Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

all desktop icons gone

  • 18-09-2007 3:51pm
    #1
    Registered Users, Registered Users 2 Posts: 1,326 ✭✭✭


    Hi all,
    hope someone can help me here,..whilst browsing today norton popped up 3~4 times with a virus detection notice, it informwed me that norton had detected & removed a virus called "downloader".
    Although norton stated that it had removed the virus moments later all my desktop icons & shortcuts vanished !! the mouse cursor is visable & I can mover it around but clicking has not effect.
    Whilst rebooting I notice that for a few seconds my icons come back & if Im quick I can start any application I want which I have done & I ran a norton full system scan & it again detected the "downloader" virus so its not being deleted totally, anyone know how I can get my icons back ?
    Rgds


Comments

  • Moderators, Computer Games Moderators, Social & Fun Moderators Posts: 18,853 Mod ✭✭✭✭Kimbot


    Have you right clicked and "Sort by" option??


  • Registered Users, Registered Users 2 Posts: 2,592 ✭✭✭Soundman


    Right click Desktop

    View

    Show All Desktop Icons


  • Registered Users, Registered Users 2 Posts: 1,326 ✭✭✭lensman


    Soundman wrote:
    Right click Desktop

    View

    Show All Desktop Icons
    Tried that before I posted, as I said folks, nothing happens when I click the mouse left or right !!


  • Registered Users, Registered Users 2 Posts: 1,050 ✭✭✭allen175


    try booting into safe mode and running virus scan and remove viruses if required, and if that doesn't work try a system restore.


  • Registered Users, Registered Users 2 Posts: 1,326 ✭✭✭lensman


    allen175 wrote:
    try booting into safe mode and running virus scan and remove viruses if required, and if that doesn't work try a system restore.
    I already tried everything suggested but problem remains & happens under all profiles on the pc, anything else ?


  • Advertisement
  • Closed Accounts Posts: 119 ✭✭vir7ual


    was active desktop enabled by any chance? and if so did norton disable it?? could be the problem.


  • Registered Users, Registered Users 2 Posts: 1,326 ✭✭✭lensman


    vir7ual wrote:
    was active desktop enabled by any chance? and if so did norton disable it?? could be the problem.
    how do I check now ? I only get about 2sec to click an icon or shortcut before the desktop blanks, only left with the xp background pic.


  • Registered Users, Registered Users 2 Posts: 1,326 ✭✭✭lensman


    vir7ual wrote:
    was active desktop enabled by any chance? and if so did norton disable it?? could be the problem.
    update!!!! explorer.exe is not running when i look in task manager !!! so I went FILE , NEW TASK & ran it, now my icons come back but keep dissapering & reappering as explorer.exe keeps trying to run, any ideas ??


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Post a HijackThis log.


  • Registered Users, Registered Users 2 Posts: 1,326 ✭✭✭lensman


    Post a HijackThis log.
    here you go..
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:22:01, on 19/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\DAD\Desktop\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.252.219.76:80
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {70A0FDE9-4E56-4979-92AB-C650EE04EFB6} - C:\WINDOWS\system32\awtqn.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\xxyywwt.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
    O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
    O4 - HKLM\..\Run: [TrojanScanner] D:\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_11] C:\WINDOWS\system32\regsvr32 /s "C:\Program Files\Windows Media Player\mpvis.dll"
    O4 - HKLM\..\RunOnce: [OE_WMPWMDM_Install_7] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\mspmsnsv.dll
    O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_20] C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts
    O4 - HKLM\..\RunOnce: [Trojan Remover] "D:\Trojan Remover\RMVTRJAN.EXE" /restart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: MagicTune 3.5.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/ePC/activex/EpsonSetup.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://home.ntl.com/motive/files/MotivePreQual.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
    O20 - Winlogon Notify: xxyywwt - C:\WINDOWS\SYSTEM32\xxyywwt.dll
    O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - (no file)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 15705 bytes


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hey

    Please download VundoFix.exe to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.



    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


    We need to put HijackThis in a permanent folder, please do the following :

    Click "My Computer", then "C:\" and then on "Program Files".
    In the menu bar, "File"->"New"->"Folder".
    That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
    Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there.
    Exit this folder now and do not run Hijackthis, we will be using it later


  • Registered Users, Registered Users 2 Posts: 1,326 ✭✭✭lensman


    Ok did what you asked..
    1 Ran vundofix,..it reported nothing found.
    2 ran combofix, followed instructions, see txt file below.
    *** on reboot all my desktop icons & shortcuts are now back**:) :):D:D
    does that mean I'm sorted ?
    ComboFix 07-09-18.4 - "DAD" 2007-09-19 12:52:00.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.353.1033.18.569 [GMT 1:00]
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\myglobalsearch
    C:\Program Files\myglobalsearch\bar\History\search
    C:\WINDOWS\system32\awtqn.dll
    C:\WINDOWS\system32\nqtwa.bak1
    C:\WINDOWS\system32\nqtwa.ini
    D:\Autorun.inf
    K:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    \LEGACY_NPF


    ((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
    .

