[infostealer.gampass virus on windows vista]

I got a virus called infostealer.gampass and am on windows vista using norton 360 it scan its is undeletable and i need to delete it i dont know tht much about computers so i need step by steps

this is the report i got from silent runners:

"Silent Runners.vbs ", revision 58, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++} "


Startup items buried in registry:
--------------------------------------



it because i looked everywhere in regedit and found files that wernt there like superhidden and deleted it and now i dont get no messages from norton, but just to be safe is there anything else i can do i am so releived searching 3 hours none stop just to resolve it. i was so worried because this is my big brothers laptop and he would kill me if he found out that anything happened and am only 14
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = " "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background" [MS]
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide "
"ECenter" = "C:\Dell\E-Center\EULALauncher.exe" [null data]
"Apoint" = "C:\Program Files\DellTPad\Apoint.exe" [ "Alps Electric Co., Ltd."]
"OEM02Mon.exe" = "C:\Windows\OEM02Mon.exe" [ "Creative Technology Ltd."]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"NVHotkey" = "rundll32.exe C:\Windows\system32\nvHotkey.dll,Start" [MS]
"SunJavaUpdateSched" = " "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" " [ "Sun Microsystems, Inc."]
"PSQLLauncher" = " "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup" [ "UPEK Inc."]
"IAAnotif" = " "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" " [ "Intel Corporation"]
"Adobe Reader Speed Launcher" = " "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" " [ "Adobe Systems Incorporated"]
"dscactivate" = " "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" " [null data]
"PCMService" = " "C:\Program Files\Dell\MediaDirect\PCMService.exe" " [ "CyberLink Corp."]
"Acrobat Assistant 8.0" = " "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" " [ "Adobe Systems Inc."]
"(Default)" = "(empty string)" [file not found]
"Adobe_ID0EYTHM" = "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [ "Adobe Systems Incorporated"]
"GrooveMonitor" = " "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" " [MS]
"ccApp" = " "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" " [ "Symantec Corporation"]
"Symantec PIF AlertEng" = " "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" " [ "Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" [ "Adobe Systems Incorporated"]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll" [ "Symantec Corporation"]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class "
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" [ "Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}\(Default) = "Browser Address Error Redirector "
-> {HKLM...CLSID} = "CBrowserHelperObject Object "
\InProcServer32\(Default) = "C:\Program Files\Dell\BAE\BAE.dll" [ "Dell Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler "
-> {HKLM...CLSID} = "Microsoft Office Outlook "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class "
-> {HKLM...CLSID} = "DesktopContext Class "
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" [ "NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper "
-> {HKLM...CLSID} = "NVIDIA CPL Extension "
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" [ "NVIDIA Corporation"]
"{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler "
-> {HKLM...CLSID} = "CLSID_WLMCMimeFilter "
\InProcServer32\(Default) = "c:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]
"{9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E}" = "Safearchive ContextMenu Class "
-> {HKLM...CLSID} = "Safearchive ContextMenu Class "
\InProcServer32\(Default) = "C:\Program Files\Fingerprint Reader Suite\farchns.dll" [ "UPEK Inc."]
"{055EF591-5C38-49a0-9BDA-51B1D69D0BF4}" = "Safearchive ShellFolder Class "
-> {HKLM...CLSID} = "Safearchive ShellFolder Class "
\InProcServer32\(Default) = "C:\Program Files\Fingerprint Reader Suite\farchns.dll" [ "UPEK Inc."]
"{66C99756-1C92-4d3e-BA69-9400A6F731F5}" = "Safearchive PropertySheetHandler Class "
-> {HKLM...CLSID} = "Safearchive PropertySheetHandler Class "
\InProcServer32\(Default) = "C:\Program Files\Fingerprint Reader Suite\farchns.dll" [ "UPEK Inc."]
"{E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA}" = "Safearchive ExtractIcon Class "
-> {HKLM...CLSID} = "Safearchive ExtractIcon Class "
\InProcServer32\(Default) = "C:\Program Files\Fingerprint Reader Suite\farchns.dll" [ "UPEK Inc."]
"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor "
-> {HKLM...CLSID} = "Monitor Class "
\InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" [ "Broadcom Corporation."]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler "
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler "
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders "
-> {HKLM...CLSID} = "My Sharing Folders "
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu "
-> {HKLM...CLSID} = "Acrobat Elements Context Menu "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" [ "Adobe Systems Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper "
-> {HKLM...CLSID} = "Groove GFS Browser Helper "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar "
-> {HKLM...CLSID} = "Groove Folder Synchronization "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler "
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook "
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler "
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler "
-> {HKLM...CLSID} = "Groove XML Icon Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder) "
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder) "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub) "
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub) "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark) "
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark) "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub) "
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub) "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) "
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler "
-> {HKLM...CLSID} = "Outlook File Icon Extension "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search "
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook "
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "GinaDLL" = "vrlogon.dll" [ "UPEK Inc."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945} "
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter "
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info "
-> {HKLM...CLSID} = "PDF Shell Extension "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" [ "Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "
-> {HKLM...CLSID} = "Acrobat Elements Context Menu "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" [ "Adobe Systems Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D} "
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D} "
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "
-> {HKLM...CLSID} = "Acrobat Elements Context Menu "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" [ "Adobe Systems Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D} "
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
SafearchiveContextMenu\(Default) = "{9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "
-> {HKLM...CLSID} = "Safearchive ContextMenu Class "
\InProcServer32\(Default) = "C:\Program Files\Fingerprint Reader Suite\farchns.dll" [ "UPEK Inc."]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D} "
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

