popups

Dermot2468

I think i have a virus on my laptop, popups open in internet explorer, even if im not using the internet or using firefox. Im only after installing xp so i had no anti virus for a while. I now have avg professional, spy bot, and ad aware and none of them are getting rid of it. anyone got a better program to remove this?d

ActorSeeksJob

Do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Dermot2468

main.txt:
Deckard's System Scanner v20071014.68
Run by Dermot Sullivan on 2008-03-15 18:18:35
Computer is in Normal Mode.

---

-- System Restore

---

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
42: 2008-03-15 18:18:40 UTC - RP42 - Deckard's System Scanner Restore Point
41: 2008-03-15 16:43:18 UTC - RP41 - Avg8 Update
40: 2008-03-14 23:37:20 UTC - RP40 - Installed DirectX
39: 2008-03-14 21:34:52 UTC - RP39 - Installed Adobe Acrobat 7.0 Professional
38: 2008-03-14 20:05:07 UTC - RP38 - Installed Windows XP Wudf01005.


-- First Restore Point --
1: 2008-03-12 16:54:09 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone

---

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-15 18:21:02
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Dermot Sullivan\Desktop\dss.exe
C:\Program Files\AVG\AVG8\avgupd.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


--
End of file - 10423 bytes

-- File Associations

---

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R1 cbidf2kk - c:\windows\system32\drivers\cbidf2kk.sys

S3 kvpndev (Kerio VPN adapter) - c:\windows\system32\drivers\kvpndrv.sys <Not Verified; Kerio Technologies Inc.; Kerio VPN driver (x86)>
S3 kwflower (Kerio WinRoute Firewall Driver - Lower Layer) - c:\windows\system32\drivers\kwflower.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel Corporation; SSO Service>
R4 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled

---

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: BCM2045
Device ID: USB\VID_413C&PID_8126\6&200483FD&0&1
Manufacturer:
Name: BCM2045
PNP Device ID: USB\VID_413C&PID_8126\6&200483FD&0&1
Service:

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6300
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6300
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Files created between 2008-02-15 and 2008-03-15

---

2008-03-15 16:59:00 0 d

---

C:\WINDOWS\pss
2008-03-14 23:29:31 0 d--h

---

C:\WINDOWS\msdownld.tmp
2008-03-14 21:43:09 0 d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\AdobeUM
2008-03-14 21:37:07 0 d

---

C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-14 21:36:55 0 d

---

C:\Program Files\Common Files\Adobe Systems Shared
2008-03-14 20:05:15 0 d

---

C:\Documents and Settings\Dermot Sullivan\Phone Browser
2008-03-14 20:02:23 0 d

---

C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-14 20:01:29 0 d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Nokia
2008-03-14 20:01:00 0 d

---

C:\Program Files\Common Files\PCSuite
2008-03-14 20:00:59 0 d

---

C:\Program Files\Common Files\Nokia
2008-03-14 20:00:42 0 d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\PC Suite
2008-03-14 20:00:33 0 d

---

C:\Program Files\PC Connectivity Solution
2008-03-14 20:00:20 0 d

---

C:\Program Files\Nokia
2008-03-14 19:59:32 0 d

---

C:\Documents and Settings\All Users\Application Data\Installations
2008-03-14 18:34:39 0 d

---

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-14 18:12:26 0 d

---

C:\Program Files\Sunbelt Software
2008-03-14 16:34:58 0 d

---

C:\Program Files\Microsoft Silverlight
2008-03-13 21:56:49 0 d

---

C:\Program Files\Lavasoft
2008-03-13 21:54:22 0 d

---

C:\Program Files\MSECache
2008-03-13 20:48:59 0 d

---

C:\Program Files\Microsoft Expression
2008-03-13 20:39:23 0 d

---

C:\Program Files\Microsoft Works
2008-03-13 20:38:18 0 d

---

C:\Program Files\Microsoft.NET
2008-03-13 20:36:37 0 d

---

C:\Program Files\Microsoft Visual Studio 8
2008-03-13 20:35:44 0 d

---

C:\WINDOWS\SHELLNEW
2008-03-13 20:35:19 0 d

---

C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-13 20:34:59 0 dr-h

---

C:\MSOCache
2008-03-13 20:10:42 0 d

---

C:\temp
2008-03-13 20:00:12 0 d

---

C:\Program Files\MagicISO
2008-03-13 19:59:29 0 d--h

---

C:\$AVG8.VAULT$
2008-03-13 18:27:59 0 d

---

C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-13 18:22:09 0 d

---

C:\Program Files\Common Files\Adobe
2008-03-13 18:22:09 0 d

---

C:\Documents and Settings\All Users\Application Data\Adobe
2008-03-13 17:58:39 0 d