    2007-09-19 12:50 51,200 --a
    C:\WINDOWS\NirCmd.exe
    2007-09-19 12:44 <DIR> d
    C:\VundoFix Backups
    2007-09-19 11:08 <DIR> d
    C:\Program Files\Windows Defender
    2007-09-18 23:33 77,312 --a
    C:\WINDOWS\system32\ztvunace26.dll
    2007-09-18 23:33 75,264 --a
    C:\WINDOWS\system32\unacev2.dll
    2007-09-18 23:33 69,632 --a
    C:\WINDOWS\system32\ztvcabinet.dll
    2007-09-18 23:33 162,304 --a
    C:\WINDOWS\system32\ztvunrar36.dll
    2007-09-18 23:33 153,088 --a
    C:\WINDOWS\system32\UNRAR3.dll
    2007-09-18 23:33 <DIR> d-a
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-09-18 23:33 <DIR> d
    C:\DOCUME~1\DAD\APPLIC~1\Simply Super Software
    2007-09-18 23:33 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
    2007-09-18 23:25 <DIR> d
    C:\WINDOWS\ServicePackFiles
    2007-09-18 23:21 <DIR> d
    C:\WINDOWS\EHome
    2007-09-18 21:55 <DIR> d
    C:\DOCUME~1\dad1\APPLIC~1\CyberLink
    2007-09-18 21:55 <DIR> d
    C:\DOCUME~1\dad1\APPLIC~1\AOL
    2007-09-18 21:54 <DIR> d---s---- C:\DOCUME~1\dad1\UserData
    2007-09-18 21:54 <DIR> d
    C:\DOCUME~1\dad1\APPLIC~1\You've Got Pictures Screensaver
    2007-09-18 21:54 <DIR> d
    C:\DOCUME~1\dad1\APPLIC~1\Real
    2007-09-18 21:41 <DIR> d
    C:\WINDOWS\pss
    2007-09-18 18:48 <DIR> d
    C:\Program Files\Windows Live Safety Center
    2007-09-18 13:42 <DIR> d---s---- C:\DOCUME~1\ADMINI~1.JUN\UserData
    2007-09-18 13:35 628,788 --a
    C:\WINDOWS\system32\nqtwa.bak1.ren
    2007-09-18 13:34 629,738 --a
    C:\WINDOWS\system32\nqtwa.ini.ren
    2007-09-18 13:29 44,054 --a
    C:\WINDOWS\system32\xxyywwt.dll.ren
    2007-09-18 13:29 23,552 --a
    C:\WINDOWS\system32\winjrs32.dll.ren
    2007-08-27 17:13 97,672 --a
    C:\WINDOWS\system32\drivers\symfw.sys
    2007-08-27 17:13 537,992 --a
    C:\WINDOWS\system32\SymNeti.dll
    2007-08-27 17:13 31,624 --a
    C:\WINDOWS\system32\drivers\symids.sys
    2007-08-27 17:13 28,040 --a
    C:\WINDOWS\system32\drivers\symndis.sys
    2007-08-27 17:13 23,944 --a
    C:\WINDOWS\system32\drivers\symredrv.sys
    2007-08-27 17:13 189,320 --a
    C:\WINDOWS\system32\drivers\symtdi.sys
    2007-08-27 17:13 161,160 --a
    C:\WINDOWS\system32\SymRedir.dll
    2007-08-27 17:13 12,680 --a
    C:\WINDOWS\system32\drivers\symdns.sys
    2007-08-26 00:50 <DIR> d
    C:\Program Files\Nero
    2007-08-26 00:50 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    2007-08-25 00:36 <DIR> d
    C:\DOCUME~1\DAD\APPLIC~1\AVS4YOU
    2007-08-25 00:35 <DIR> d
    C:\Program Files\Common Files\AVSMedia
    2007-08-25 00:35 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    2007-08-25 00:34 974,848 --a
    C:\WINDOWS\system32\mfc70.dll
    2007-08-25 00:34 487,424 --a
    C:\WINDOWS\system32\msvcp70.dll
    2007-08-25 00:34 261,632 --a
    C:\WINDOWS\system32\mcdvd_32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-19 12:06
    d
    C:\Program Files\Common Files\Symantec Shared
    2007-09-18 23:10
    d
    C:\Program Files\FlashGet
    2007-09-18 10:36 805 --a
    C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-09-18 10:36 123952 --a
    C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-09-18 10:36 10676 --a
    C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-09-18 10:36
    d
    C:\Program Files\Symantec
    2007-08-28 20:17
    d
    C:\Program Files\Google
    2007-08-27 23:35
    d
    C:\Program Files\SEGA
    2007-08-26 20:43
    d
    C:\DOCUME~1\DAD\APPLIC~1\Ahead
    2007-08-26 00:54
    d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    2007-08-26 00:53
    d
    C:\Program Files\Common Files\Ahead
    2007-08-26 00:38
    d
    C:\Program Files\Ahead
    2007-08-15 14:25
    d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\{DB82D04C-8FC1-489B-81AA-BE54061CEF97}
    2007-08-15 14:05
    d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    2007-08-14 21:29
    d
    C:\DOCUME~1\DAD\APPLIC~1\Atalasoft
    2007-08-12 01:05
    d
    C:\Program Files\Altdo MP4 to AVI WMV DVD Converter&Burner
    2007-08-12 00:53
    d
    C:\Program Files\Boilsoft MOV Converter
    2007-08-11 21:18
    d
    C:\Program Files\DivX
    2007-08-11 21:01
    d
    C:\DOCUME~1\DAD\APPLIC~1\Dr. DivX 2.0 OSS
    2007-08-09 22:17
    d
    C:\Program Files\FlashFXP
    2007-07-31 11:26
    d
    C:\Program Files\Common Files\Sony Shared
    2007-07-27 00:06 43528 --a
    C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-06-27 19:05 972072 --a
    C:\WINDOWS\UNNeroMediaHome.exe
    2007-06-26 14:12 972072 --a
    C:\WINDOWS\UNNeroVision.exe
    2007-02-04 15:42 24192 --a
    C:\DOCUME~1\AL\usbsermptxp.sys
    2007-02-04 15:42 22768 --a
    C:\DOCUME~1\AL\usbsermpt.sys
    2005-12-03 14:58 2657302 --a
    C:\Program Files\FlashFXP.exe
    2006-01-20 14:36:26 56 --sh--r C:\WINDOWS\system32\18D5BC39EA.sys
    2005-10-19 10:21:58 8 --sh--r C:\WINDOWS\system32\C72AA29016.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 18:22]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-06 22:56]
    "NvMediaCenter"="NvMCTray.dll" [2006-06-01 18:22 C:\WINDOWS\system32\nvmctray.dll]
    "SSC Service Utility"="C:\Program Files\SSC Service Utility\ssc_serv.exe" [2006-10-16 18:32]
    "EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00]
    "MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe" [2005-10-27 05:43]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2006-01-27 00:16]
    "CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2006-06-22 19:17]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
    "MSConfig"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe" [2004-08-04 13:00]
    "TrojanScanner"="D:\Trojan Remover\Trjscan.exe" [2007-09-04 13:26]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 16:41]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
    "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-06-06 21:05]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Color Calibration.lnk - D:\SEC\MagicTune3.5_Client\GammaTray.exe [2006-06-22 18:40:26]
    MagicTune 3.5.lnk - D:\SEC\MagicTune3.5_Client\MagicTuneTray.exe [2006-06-22 18:40:34]
    NaturalColorLoad.lnk - D:\SEC\Natural Color\NaturalColorLoad.exe [2006-06-22 18:39:01]
    Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe [2005-10-19 18:40:13]

    C:\DOCUME~1\DAD\STARTM~1\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= D:\Qualcomm\Eudora\EuShlExt.dll [2005-11-14 16:15 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]
    winjrs32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    R0 AEC671X;AEC671X;C:\WINDOWS\system32\DRIVERS\AEC671X.sys
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
    R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS
    R3 mf;mf;C:\WINDOWS\system32\DRIVERS\mf.sys
    R3 XUIF;X10 USB Wireless Transceiver;C:\WINDOWS\system32\Drivers\x10ufx2.sys
    S3 FlyPCI;FlyPCI;\??\C:\WINDOWS\system32\drivers\FlyPCI.sys
    S3 PAC207;Q-TEC WEBCAM 110 USB;C:\WINDOWS\system32\DRIVERS\pfc027.sys
    S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-19 11:59:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2007-08-15 13:25:35 C:\WINDOWS\Tasks\EyeBatch 2.1 Updates.job"
    - C:\WINDOWS\Installer\EyeBatch 2.1 Updates for All Users.lnk
    "2007-09-19 10:11:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2007-09-14 22:13:44 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - DAD.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-19 13:04:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-19 13:06:15 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-09-19 13:05
    .
    --- E O F ---


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Not done just yet

    Now we need to reconfigure Windows XP to show hidden files:
    Double-click the My Computer icon on the Windows desktop.
    Select the Tools menu and click Folder Options. Select the View Tab.

    Under the Hidden files and folders heading select "Show hidden files and folders".
    Uncheck the "Hide protected operating system files (recommended)" option.
    Uncheck the "Hide file extensions for known file types" option.
    Click Yes to confirm. Click OK.



    Open notepad (Start > Run and type notepad > click Ok) and copy/paste the text in the quote box below into it:
    File::
    C:\WINDOWS\system32\nqtwa.bak1.ren
    C:\WINDOWS\system32\nqtwa.ini.ren
    C:\WINDOWS\system32\xxyywwt.dll.ren
    C:\WINDOWS\system32\winjrs32.dll.ren
    C:\WINDOWS\system32\winjrs32.dll

    Folder::
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\{DB82D04C-8FC1-489B-81AA-BE54061CEF97}

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]


    Save this as CFScript

    CFScript.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    Run ComboFix again and post the resultant log file.



    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


    Go to this site:
    http://www.virustotal.com/
    On top you'll find 'Browse'
    Click the browse button and browse to the file:

    C:\WINDOWS\system32\18D5BC39EA.sys

    Click open.
    Then click the 'Send' button next to it.
    This will scan the file. Please be patient.
    Once scanned, copy and paste the results as well in your next reply.

    Repeat that for this file

    C:\WINDOWS\system32\C72AA29016.sys


    So post the ComboFix log and the two DSS texts in full, the results of the two files I asked you to scan, and tell me how your PC is running now.


  • Registered Users, Registered Users 2 Posts: 1,326 ✭✭✭lensman


    here you go,..results of latest combofix, will run Deckards & post both txt's in next post


    ComboFix 07-09-18.4 - "DAD" 2007-09-20 10:10:15.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.353.1033.18.467 [GMT
    1:00]
    Command switches used :: C:\Documents and Settings\DAD\Desktop\Misc\combofix\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system32\nqtwa.bak1.ren
    C:\WINDOWS\system32\nqtwa.ini.ren
    C:\WINDOWS\system32\xxyywwt.dll.ren
    C:\WINDOWS\system32\winjrs32.dll.ren
    C:\WINDOWS\system32\winjrs32.dll
    .