"DisableCAD" = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img24.jpg "

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\windows\Web\Wallpaper\img24.jpg "


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BridgeCS3ImportMediaOnArrival\
"Provider" = "Adobe Bridge CS3 "
"InvokeProgID" = "Adobe.adobebridge "
"InvokeVerb" = "launch "
HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" [ "Adobe Systems, Inc."]

MDirectPlayDVDMovieOnArrival\
"Provider" = "MediaDirect "
"InvokeProgID" = "DVD "
"InvokeVerb" = "PlayWithMediaDirect "
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithMediaDirect\Command\(Default) = " "C:\Program Files\Dell\MediaDirect\MDirect.exe" AUTOPLAY MOVIE "%L" " [ "CyberLink Corp."]

MediaDirectPlayCDAudioOnArrival\
"Provider" = "MediaDirect "
"InvokeProgID" = "AudioCD "
"InvokeVerb" = "PlayWithMediaDirect "
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithMediaDirect\Command\(Default) = " "C:\Program Files\Dell\MediaDirect\MDirect.exe" AUTOPLAY CD "%L" " [ "CyberLink Corp."]

MSLivePhotoAcqHWEventHandler\
"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10 "
"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler "
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} "
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]

MSLiveVideoCameraArrivalCaptureWizard\
"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10 "
"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler "
"InitCmdLine" = "WLXVideoAcquireWizard "
HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22} "
-> {HKLM...CLSID} = "WLXWEventHandler Class "
\LocalServer32\(Default) = " "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" " [MS]

RoxioSCAudioCDTask36\
"Provider" = "Roxio Creator Audio "
"InvokeProgID" = "Roxio.RoxioCentral36 "
"InvokeVerb" = "AudioCDTask "
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\AudioCDTask\Command\(Default) = " "C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {1DF24BC5-8E7F-4D41-AF7B-1EAAF8CE889B}" [null data]

RoxioSCCopyCD36\
"Provider" = "Roxio Creator Copy "
"InvokeProgID" = "Roxio.RoxioCentral36 "
"InvokeVerb" = "ExactCopyJob "
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\ExactCopyJob\Command\(Default) = " "C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {D7B34115-CCC3-4508-BAC4-02A111F4DB4D}" [null data]

RoxioSCCopyDisc36\
"Provider" = "Roxio Creator Copy "
"InvokeProgID" = "Roxio.RoxioCentral36 "
"InvokeVerb" = "ExactCopyJob "
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\ExactCopyJob\Command\(Default) = " "C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {D7B34115-CCC3-4508-BAC4-02A111F4DB4D}" [null data]

RoxioSCDataProject36\
"Provider" = "Roxio Creator Data "
"InvokeProgID" = "Roxio.RoxioCentral36 "
"InvokeVerb" = "DataGuide "
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\DataGuide\Command\(Default) = " "C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch Data" [null data]

RoxioSCDataTask36\
"Provider" = "Roxio Creator Data "
"InvokeProgID" = "Roxio.RoxioCentral36 "
"InvokeVerb" = "DataTask "
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\DataTask\Command\(Default) = " "C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {85B64A0F-9111-4A55-8B5A-59343EE1EE8B}" [null data]


Startup items in "Mohamed" & "All Users" startup folders:
---------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Adobe Acrobat Speed Launcher" -> shortcut to: "C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe" [null data]
"Adobe Acrobat Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [ "Adobe Systems Incorporated"]
"Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" [ "Broadcom Corporation."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
000000000008\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" [ "Apple Computer, Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 23


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93} "
-> {HKLM...CLSID} = "Adobe PDF "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]
"{90222687-F593-4738-B738-FBEE9C7B26DF}" = "NCO Toolbar "
-> {HKLM...CLSID} = "Show Norton Toolbar "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll" [ "Symantec Corporation"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization "
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research "
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console "
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} "
-> {HKLM...CLSID} = "Java Plug-in 1.6.0 "
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" [ "Sun Microsystems, Inc."]

