Webroot Spy Sweeper Keylogger Shield Keyboard Filter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebrootSpySweeperService]
"Description"="Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function."
"DisplayName"="Webroot Spy Sweeper Engine"
; Contents of value:
; "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" 
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,57,00,65,00,62,00,72,00,6f,\
00,6f,00,74,00,5c,00,53,00,70,00,79,00,20,00,53,00,77,00,65,00,65,00,70,00,\
65,00,72,00,5c,00,53,00,70,00,79,00,53,00,77,00,65,00,65,00,70,00,65,00,72,\
00,2e,00,65,00,78,00,65,00,22,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebrootSpySweeperService\Security]

; End Of The Log...


----------



## Cookiegal (Aug 27, 2003)

There are still a lot of entries for SpySweeper. You did say you uninstalled it, correct? 

If you did and there's no entry in Add or REmove programs in the Control Panel then see if the uninstaller file still exists. It would be located in the Program Files\Webroot\Spy Sweeper folder and the name of the file is *unins000.exe*. If it's there, double-click on it and see if the uninstaller will run. If it does, reboot afterward. Otherwise, report back with any errors you get please.


----------



## Tryptamind (Jun 17, 2010)

There's no spysweeper, not even a program files folder.


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a RemoveSAS.zip file. Please save it to your desktop. Unzip it and double-click the RemoveSAS.reg file it contains and allow it to merge with the registry to remove the remnants of SpySweeper.

Then reboot the machine, post a new HijackThis log and let me know if there's any change.


----------