    ((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 )))))))))))))))))))))))))))))))
    .

    2007-09-19 12:50 51,200 --a
    C:\WINDOWS\NirCmd.exe
    2007-09-19 12:44 <DIR> d
    C:\VundoFix Backups
    2007-09-19 11:08 <DIR> d
    C:\Program Files\Windows Defender
    2007-09-18 23:33 77,312 --a
    C:\WINDOWS\system32\ztvunace26.dll
    2007-09-18 23:33 75,264 --a
    C:\WINDOWS\system32\unacev2.dll
    2007-09-18 23:33 69,632 --a
    C:\WINDOWS\system32\ztvcabinet.dll
    2007-09-18 23:33 162,304 --a
    C:\WINDOWS\system32\ztvunrar36.dll
    2007-09-18 23:33 153,088 --a
    C:\WINDOWS\system32\UNRAR3.dll
    2007-09-18 23:33 <DIR> d-a
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-09-18 23:33 <DIR> d
    C:\DOCUME~1\DAD\APPLIC~1\Simply Super Software
    2007-09-18 23:33 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
    2007-09-18 23:25 <DIR> d
    C:\WINDOWS\ServicePackFiles
    2007-09-18 23:21 <DIR> d
    C:\WINDOWS\EHome
    2007-09-18 21:55 <DIR> d
    C:\DOCUME~1\dad1\APPLIC~1\CyberLink
    2007-09-18 21:55 <DIR> d
    C:\DOCUME~1\dad1\APPLIC~1\AOL
    2007-09-18 21:54 <DIR> d---s---- C:\DOCUME~1\dad1\UserData
    2007-09-18 21:54 <DIR> d
    C:\DOCUME~1\dad1\APPLIC~1\You've Got Pictures Screensaver
    2007-09-18 21:54 <DIR> d
    C:\DOCUME~1\dad1\APPLIC~1\Real
    2007-09-18 21:41 <DIR> d
    C:\WINDOWS\pss
    2007-09-18 18:48 <DIR> d
    C:\Program Files\Windows Live Safety Center
    2007-09-18 13:42 <DIR> d---s---- C:\DOCUME~1\ADMINI~1.JUN\UserData
    2007-08-27 17:13 97,672 --a
    C:\WINDOWS\system32\drivers\symfw.sys
    2007-08-27 17:13 537,992 --a
    C:\WINDOWS\system32\SymNeti.dll
    2007-08-27 17:13 31,624 --a
    C:\WINDOWS\system32\drivers\symids.sys
    2007-08-27 17:13 28,040 --a
    C:\WINDOWS\system32\drivers\symndis.sys
    2007-08-27 17:13 23,944 --a
    C:\WINDOWS\system32\drivers\symredrv.sys
    2007-08-27 17:13 189,320 --a
    C:\WINDOWS\system32\drivers\symtdi.sys
    2007-08-27 17:13 161,160 --a
    C:\WINDOWS\system32\SymRedir.dll
    2007-08-27 17:13 12,680 --a
    C:\WINDOWS\system32\drivers\symdns.sys
    2007-08-26 00:50 <DIR> d
    C:\Program Files\Nero
    2007-08-26 00:50 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    2007-08-25 00:36 <DIR> d
    C:\DOCUME~1\DAD\APPLIC~1\AVS4YOU
    2007-08-25 00:35 <DIR> d
    C:\Program Files\Common Files\AVSMedia
    2007-08-25 00:35 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    2007-08-25 00:34 974,848 --a
    C:\WINDOWS\system32\mfc70.dll
    2007-08-25 00:34 487,424 --a
    C:\WINDOWS\system32\msvcp70.dll
    2007-08-25 00:34 261,632 --a
    C:\WINDOWS\system32\mcdvd_32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-19 23:41
    d
    C:\Program Files\FlashGet
    2007-09-19 13:32
    d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    2007-09-19 12:06
    d
    C:\Program Files\Common Files\Symantec Shared
    2007-09-18 10:36 805 --a
    C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-09-18 10:36 60800 --a
    C:\WINDOWS\system32\S32EVNT1.DLL
    2007-09-18 10:36 123952 --a
    C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-09-18 10:36 10676 --a
    C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-09-18 10:36
    d
    C:\Program Files\Symantec
    2007-08-28 20:17
    d
    C:\Program Files\Google
    2007-08-27 23:35
    d
    C:\Program Files\SEGA
    2007-08-26 20:43
    d
    C:\DOCUME~1\DAD\APPLIC~1\Ahead
    2007-08-26 00:54
    d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    2007-08-26 00:53
    d
    C:\Program Files\Common Files\Ahead
    2007-08-26 00:38
    d
    C:\Program Files\Ahead
    2007-08-14 21:29
    d
    C:\DOCUME~1\DAD\APPLIC~1\Atalasoft
    2007-08-12 01:05
    d
    C:\Program Files\Altdo MP4 to AVI WMV DVD Converter&Burner
    2007-08-12 00:53
    d
    C:\Program Files\Boilsoft MOV Converter
    2007-08-11 21:18
    d
    C:\Program Files\DivX
    2007-08-11 21:01
    d
    C:\DOCUME~1\DAD\APPLIC~1\Dr. DivX 2.0 OSS
    2007-08-09 22:17
    d
    C:\Program Files\FlashFXP
    2007-07-31 11:26
    d
    C:\Program Files\Common Files\Sony Shared
    2007-07-30 19:19 92504 --a
    C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a
    C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a
    C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a
    C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a
    C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 271224 --a
    C:\WINDOWS\system32\mucltui.dll
    2007-07-30 19:19 207736 --a
    C:\WINDOWS\system32\muweb.dll
    2007-07-30 19:19 203096 --a
    C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a
    C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a
    C:\WINDOWS\system32\wups.dll
    2007-07-27 00:06 524288 --a
    C:\WINDOWS\system32\DivXsm.exe
    2007-07-27 00:06 43528 --a
    C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-07-27 00:06 3596288 --a
    C:\WINDOWS\system32\qt-dx331.dll
    2007-07-27 00:06 200704 --a
    C:\WINDOWS\system32\ssldivx.dll
    2007-07-27 00:06 144704 --a
    C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-07-27 00:06 129784 --a
    C:\WINDOWS\system32\pxafs.dll
    2007-07-27 00:06 120056 --a
    C:\WINDOWS\system32\pxcpyi64.exe
    2007-07-27 00:06 118520 --a
    C:\WINDOWS\system32\pxinsi64.exe
    2007-07-27 00:06 1044480 --a
    C:\WINDOWS\system32\libdivx.dll
    2007-07-27 00:03 823296 --a
    C:\WINDOWS\system32\divx_xx0c.dll
    2007-07-27 00:03 823296 --a
    C:\WINDOWS\system32\divx_xx07.dll
    2007-07-27 00:03 81920 --a
    C:\WINDOWS\system32\dpl100.dll
    2007-07-27 00:03 802816 --a
    C:\WINDOWS\system32\divx_xx11.dll
    2007-07-27 00:03 740442 --a
    C:\WINDOWS\system32\DivX.dll
    2007-07-27 00:03 593920 --a
    C:\WINDOWS\system32\dpuGUI11.dll
    2007-07-27 00:03 57344 --a
    C:\WINDOWS\system32\dpv11.dll
    2007-07-27 00:03 53248 --a
    C:\WINDOWS\system32\dpuGUI10.dll
    2007-07-27 00:03 344064 --a
    C:\WINDOWS\system32\dpus11.dll
    2007-07-27 00:03 294912 --a
    C:\WINDOWS\system32\dpu11.dll
    2007-07-27 00:03 294912 --a
    C:\WINDOWS\system32\dpu10.dll
    2007-07-27 00:03 196608 --a
    C:\WINDOWS\system32\dtu100.dll
    2007-07-27 00:03 12288 --a
    C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-06-27 19:05 972072 --a
    C:\WINDOWS\UNNeroMediaHome.exe
    2007-06-26 14:12 972072 --a
    C:\WINDOWS\UNNeroVision.exe
    2007-06-26 07:08 1104896 --a
    C:\WINDOWS\system32\msxml3.dll
    2007-02-04 15:42 24192 --a
    C:\DOCUME~1\AL\usbsermptxp.sys
    2007-02-04 15:42 22768 --a
    C:\DOCUME~1\AL\usbsermpt.sys
    2005-12-03 14:58 2657302 --a
    C:\Program Files\FlashFXP.exe
    2006-01-20 14:36:26 56 --sh--r C:\WINDOWS\system32\18D5BC39EA.sys
    2005-10-19 10:21:58 8 --sh--r C:\WINDOWS\system32\C72AA29016.sys
    .