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
"ButtonText" = "Blog This "
"MenuText" = "&Blog This in Windows Live Writer "
"CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "
-> {HKLM...CLSID} = "BlogThisToolbarButton Class "
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll" [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Send to OneNote "
"MenuText" = "S&end to OneNote "
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C} "
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research "

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015 "
"MenuText" = "@btrez.dll,-12650 "
"Script" = "c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, " "C:\Program Files\Bonjour\mDNSResponder.exe" " [ "Apple Computer, Inc."]
Andrea ST Filters Service, AESTFilters, "C:\Windows\system32\aestsrv.exe" [ "Andrea Electronics Corporation"]
Bluetooth Support Service, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" { "C:\Windows\System32\bthserv.dll" [MS]}
ccEvtMgr, ccEvtMgr, " "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" [ "Symantec Corporation"]
ccSetMgr, ccSetMgr, " "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" [ "Symantec Corporation"]
CNG Key Isolation, KeyIso, "C:\Windows\system32\lsass.exe" [MS]
Computer Browser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" { "C:\Windows\System32\browser.dll" [MS]}
Extensible Authentication Protocol, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" { "C:\Windows\System32\eapsvc.dll" [MS]}
FLEXnet Licensing Service, FLEXnet Licensing Service, " "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" " [ "Macrovision Europe Ltd."]
Human Interface Device Access, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" { "C:\Windows\system32\hidserv.dll" [MS]}
Intel(R) Matrix Storage Event Monitor, IAANTMON, "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" [ "Intel Corporation"]
Intel(R) PROSet/Wireless Event Log, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" [ "Intel Corporation"]
Intel(R) PROSet/Wireless Registry Service, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" [ "Intel Corporation"]
LiveUpdate Notice Service Ex, LiveUpdate Notice Ex, " "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" [ "Symantec Corporation"]
Messenger Sharing Folders USN Journal Reader service, usnjsvc, " "C:\Program Files\Windows Live\Messenger\usnsvc.exe" " [MS]
SigmaTel Audio Service, STacSV, "C:\Windows\system32\STacSV.exe" [ "IDT, Inc."]
Symantec Core LC, Symantec Core LC, " "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" " [ "Symantec Corporation"]
Symantec Lic NetConnect service, CLTNetCnService, " "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" [ "Symantec Corporation"]
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" { "C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" { "C:\Windows\System32\wiaservc.dll" [MS]}
Windows Media Player Network Sharing Service, WMPNetworkSvc, " "C:\Program Files\Windows Media Player\wmpnetwk.exe" " [MS]
WLAN AutoConfig, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" { "C:\Windows\System32\wlansvc.dll" [MS]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "AdobePDF.dll" [ "Adobe Systems Incorporated."]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]


---------- (launch time: 2008-08-12 20:48:25)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 78 seconds, including 23 seconds for message boxes)

 

Hi adzmo
Welcome to Windowsbbs.

First, I strongly suggest you go to your big brother and let him know what happened and that we should be able to fix things.

Second,

This is a very bad idea, Stay out of the registry. That is like the back bone of a computer and one mistake and it could be crippled and a reformat to fix it.

Lets get a on-line scan and see what turns up.

Please do an online scan with Kaspersky WebScanner

Click on "Accept" If your pop "“up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the "Scan Report" On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

it says

it wont work if u have other antiviruses on and i dont want to turn off norton because i might get spyware or virus

 

Hi adzmo
It will be OK, We do this all the time.

Turn it off just before the scan, then trun it back on right after you get and save the log. Then post the log here.

Thanks
Geri

 

Norton 2008

Hello-

Was browsing the posts, as I came across yours the virus name looked familiuar. I was onlinelast night, and the same virus tried to attack my laptop.Must be the newest one out there. Anyhow the Norton 2008 which I have installed on my blocked the attack. Just a suggestion...very important to update your virus settings weekly.