---

C:\WINDOWS\system32\drivers\Avg
2008-03-13 17:58:34 0 d

---

C:\Program Files\AVG
2008-03-13 17:58:33 0 d

---

C:\Documents and Settings\All Users\Application Data\avg8
2008-03-12 20:41:26 0 d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Kerio
2008-03-12 20:28:41 86144 --a

---

C:\WINDOWS\system32\drivers\cbidf2kk.sys
2008-03-12 20:25:25 0 d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\WinRAR
2008-03-12 20:11:39 0 d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Macromedia
2008-03-12 20:11:39 0 d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Adobe
2008-03-12 20:11:32 1167 --a

---

C:\WINDOWS\mozver.dat
2008-03-12 20:05:55 0 d

---

C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-12 20:05:54 0 d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Azureus
2008-03-12 20:00:34 0 d

---

C:\Program Files\PeerGuardian2
2008-03-12 19:49:40 0 d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Talkback
2008-03-12 19:41:57 0 d

---

C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-12 19:41:35 0 d

---

C:\Program Files\Dell Support Center
2008-03-12 19:41:34 0 d

---

C:\Program Files\Common Files\supportsoft
2008-03-12 19:33:17 0 d

---

C:\WINDOWS\network diagnostic
2008-03-12 19:27:45 0 d

---

C:\Program Files\MSBuild
2008-03-12 19:26:47 0 d

---

C:\Documents and Settings\All Users\Application Data\Dell
2008-03-12 19:23:37 0 d

---

C:\WINDOWS\system32\XPSViewer
2008-03-12 19:22:58 0 d

---

C:\Program Files\Reference Assemblies
2008-03-12 19:21:47 0 d

---

C:\1f34f76a31039391cc7955d4ba2bf44c
2008-03-12 19:21:28 0 d

---

C:\Program Files\MSXML 6.0
2008-03-12 19:19:18 0 d

---

C:\Program Files\Windows Media Connect 2
2008-03-12 19:18:13 0 d

---

C:\WINDOWS\system32\LogFiles
2008-03-12 19:18:13 0 d

---

C:\WINDOWS\system32\drivers\UMDF
2008-03-12 19:10:33 0 d

---

C:\WINDOWS\RegisteredPackages
2008-03-12 19:07:06 0 d

---

C:\WINDOWS\system32\URTTemp
2008-03-12 18:39:58 0 d

---

C:\Program Files\Google
2008-03-12 18:26:42 0 --a

---

C:\WINDOWS\nsreg.dat
2008-03-12 18:26:39 0 d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Mozilla
2008-03-12 18:20:06 0 d

---

C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-12 18:16:38 0 d

---

C:\WINDOWS\system32\PreInstall
2008-03-12 18:16:36 0 d--h

---

C:\WINDOWS\$hf_mig$
2008-03-12 18:14:32 0 d--hs---- C:\Documents and Settings\Dermot Sullivan\UserData
2008-03-12 18:07:14 0 d

---

C:\Program Files\Fingerprint Reader Suite
2008-03-12 18:07:01 0 d

---

C:\Documents and Settings\All Users\Application Data\UIB
2008-03-12 18:05:29 0 d

---

C:\Program Files\Broadcom
2008-03-12 18:04:35 0 d

---

C:\WINDOWS\system32\SoftwareDistribution
2008-03-12 18:02:15 0 d

---

C:\Documents and Settings\NetworkService\Application Data\Intel
2008-03-12 18:02:15 0 d

---

C:\Documents and Settings\LocalService\Application Data\Intel
2008-03-12 18:02:15 0 d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Intel
2008-03-12 18:02:15 0 d

---

C:\Documents and Settings\Default User\Application Data\Intel
2008-03-12 18:02:09 376832 --a

---

C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2008-03-12 18:01:46 0 d

---

C:\Documents and Settings\All Users\Application Data\Intel
2008-03-12 17:58:56 22729 --a

---

C:\newkey
2008-03-12 17:46:09 0 d

---

C:\WINDOWS\system32\appmgmt
2008-03-12 17:10:08 0 d

---

C:\Program Files\Synaptics
2008-03-12 17:09:05 0 d

---

C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-12 17:06:16 42782 --a

---

C:\WINDOWS\system32\nvModes.dat
2008-03-12 17:05:57 0 d

---

C:\WINDOWS\nview
2008-03-12 17:04:28 1626112 --a

---

C:\WINDOWS\system32\nwiz.exe
2008-03-12 17:04:26 1019904 --a

---

C:\WINDOWS\system32\nvwimg.dll
2008-03-12 17:04:26 1703936 --a

---

C:\WINDOWS\system32\nvwdmcpl.dll
2008-03-12 17:04:23 466944 --a

---

C:\WINDOWS\system32\nvshell.dll
2008-03-12 17:04:18 1474560 --a

---

C:\WINDOWS\system32\nview.dll
2008-03-12 17:04:17 1339392 --a

---

C:\WINDOWS\system32\nvdspsch.exe
2008-03-12 17:04:05 442368 --a

---

C:\WINDOWS\system32\nvappbar.exe
2008-03-12 17:04:01 425984 --a

---

C:\WINDOWS\system32\keystone.exe
2008-03-12 17:02:17 0 d

---

C:\Program Files\SigmaTel
2008-03-12 17:02:17 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-03-12 17:02:11 0 d