    ((((((((((((((((((((((((((((( snapshot_2007-09-19_130513.28 )))))))))))))))))))))))))))))))))))))))))
    .
    ----a-r 1,165,584 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    ----a-r 20,240 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    ----a-r 159,504 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    ----a-r 184,080 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    ----a-r 217,864 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    ----a-r 18,704 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    ----a-r 35,088 2007-09-19 12:32:47 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    ----a-r 845,584 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    ----a-r 922,384 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    ----a-r 272,648 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    ----a-r 888,080 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    ----a-r 1,172,240 2007-09-19 12:32:46 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    .
    ----a-r 1,165,584 2007-08-15 13:05:21 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    ----a-r 20,240 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    ----a-r 159,504 2007-08-15 13:05:21 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    ----a-r 184,080 2007-08-15 13:05:21 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    ----a-r 217,864 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    ----a-r 18,704 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    ----a-r 35,088 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    ----a-r 845,584 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    ----a-r 922,384 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    ----a-r 272,648 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    ----a-r 888,080 2007-08-15 13:05:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    ----a-r 1,172,240 2007-08-15 13:05:21 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 18:22]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-06 22:56]
    "NvMediaCenter"="NvMCTray.dll" [2006-06-01 18:22 C:\WINDOWS\system32\nvmctray.dll]
    "SSC Service Utility"="C:\Program Files\SSC Service Utility\ssc_serv.exe" [2006-10-16 18:32]
    "EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00]
    "MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe" [2005-10-27 05:43]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2006-01-27 00:16]
    "CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2006-06-22 19:17]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
    "MSConfig"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe" [2004-08-04 13:00]
    "TrojanScanner"="D:\Trojan Remover\Trjscan.exe" [2007-09-04 13:26]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 16:41]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
    "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-06-06 21:05]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Color Calibration.lnk - D:\SEC\MagicTune3.5_Client\GammaTray.exe [2006-06-22 18:40:26]
    MagicTune 3.5.lnk - D:\SEC\MagicTune3.5_Client\MagicTuneTray.exe [2006-06-22 18:40:34]
    NaturalColorLoad.lnk - D:\SEC\Natural Color\NaturalColorLoad.exe [2006-06-22 18:39:01]
    Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe [2005-10-19 18:40:13]

    C:\DOCUME~1\DAD\STARTM~1\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= D:\Qualcomm\Eudora\EuShlExt.dll [2005-11-14 16:15 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    R0 AEC671X;AEC671X;C:\WINDOWS\system32\DRIVERS\AEC671X.sys
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
    R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS
    R3 mf;mf;C:\WINDOWS\system32\DRIVERS\mf.sys
    R3 XUIF;X10 USB Wireless Transceiver;C:\WINDOWS\system32\Drivers\x10ufx2.sys
    S3 FlyPCI;FlyPCI;\??\C:\WINDOWS\system32\drivers\FlyPCI.sys
    S3 PAC207;Q-TEC WEBCAM 110 USB;C:\WINDOWS\system32\DRIVERS\pfc027.sys
    S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-20 08:59:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2007-08-15 13:25:35 C:\WINDOWS\Tasks\EyeBatch 2.1 Updates.job"
    - C:\WINDOWS\Installer\EyeBatch 2.1 Updates for All Users.lnk
    "2007-09-20 08:32:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2007-09-14 22:13:44 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - DAD.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-20 10:11:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-20 10:12:43
    C:\ComboFix-quarantined-files.txt ... 2007-09-20 10:12
    C:\ComboFix2.txt ... 2007-09-20 10:02
    C:\ComboFix3.txt ... 2007-09-20 09:23
    .
    --- E O F ---


  • Registered Users, Registered Users 2 Posts: 1,326 ✭✭✭lensman


    MAIN
    Deckard's System Scanner v20070905.67
    Run by DAD on 2007-09-20 10:18:58
    Computer is in Normal Mode.

    -- System Restore

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    11: 2007-09-20 09:19:05 UTC - RP11 - Deckard's System Scanner Restore Point
    10: 2007-09-20 09:10:08 UTC - RP10 - ComboFix created restore point
    9: 2007-09-20 08:26:46 UTC - RP9 - ComboFix created restore point
    8: 2007-09-19 12:32:22 UTC - RP8 - Software Distribution Service 3.0
    7: 2007-09-19 11:51:53 UTC - RP7 - ComboFix created restore point


    -- First Restore Point --
    1: 2007-09-18 20:35:52 UTC - RP1 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    System Drive C: has 15.45 GiB (less than 15%) free.


    -- HijackThis Clone

    Emulating logfile of HijackThis v1.99.1
    Scan saved at 2007-09-20 10:22:21
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
    C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAHE.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\CmUCREye.exe
    C:\Program Files\Common Files\X10\Common\X10nets.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    D:\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\DAD\Desktop\dss.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKEY_LOCAL_MACHINE\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
    O4 - HKEY_LOCAL_MACHINE\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
    O4 - HKEY_LOCAL_MACHINE\..\Run: [TrojanScanner] D:\Trojan Remover\Trjscan.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Color Calibration.lnk = D:\SEC\MagicTune3.5_Client\GammaTray.exe
    O4 - Global Startup: MagicTune 3.5.lnk = D:\SEC\MagicTune3.5_Client\MagicTuneTray.exe
    O4 - Global Startup: NaturalColorLoad.lnk = D:\SEC\Natural Color\NaturalColorLoad.exe
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - CmdMapping - (file missing)
    O9 - Extra 'Tools' menuitem: (no name) - CmdMapping - (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
    O9 - Extra 'Tools' menuitem: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
    O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/ePC/activex/EpsonSetup.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://home.ntl.com/motive/files/MotivePreQual.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - (no file)
    O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"
    O23 - Service: CyberLink Media Library Service - Cyberlink - "C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
    O23 - Service: MSCSPTISRV - Sony Corporation - "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe"
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe"
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe"
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\system32\PAStiSvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe


    -- File Associations

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R0 AEC671X - c:\windows\system32\drivers\aec671x.sys <Not Verified; ACARD Technology Corp.; Acard® AEC-671X PCI Ultra/W SCSC-3 Controller>
    R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R1 MagicTune - c:\windows\system32\drivers\mtictwl.sys
    R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
    R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.0.1>
    R3 catchme - c:\docume~1\dad\locals~1\temp\catchme.sys (file missing)

    S3 FlyPCI - c:\windows\system32\drivers\flypci.sys
    S3 giveio - c:\windows\system32\giveio.sys
    S3 MotoSwitchService (MotoSwitch Service) - c:\windows\system32\drivers\motswch.sys <Not Verified; Motorola INC.; Motorola Switching Filter Driver>
    S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
    S3 PAC207 (Q-TEC WEBCAM 110 USB) - c:\windows\system32\drivers\pfc027.sys
    S3 RT2500USB (RT2500 USB Wireless LAN Driver) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
    S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    S3 usbsermptxp (Motorola USB Modem Driver for MPT XP) - c:\windows\system32\drivers\usbsermptxp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\home cinema\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
    R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\home cinema\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
    R2 CyberLink Media Library Service - "c:\program files\home cinema\powercinema\kernel\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
    R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
    R2 ScsiAccess - c:\program files\photodex\proshowgold\scsiaccess.exe
    R2 STI Simulator - c:\windows\system32\pastisvc.exe
    R3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>

    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
    S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>


    -- Device Manager: Disabled

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: RT2500 USB Wireless LAN Card
    Device ID: USB\VID_148F&PID_2570\6&2B8D60B9&0&2
    Manufacturer: Ralink Technology Corp.
    Name: RT2500 USB Wireless LAN Card
    PNP Device ID: USB\VID_148F&PID_2570\6&2B8D60B9&0&2
    Service: RT2500USB

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\C7425E10DC00
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\C7425E10DC00
    Service: NIC1394

    Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
    Description: Communications Port
    Device ID: ACPI\PNP0501\1
    Manufacturer: (Standard port types)
    Name: Communications Port (COM3)
    PNP Device ID: ACPI\PNP0501\1
    Service: Serial

    Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
    Description: Communications Port
    Device ID: ACPI\PNP0501\2
    Manufacturer: (Standard port types)
    Name: Communications Port (COM2)
    PNP Device ID: ACPI\PNP0501\2
    Service: Serial


    -- Scheduled Tasks

    2007-09-20 09:59:01 250 --a
    C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    2007-09-20 09:32:05 330 --ah
    C:\WINDOWS\Tasks\MP Scheduled Scan.job
    2007-09-14 23:13:44 526 --a
    C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - DAD.job
    2007-08-15 14:25:35 270 --a
    C:\WINDOWS\Tasks\EyeBatch 2.1 Updates.job


    -- Files created between 2007-08-20 and 2007-09-20

    2007-09-19 12:44:12 0 d
    C:\VundoFix Backups
    2007-09-19 11:08:19 0 d
    C:\Program Files\Windows Defender
    2007-09-18 23:48:00 0 d
    C:\WINDOWS\Prefetch
    2007-09-18 23:33:39 0 d-a
    C:\Documents and Settings\All Users\Application Data\TEMP
    2007-09-18 23:33:04 162304 --a
    C:\WINDOWS\system32\ztvunrar36.dll
    2007-09-18 23:33:04 77312 --a
    C:\WINDOWS\system32\ztvunace26.dll
    2007-09-18 23:33:04 69632 --a
    C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    2007-09-18 23:33:04 153088 --a
    C:\WINDOWS\system32\UNRAR3.dll
    2007-09-18 23:33:04 75264 --a
    C:\WINDOWS\system32\unacev2.dll
    2007-09-18 23:33:02 0 d
    C:\Documents and Settings\DAD\Application Data\Simply Super Software
    2007-09-18 23:33:02 0 d
    C:\Documents and Settings\All Users\Application Data\Simply Super Software
    2007-09-18 23:25:49 0 d
    C:\WINDOWS\ServicePackFiles
    2007-09-18 23:21:35 0 d
    C:\WINDOWS\EHome
    2007-09-18 21:55:00 0 d
    C:\Documents and Settings\dad1\Application Data\Macromedia
    2007-09-18 21:55:00 0 d
    C:\Documents and Settings\dad1\Application Data\Identities
    2007-09-18 21:55:00 0 d
    C:\Documents and Settings\dad1\Application Data\CyberLink
    2007-09-18 21:55:00 0 d
    C:\Documents and Settings\dad1\Application Data\AOL
    2007-09-18 21:55:00 0 d
    C:\Documents and Settings\dad1\Application Data\Adobe
    2007-09-18 21:54:59 0 d---s---- C:\Documents and Settings\dad1\Application Data\Microsoft
    2007-09-18 21:54:58 0 d--h
    C:\Documents and Settings\dad1\NetHood
    2007-09-18 21:54:58 0 dr
    C:\Documents and Settings\dad1\My Documents
    2007-09-18 21:54:58 0 d--h
    C:\Documents and Settings\dad1\Local Settings
    2007-09-18 21:54:58 0 dr
    C:\Documents and Settings\dad1\Favorites
    2007-09-18 21:54:58 0 d
    C:\Documents and Settings\dad1\Desktop
    2007-09-18 21:54:58 0 d--hs---- C:\Documents and Settings\dad1\Cookies
    2007-09-18 21:54:58 0 dr-h
    C:\Documents and Settings\dad1\Application Data
    2007-09-18 21:54:58 0 d
    C:\Documents and Settings\dad1\Application Data\You've Got Pictures Screensaver
    2007-09-18 21:54:58 0 d
    C:\Documents and Settings\dad1\Application Data\Real
    2007-09-18 21:54:57 0 d---s---- C:\Documents and Settings\dad1\UserData
    2007-09-18 21:54:57 0 d--h
    C:\Documents and Settings\dad1\Templates
    2007-09-18 21:54:57 0 dr
    C:\Documents and Settings\dad1\Start Menu
    2007-09-18 21:54:57 0 dr-h
    C:\Documents and Settings\dad1\SendTo
    2007-09-18 21:54:57 0 dr-h
    C:\Documents and Settings\dad1\Recent
    2007-09-18 21:54:57 0 d--h
    C:\Documents and Settings\dad1\PrintHood
    2007-09-18 21:54:56 1572864 --ah
    C:\Documents and Settings\dad1\NTUSER.DAT
    2007-09-18 21:41:30 0 d
    C:\WINDOWS\pss
    2007-09-18 18:48:33 0 d
    C:\Program Files\Windows Live Safety Center
    2007-09-18 13:42:26 0 d
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\Macromedia
    2007-09-18 13:42:26 0 d
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\Identities
    2007-09-18 13:42:26 0 d
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\CyberLink
    2007-09-18 13:42:26 0 d
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\AOL
    2007-09-18 13:42:26 0 d
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\Adobe
    2007-09-18 13:42:25 0 d---s---- C:\Documents and Settings\Administrator.JUNK_BACKROOM\UserData
    2007-09-18 13:42:25 0 d--h
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Templates
    2007-09-18 13:42:25 0 dr
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Start Menu
    2007-09-18 13:42:25 0 dr-h
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\SendTo
    2007-09-18 13:42:25 0 dr-h
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Recent
    2007-09-18 13:42:25 0 d--h
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\PrintHood
    2007-09-18 13:42:25 0 d--h
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\NetHood
    2007-09-18 13:42:25 0 dr
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\My Documents
    2007-09-18 13:42:25 0 d--h
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Local Settings
    2007-09-18 13:42:25 0 dr
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Favorites
    2007-09-18 13:42:25 0 d
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Desktop
    2007-09-18 13:42:25 0 d--hs---- C:\Documents and Settings\Administrator.JUNK_BACKROOM\Cookies
    2007-09-18 13:42:25 0 dr-h
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data
    2007-09-18 13:42:25 0 d
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\You've Got Pictures Screensaver
    2007-09-18 13:42:25 0 d
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\Real
    2007-09-18 13:42:25 0 d---s---- C:\Documents and Settings\Administrator.JUNK_BACKROOM\Application Data\Microsoft
    2007-09-18 13:42:23 1572864 --ah
    C:\Documents and Settings\Administrator.JUNK_BACKROOM\NTUSER.DAT
    2007-08-26 00:50:31 0 d
    C:\Program Files\Nero
    2007-08-26 00:50:31 0 d
    C:\Documents and Settings\All Users\Application Data\Nero
    2007-08-25 00:36:06 0 d
    C:\Documents and Settings\DAD\Application Data\AVS4YOU
    2007-08-25 00:35:58 0 d
    C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2007-08-25 00:35:11 0 d
    C:\Program Files\Common Files\AVSMedia
    2007-08-25 00:34:39 261632 --a
    C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>