---

C:\Program Files\Common Files\InstallShield
2008-03-12 16:58:20 0 d

---

C:\WINDOWS\system32\ReinstallBackups
2008-03-12 16:58:17 0 d

---

C:\Program Files\Intel
2008-03-12 16:58:05 0 d

---

C:\Intel
2008-03-12 16:57:45 0 d

---

C:\Program Files\DIFX
2008-03-12 16:57:37 0 d

---

c- C:\WINDOWS\system32\DRVSTORE
2008-03-12 16:57:32 0 d

---

C:\dell
2008-03-12 16:53:55 0 d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Identities
2008-03-12 16:53:46 0 d--h

---

C:\Documents and Settings\Dermot Sullivan\Templates
2008-03-12 16:53:46 0 dr

---

C:\Documents and Settings\Dermot Sullivan\Start Menu
2008-03-12 16:53:46 0 dr-h

---

C:\Documents and Settings\Dermot Sullivan\SendTo
2008-03-12 16:53:46 0 dr-h

---

C:\Documents and Settings\Dermot Sullivan\Recent
2008-03-12 16:53:46 0 d--h

---

C:\Documents and Settings\Dermot Sullivan\PrintHood
2008-03-12 16:53:46 3145728 --ah

---

C:\Documents and Settings\Dermot Sullivan\NTUSER.DAT
2008-03-12 16:53:46 0 d--h

---

C:\Documents and Settings\Dermot Sullivan\NetHood
2008-03-12 16:53:46 0 dr

---

C:\Documents and Settings\Dermot Sullivan\My Documents
2008-03-12 16:53:46 0 d--h

---

C:\Documents and Settings\Dermot Sullivan\Local Settings
2008-03-12 16:53:46 0 dr

---

C:\Documents and Settings\Dermot Sullivan\Favorites
2008-03-12 16:53:46 0 d

---

C:\Documents and Settings\Dermot Sullivan\Desktop
2008-03-12 16:53:46 0 d--hs---- C:\Documents and Settings\Dermot Sullivan\Cookies
2008-03-12 16:53:46 0 dr-h

---

C:\Documents and Settings\Dermot Sullivan\Application Data
2008-03-12 16:52:56 0 d

---

C:\WINDOWS\SoftwareDistribution
2008-03-12 16:52:54 0 d

---

C:\WINDOWS\Prefetch
2008-03-12 16:52:53 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-03-12 16:52:52 229376 --ah

---

C:\Documents and Settings\LocalService\NTUSER.DAT
2008-03-12 16:52:52 0 d--h

---

C:\Documents and Settings\LocalService\Local Settings
2008-03-12 16:52:52 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-03-12 16:52:52 0 d

---

C:\Documents and Settings\LocalService\Application Data
2008-03-12 16:52:52 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-03-12 16:52:37 229376 --ah

---

C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-03-12 16:52:37 0 d--h

---

C:\Documents and Settings\NetworkService\Local Settings
2008-03-12 16:52:37 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-03-12 16:52:37 0 d

---

C:\Documents and Settings\NetworkService\Application Data
2008-03-12 16:52:37 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-03-12 16:49:30 0 d

---

C:\WINDOWS\system32\xircom
2008-03-12 16:49:30 0 d

---

C:\Program Files\microsoft frontpage
2008-03-12 16:49:19 229376 ---h

---

C:\Documents and Settings\Default User\NTUSER.DAT
2008-03-12 16:49:12 0 -rahs---- C:\MSDOS.SYS
2008-03-12 16:49:12 0 -rahs---- C:\IO.SYS
2008-03-12 16:49:12 0 --a

---

C:\CONFIG.SYS
2008-03-12 16:49:12 0 --a

---

C:\AUTOEXEC.BAT
2008-03-12 16:48:21 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-03-12 16:48:13 0 dr

---

C:\WINDOWS\Offline Web Pages
2008-03-12 16:48:13 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-03-12 16:48:04 0 d--h

---

C:\Program Files\WindowsUpdate
2008-03-12 16:47:42 0 d

---

C:\WINDOWS\system32\DirectX
2008-03-12 16:47:06 0 d---s---- C:\WINDOWS\Tasks
2008-03-12 16:47:06 0 d