    -- Find3M Report

    2007-09-19 23:41:03 0 d
    C:\Program Files\FlashGet
    2007-09-19 12:06:55 0 d
    C:\Program Files\Common Files\Symantec Shared
    2007-09-18 10:36:15 0 d
    C:\Program Files\Symantec
    2007-09-17 21:43:28 34742 --a
    C:\Documents and Settings\DAD\Application Data\wklnhst.dat
    2007-08-28 20:17:53 0 d
    C:\Program Files\Google
    2007-08-27 23:35:43 0 d
    C:\Program Files\SEGA
    2007-08-26 20:43:11 0 d
    C:\Documents and Settings\DAD\Application Data\Ahead
    2007-08-26 00:53:06 0 d
    C:\Program Files\Common Files\Ahead
    2007-08-26 00:38:02 0 d
    C:\Program Files\Ahead
    2007-08-25 00:35:11 0 d
    C:\Program Files\Common Files
    2007-08-14 21:29:36 0 d
    C:\Documents and Settings\DAD\Application Data\Atalasoft
    2007-08-12 01:05:08 0 d
    C:\Program Files\Altdo MP4 to AVI WMV DVD Converter&Burner
    2007-08-12 00:54:36 34 --ah
    C:\WINDOWS\system32\MP4 to AVI WMV DVD Converter&Burner_sysquict.dat
    2007-08-12 00:53:36 0 d
    C:\Program Files\Boilsoft MOV Converter
    2007-08-11 21:18:53 0 d
    C:\Program Files\DivX
    2007-08-11 21:01:23 0 d
    C:\Documents and Settings\DAD\Application Data\Dr. DivX 2.0 OSS
    2007-08-09 22:17:45 0 d
    C:\Program Files\FlashFXP
    2007-07-31 11:26:06 0 d
    C:\Program Files\Common Files\Sony Shared
    2007-07-27 00:06:22 3596288 --a
    C:\WINDOWS\system32\qt-dx331.dll
    2007-07-27 00:03:48 196608 --a
    C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-07-27 00:03:48 81920 --a
    C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-07-27 00:03:38 802816 --a
    C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2007-07-27 00:03:38 823296 --a
    C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-27 00:03:38 823296 --a
    C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-27 00:03:38 740442 --a
    C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-27 00:03:02 12288 --a
    C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-07-10 17:09:59 192 --a
    C:\setuplog


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/01/2007 22:19]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/06/2006 18:22]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/05/2006 22:56]
    "NvMediaCenter"="NvMCTray.dll" [01/06/2006 18:22 C:\WINDOWS\system32\nvmctray.dll]
    "SSC Service Utility"="C:\Program Files\SSC Service Utility\ssc_serv.exe" [16/10/2006 18:32]
    "EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
    "MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe" [27/10/2005 05:43]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [27/01/2006 00:16]
    "CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [22/06/2006 19:17]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 18:30]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 15:57]
    "MSConfig"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe" [04/08/2004 13:00]
    "TrojanScanner"="D:\Trojan Remover\Trjscan.exe" [04/09/2007 13:26]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [20/07/2007 16:41]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]
    "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [06/06/2007 21:05]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27/06/2007 19:03]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 20:05]

    C:\Documents and Settings\DAD\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
    Color Calibration.lnk - D:\SEC\MagicTune3.5_Client\GammaTray.exe [22/06/2006 18:40:26]
    MagicTune 3.5.lnk - D:\SEC\MagicTune3.5_Client\MagicTuneTray.exe [22/06/2006 18:40:34]
    NaturalColorLoad.lnk - D:\SEC\Natural Color\NaturalColorLoad.exe [22/06/2006 18:39:01]
    Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe [19/10/2005 18:40:13]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= D:\Qualcomm\Eudora\EuShlExt.dll [14/11/2005 16:15 86016]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install




    -- End of Deckard's System Scanner: finished at 2007-09-20 10:25:01

    EXTRA
    Deckard's System Scanner v20070905.67
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
    CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
    Percentage of Memory in Use: 52%
    Physical Memory (total/avail): 1022.42 MiB / 486.16 MiB
    Pagefile Memory (total/avail): 2460.7 MiB / 2025.63 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1930.23 MiB

    C: is Fixed (NTFS) - 116.41 GiB total, 15.45 GiB free.
    D: is Fixed (NTFS) - 107.91 GiB total, 94.94 GiB free.
    E: is Fixed (FAT32) - 8.55 GiB total, 4.12 GiB free.
    F: is CDROM (No Media)
    G: is CDROM (No Media)
    H: is Removable (No Media)
    I: is Removable (No Media)
    J: is Removable (No Media)
    K: is Fixed (FAT32) - 232.83 GiB total, 210.69 GiB free.
    L: is Removable (No Media)

    \\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 3 partitions
    \PARTITION0 (bootable) - Installable File System - 116.41 GiB - C:
    \PARTITION1 - Extended w/Extended Int 13 - 116.47 GiB - D: - E:

    \\.\PHYSICALDRIVE1 -

    \\.\PHYSICALDRIVE4 -

    \\.\PHYSICALDRIVE5 -

    \\.\PHYSICALDRIVE3 - EPSON Stylus Storage USB Device

    \\.\PHYSICALDRIVE2 - WD 2500BB External USB Device - 232.89 GiB - 1 partition
    \PARTITION0 - Unknown - 232.88 GiB - K:



    -- Security Center

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.
    AntiVirusDisableNotify is set.

    FW: Norton Internet Worm Protection v2006 (Symantec)
    AV: Norton AntiVirus 2006 v2005 (Symantec Corporation)

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\DAD\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=JUNK_BACKROOM
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\DAD
    LOGONSERVER=\\JUNK_BACKROOM
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0404
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\DAD\LOCALS~1\Temp
    TMP=C:\DOCUME~1\DAD\LOCALS~1\Temp
    USERDOMAIN=JUNK_BACKROOM
    USERNAME=DAD
    USERPROFILE=C:\Documents and Settings\DAD
    windir=C:\WINDOWS
    __COMPAT_LAYER=EnableNXShowUI


    -- User Profiles

    DAD (admin)
    AL (admin)
    dad1 (new local, admin)
    Administrator.JUNK_BACKROOM (new local, admin)


    -- Add/Remove Programs

    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\WINDOWS\IsUninst.exe -f"D:\Medieval - Total War\Uninst.isu"
    --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNRecode.exe /UNINSTALL
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    4Musics Multiformat Converter v1.5 --> C:\PROGRA~1\4MUSIC~2\UNWISE.EXE C:\PROGRA~1\4MUSIC~2\INSTALL.LOG
    Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
    Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    Agere Systems PCI-SV92PP Soft Modem --> agrsmdel
    America's Army --> MsiExec.exe /I{6778954C-13C2-4333-AF77-F5C885EB280F}
    AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
    Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
    AVS Disc Creator version 2.1 --> "d:\AVSMedia\DiscCreator\unins000.exe"
    AVS Video Tools 5.1 --> "d:\AVSMedia\VideoTools\unins000.exe"
    BearShare --> C:\PROGRA~1\BEARSH~1\\UNWISE.EXE C:\PROGRA~1\BEARSH~1\\INSTALL.LOG
    BinToAscii --> MsiExec.exe /X{AC16C64C-BD9F-45BF-A4B2-057BAF4E5357}
    BookSmart 1.7.7 1.7.7 --> d:\BookSmart\uninstall.exe
    BreezeBrowser v2.9 --> C:\Program Files\BreezeSys\BreezeBrowser\UnGins.exe "C:\Program Files\BreezeSys\BreezeBrowser\install.log"
    C-Media Card Reader Driver USB2.0 --> C:\WINDOWS\system32\CmUCRRm.exe
    C-Media USB2.0 Card Reader --> C:\WINDOWS\CmiUCRUninstall.exe C:\Program Files\C-Media USB2.0 Card Reader
    Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
    Canon EOS 20D WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}
    Canon Utilities EOS Capture 1.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1DD47D49-F046-4919-831F-EE576A04D5B2}
    Canon Utilities EOS Viewer Utility 1.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D1CA45BE-431A-4FA7-8E98-AFE546F96D58}
    Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
    ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
    Creatix V.92 Data Fax Modem --> agrsmdel
    DBOX2 Image-Flashing-Assistent 2.3.1 Multilanguage --> "D:\dbox\DBOX_IFA\unins000.exe"
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Downloader Pro --> "C:\Program Files\BreezeSys\Downloader Pro\Uninstall.exe" "C:\Program Files\BreezeSys\Downloader Pro\install.log"
    Dr. DivX 2.0 OSS --> C:\DivX\Dr. DivX 2.0 OSS\Remove.exe
    DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
    EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
    EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    eTrust Registration --> MsiExec.exe /X{6BFF4534-7608-41F0-85F7-31A0569D8960}
    Eudora --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29F615BE-8963-4535-B8E7-C5E88FF37D98}\setup.exe" -l0x9
    exPressIT --> C:\Program Files\Rocky Mountain Traders\exPressIT\uninstall.exe exPressIT
    EyeBatch 2.1 --> "C:\Documents and Settings\All Users\Application Data\{DB82D04C-8FC1-489B-81AA-BE54061CEF97}\EBInstall.exe" REMOVE=TRUE MODIFY=FALSE
    FlashFXP v3 --> "C:\Program Files\FlashFXP\unins000.exe"
    FlashGet(JetCar) --> C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
    GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
    Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    Google Earth Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
    High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
    HijackThis 2.0.0 --> "C:\Documents and Settings\DAD\Desktop\HijackThis.exe" /uninstall
    HJ-Split 2.2 --> "C:\Program Files\FreeByte\HJ-Split\unins000.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP USB Disk Storage Format Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
    Informations about your PC --> MsiExec.exe /I{0AB149EB-2AE0-466C-9BA4-3A718CF06432}
    InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
    Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
    iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
    J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
    K-Lite Codec Pack 2.34 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
    LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    MagicTune3.5_Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C04D433-2EDF-4AFB-B31B-C0B13065092F}\setup.exe" -l0x9
    MediaFACE 5.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{70A3C0E1-1953-4A95-9C66-99FDCDD5E357}
    MediaShow 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
    Medion Info Display --> C:\WINDOWS\UnInst32.exe VFDUtil.uni
    Microsoft AutoRoute 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}
    Microsoft Color Control Panel Applet for Windows XP --> MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Digital Image 2006 Standard Edition --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
    Microsoft Encarta Standard 2006 --> MsiExec.exe /I{06680048-3E21-46D6-9A91-D927BA08F41D}
    Microsoft Money --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
    Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
    Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
    Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP G:\
    Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
    MiraFoto --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19ADA2D0-D577-11D2-A14E-08002BE4D8DC}\Setup.exe" -l0x9
    Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
    Mozilla Firefox (2.0.0.5) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
    Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (1.0.7) --> C:\WINDOWS\UninstallThunderbird.exe /ua "1.0.7 (en)"
    MP3 Player Utilities 3.68 --> MsiExec.exe /I{5DFDB75C-DA8C-45DB-987C-67000BB6C3B9}
    MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    Natural Color --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
    NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
    Nero 7 Premium --> MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
    neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    NetMos Multi-IO Controller --> NmUninst.exe
    Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
    Norton AntiVirus 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X
    Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
    Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
    Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
    Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
    Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
    NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
    OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
    OpenMG Secure Module 4.3.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA} UNINSTALL
    PDF Manual NW-A10003000 --> MsiExec.exe /X{BF2F7927-92AF-4F5D-8B93-658F63DF8727}
    Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
    PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
    PIF DESIGNER2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59B9F-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
    PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
    Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
    PowerCinema --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
    PowerCinema Linux 4.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
    PowerDirector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
    PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
    ProShow Gold --> C:\Program Files\Photodex\ProShowGold\proshow.exe . -u
    Q-TEC WEBCAM 110 USB --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{91D56FB8-789A-424E-9C0F-F399FCEE2E6E} /l1033
    Quake 4(TM) Demo --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BAB004F0-F04C-49DD-8118-AE4A7697C469} /l1033
    QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    RegistryFix v5.5 --> "C:\Program Files\RegistryFix\unins000.exe"
    RT2500 USB Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}\setup.exe" -l0x9 -removeonly
    ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
    Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
    Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
    Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
    Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
    Skype 1.4 --> "C:\Program Files\Skype\Phone\unins000.exe"
    Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
    SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
    SSC Service Utility v4.20 --> "C:\Program Files\SSC Service Utility\unins000.exe"
    Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
    Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
    Symantec Technical Support Web Controls --> MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E}
    TMPGEnc 4.0 XPress --> MsiExec.exe /I{AB212B59-FF45-4C18-B369-F630CB268DAF}
    Trojan Remover 6.6.2 --> "D:\Trojan Remover\unins000.exe"
    Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
    Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
    Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
    Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
    Update for Outlook 2007 Junk Email Filter (kb937833) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {ACB40B61-03E6-4F6F-AA5E-7B02A89E8AD3}
    Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
    USB Wireless Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B338EA45-9F18-4FE4-A079-89668D1F6519}\Setup.exe" -l0x9
    videon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{261D0486-9127-4071-BA1D-FE784310752E}\Setup.exe" -l0x9
    Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
    Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
    Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
    Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
    Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
    Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    X-Lite 2.0 release 1105x --> d:\X-Lite\unins000.exe
    X10 Hardware(TM) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
    Xfire (remove only) --> "D:\Xfire\uninst.exe"


    -- Application Event Log

    Event Record #/Type25697 / Error
    Event Submitted/Written: 09/20/2007 10:01:26 AM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application Trjscan.exe, version 6.6.2.1228, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type25674 / Warning
    Event Submitted/Written: 09/20/2007 09:27:49 AM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

    Event Record #/Type25644 / Warning
    Event Submitted/Written: 09/19/2007 11:41:21 PM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

    Event Record #/Type25632 / Success
    Event Submitted/Written: 09/19/2007 07:51:59 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type25600 / Warning
    Event Submitted/Written: 09/19/2007 01:00:33 PM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type14032 / Warning
    Event Submitted/Written: 09/20/2007 10:23:32 AM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %JUNK_BACKROOM27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JUNK_BACKROOM27 can't undo changes that you allow.

    For more information please see the following:
    %JUNK_BACKROOM275

    Scan ID: {1AC87B99-C799-4A9C-8B03-E8F048169E9F}

    User: JUNK_BACKROOM\DAD

    Name: %JUNK_BACKROOM271

    ID: %JUNK_BACKROOM272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %JUNK_BACKROOM276

    Alert Type: %JUNK_BACKROOM278

    Detection Type: 1.1.1593.02

    Event Record #/Type14031 / Warning
    Event Submitted/Written: 09/20/2007 10:23:32 AM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %JUNK_BACKROOM27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JUNK_BACKROOM27 can't undo changes that you allow.

    For more information please see the following:
    %JUNK_BACKROOM275

    Scan ID: {8EAE9582-B171-4B58-8A89-AD2989060C90}

    User: JUNK_BACKROOM\DAD

    Name: %JUNK_BACKROOM271

    ID: %JUNK_BACKROOM272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %JUNK_BACKROOM276

    Alert Type: %JUNK_BACKROOM278

    Detection Type: 1.1.1593.02

    Event Record #/Type14030 / Warning
    Event Submitted/Written: 09/20/2007 10:23:32 AM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %JUNK_BACKROOM27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JUNK_BACKROOM27 can't undo changes that you allow.

    For more information please see the following:
    %JUNK_BACKROOM275

    Scan ID: {E39BF684-5C94-4D07-B40F-BD661B6D931C}

    User: JUNK_BACKROOM\DAD

    Name: %JUNK_BACKROOM271

    ID: %JUNK_BACKROOM272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %JUNK_BACKROOM276

    Alert Type: %JUNK_BACKROOM278

    Detection Type: 1.1.1593.02

    Event Record #/Type14029 / Warning
    Event Submitted/Written: 09/20/2007 10:23:30 AM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %JUNK_BACKROOM27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JUNK_BACKROOM27 can't undo changes that you allow.

    For more information please see the following:
    %JUNK_BACKROOM275

    Scan ID: {ED2AFB73-CE0E-41CA-9FAF-52B4993C58AB}

    User: JUNK_BACKROOM\DAD

    Name: %JUNK_BACKROOM271

    ID: %JUNK_BACKROOM272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %JUNK_BACKROOM276

    Alert Type: %JUNK_BACKROOM278

    Detection Type: 1.1.1593.02

    Event Record #/Type14028 / Warning
    Event Submitted/Written: 09/20/2007 10:23:30 AM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %JUNK_BACKROOM27 Real-Time Protection agent has detected changes.


  • Registered Users, Registered Users 2 Posts: 1,326 ✭✭✭lensman


    here you go,.. both results from VirusTotal
    RESULT 1
    File 18D5BC39EA.sys received on 09.20.2007 11:35:06 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
    Result: 0/32 (0%)
    Loading server information...
    Your file is queued in position: 1.
    Estimated start time is between 39 and 56 seconds.
    Do not close the window until scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    Compact Compact
    Print results Print results
    Your file has expired or does not exists.
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
    Email:

    Antivirus Version Last Update Result
    AhnLab-V3 2007.9.20.0 2007.09.19 -
    AntiVir 7.6.0.15 2007.09.20 -
    Authentium 4.93.8 2007.09.19 -
    Avast 4.7.1043.0 2007.09.19 -
    AVG 7.5.0.485 2007.09.19 -
    BitDefender 7.2 2007.09.20 -
    CAT-QuickHeal 9.00 2007.09.19 -
    ClamAV 0.91.2 2007.09.20 -
    DrWeb 4.33 2007.09.20 -
    eSafe 7.0.15.0 2007.09.19 -
    eTrust-Vet 31.2.5150 2007.09.20 -
    Ewido 4.0 2007.09.19 -
    FileAdvisor 1 2007.09.20 -
    Fortinet 3.11.0.0 2007.09.20 -
    F-Prot 4.3.2.48 2007.09.19 -
    F-Secure 6.70.13030.0 2007.09.20 -
    Ikarus T3.1.1.12 2007.09.20 -
    Kaspersky 4.0.2.24 2007.09.20 -
    McAfee 5123 2007.09.19 -
    Microsoft 1.2803 2007.09.20 -
    NOD32v2 2541 2007.09.20 -
    Norman 5.80.02 2007.09.19 -
    Panda 9.0.0.4 2007.09.20 -
    Prevx1 V2 2007.09.20 -
    Rising 19.41.32.00 2007.09.20 -
    Sophos 4.21.0 2007.09.20 -
    Sunbelt 2.2.907.0 2007.09.19 -
    Symantec 10 2007.09.20 -
    TheHacker 6.2.5.063 2007.09.20 -
    VBA32 3.12.2.4 2007.09.20 -
    VirusBuster 4.3.26:9 2007.09.19 -
    Webwasher-Gateway 6.0.1 2007.09.20 -
    Additional information
    File size: 56 bytes
    MD5: a783d2217e112703aa5746998b73c6f2
    SHA1: 6843a94c739203de1224e4b9ea238cfb8c8b8d67
    RESULT 2
    File C72AA29016.sys received on 09.20.2007 11:48:34 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
    Result: 0/32 (0%)
    Loading server information...
    Your file is queued in position: 3.
    Estimated start time is between 48 and 68 seconds.
    Do not close the window until scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    Compact Compact
    Print results Print results
    Your file has expired or does not exists.
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
    Email:

    Antivirus Version Last Update Result
    AhnLab-V3 2007.9.20.0 2007.09.19 -
    AntiVir 7.6.0.15 2007.09.20 -
    Authentium 4.93.8 2007.09.19 -
    Avast 4.7.1043.0 2007.09.19 -
    AVG 7.5.0.485 2007.09.19 -
    BitDefender 7.2 2007.09.20 -
    CAT-QuickHeal 9.00 2007.09.19 -
    ClamAV 0.91.2 2007.09.20 -
    DrWeb 4.33 2007.09.20 -
    eSafe 7.0.15.0 2007.09.19 -
    eTrust-Vet 31.2.5150 2007.09.20 -
    Ewido 4.0 2007.09.19 -
    FileAdvisor 1 2007.09.20 -
    Fortinet 3.11.0.0 2007.09.20 -
    F-Prot 4.3.2.48 2007.09.19 -
    F-Secure 6.70.13030.0 2007.09.20 -
    Ikarus T3.1.1.12 2007.09.20 -
    Kaspersky 4.0.2.24 2007.09.20 -
    McAfee 5123 2007.09.19 -
    Microsoft 1.2803 2007.09.20 -
    NOD32v2 2541 2007.09.20 -
    Norman 5.80.02 2007.09.19 -
    Panda 9.0.0.4 2007.09.20 -
    Prevx1 V2 2007.09.20 -
    Rising 19.41.32.00 2007.09.20 -
    Sophos 4.21.0 2007.09.20 -
    Sunbelt 2.2.907.0 2007.09.19 -
    Symantec 10 2007.09.20 -
    TheHacker 6.2.5.063 2007.09.20 -
    VBA32 3.12.2.4 2007.09.20 -
    VirusBuster 4.3.26:9 2007.09.19 -
    Webwasher-Gateway 6.0.1 2007.09.20 -
    Additional information
    File size: 8 bytes
    MD5: ba898b29f0dbf9307f494475a8393f03
    SHA1: 697fd89eba4c1d12a53190666508b9aa503bf7e9


  • Registered Users, Registered Users 2 Posts: 1,326 ✭✭✭lensman


    Not done just yet

    Now we need to reconfigure Windows XP to show hidden files:
    Double-click the My Computer icon on the Windows desktop.
    Select the Tools menu and click Folder Options. Select the View Tab.

    Under the Hidden files and folders heading select "Show hidden files and folders".
    Uncheck the "Hide protected operating system files (recommended)" option.
    Uncheck the "Hide file extensions for known file types" option.
    Click Yes to confirm. Click OK.



    Open notepad (Start > Run and type notepad > click Ok) and copy/paste the text in the quote box below into it:




    Save this as CFScript

    CFScript.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    Run ComboFix again and post the resultant log file.



    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


    Go to this site:
    http://www.virustotal.com/
    On top you'll find 'Browse'
    Click the browse button and browse to the file:

    C:\WINDOWS\system32\18D5BC39EA.sys

    Click open.
    Then click the 'Send' button next to it.
    This will scan the file. Please be patient.
    Once scanned, copy and paste the results as well in your next reply.

    Repeat that for this file

    C:\WINDOWS\system32\C72AA29016.sys




    So post the ComboFix log and the two DSS texts in full, the results of the two files I asked you to scan, and tell me how your PC is running now.
    ok, did all of the above & posted all results as requested, ever since first run of COMBOFIX yesterday all my desktop icons came back & system seem to be running stable, on each boot/login since then a windows box pops up informing me that (I have requested to change the way windows starts up & gives me a number of startup choices) I have been clicking cancel as I am not sure what to do, maybe one of the programs I downloaded in an attempt to fix the problems I was having is generating this,..but as I said the system is running fine now.


  • Registered Users, Registered Users 2 Posts: 1,326 ✭✭✭lensman


    for all his help
    very many thanks for all you help,:D things are running better than ever,.I thought I was facing a full re-install:( but you did the trick.
    Rgds


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hey I meant to post this yesterday but the site was messing up for me and I had to dash. Just need to do a little cleanup

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - (no file)
    O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - (no file)


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


    So can you post back with a new HijackThis log and let me know if you are still having that start up problem(we can fix it I think)


  • Registered Users, Registered Users 2 Posts: 1,326 ✭✭✭lensman


    Hey I meant to post this yesterday but the site was messing up for me and I had to dash. Just need to do a little cleanup

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - (no file)
    O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - (no file)


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


    So can you post back with a new HijackThis log and let me know if you are still having that start up problem(we can fix it I think)

    All above done & here's the log file, things are running great now

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 14:58:47, on 21/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\CmUCReye.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    D:\SEC\MagicTune3.5_Client\GammaTray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    D:\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Documents and Settings\DAD\Desktop\Misc\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.252.219.76:80
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
    O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [TrojanScanner] D:\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: MagicTune 3.5.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\APConfig2500.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/ePC/activex/EpsonSetup.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://home.ntl.com/motive/files/MotivePreQual.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 15508 bytes


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Looks good

    Just delete ComboFix.exe and DSS.exe


Advertisement