---

C:\Program Files\Common Files\MSSoap
2008-03-12 16:47:02 0 d

---

C:\WINDOWS\srchasst
2008-03-12 16:47:01 0 d

---

C:\WINDOWS\system32\Macromed
2008-03-12 16:46:52 0 d

---

C:\Program Files\Movie Maker
2008-03-12 16:46:43 0 d

---

C:\WINDOWS\system32\Restore
2008-03-12 16:45:59 21640 --a

---

C:\WINDOWS\system32\emptyregdb.dat
2008-03-12 16:45:41 0 d

---

C:\WINDOWS\Registration
2008-03-12 16:45:34 0 d

---

C:\Program Files\Online Services
2008-03-12 16:45:26 0 d

---

C:\Program Files\Messenger
2008-03-12 16:45:23 0 d

---

C:\Program Files\MSN Gaming Zone
2008-03-12 16:44:40 0 d

---

C:\Program Files\Windows NT
2008-03-12 16:44:37 0 d

---

C:\WINDOWS\system32\MsDtc
2008-03-12 16:44:35 0 d

---

C:\WINDOWS\system32\Com
2008-03-12 16:28:28 0 d--hs---- C:\WINDOWS\Installer
2008-03-12 16:28:27 0 d

---

C:\Program Files\Common Files\ODBC
2008-03-12 16:28:24 0 d

---

C:\Program Files\Common Files\SpeechEngines
2008-03-12 16:28:23 0 dr

---

C:\Program Files
2008-03-12 16:28:23 0 d

---

C:\Program Files\Common Files
2008-03-12 16:27:43 0 d--h

---

C:\Documents and Settings\Default User\Templates
2008-03-12 16:27:43 0 dr

---

C:\Documents and Settings\Default User\Start Menu
2008-03-12 16:27:43 0 dr-h

---

C:\Documents and Settings\Default User\SendTo
2008-03-12 16:27:43 0 d--h

---

C:\Documents and Settings\Default User\Recent
2008-03-12 16:27:43 0 d--h

---

C:\Documents and Settings\Default User\PrintHood
2008-03-12 16:27:43 0 d--h

---

C:\Documents and Settings\Default User\NetHood
2008-03-12 16:27:43 0 d

---

C:\Documents and Settings\Default User\My Documents
2008-03-12 16:27:43 0 dr-h

---

C:\Documents and Settings\Default User\Local Settings
2008-03-12 16:27:43 0 d

---

C:\Documents and Settings\Default User\Favorites
2008-03-12 16:27:43 0 d

---

C:\Documents and Settings\Default User\Desktop
2008-03-12 16:27:43 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-03-12 16:27:43 0 d--h

---

C:\Documents and Settings\All Users\Templates
2008-03-12 16:27:43 0 dr

---

C:\Documents and Settings\All Users\Start Menu
2008-03-12 16:27:43 0 d

---

C:\Documents and Settings\All Users\Favorites
2008-03-12 16:27:43 0 dr

---

C:\Documents and Settings\All Users\Documents
2008-03-12 16:27:43 0 d

---

C:\Documents and Settings\All Users\Desktop
2008-03-12 16:27:31 0 d

---

C:\WINDOWS\system32\CatRoot2
2008-03-12 16:27:31 0 d

---

C:\WINDOWS\system32\CatRoot
2008-03-12 16:27:26 0 dr-h

---

C:\Documents and Settings\Default User\Application Data
2008-03-12 16:27:26 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-03-12 16:27:26 0 dr-h

---

C:\Documents and Settings\All Users\Application Data
2008-03-12 16:27:26 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-03-12 16:26:55 0 d--hs---- C:\System Volume Information
2008-03-12 16:26:55 0 d

---

C:\Documents and Settings
2008-03-12 16:19:22 0 d

---

C:\WINDOWS
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\WinSxS
2008-03-12 16:19:22 0 dr

---

C:\WINDOWS\Web
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\twain_32
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\wins
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\wbem
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\usmt
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\spool
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\ShellExt
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\Setup
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\ras
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\oobe
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\npp
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\mui
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\inetsrv
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\IME
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\icsxml
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\ias
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\export
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\drivers
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\drivers\etc
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\drivers\disdn
2008-03-12 16:19:22 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\dhcp
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\config
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\3com_dmi
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\3076
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\2052
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\1054
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\1042
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\1041
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\1037
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\1033
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\1031
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\1028
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system32\1025
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\system
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\security
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\Resources
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\repair
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\Provisioning
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\PeerNet
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\pchealth
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\NLDRV
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\mui
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\msapps
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\msagent
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\Media
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\java
2008-03-12 16:19:22 0 d--h

---

C:\WINDOWS\inf
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\ime
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\Help
2008-03-12 16:19:22 0 dr--s---- C:\WINDOWS\Fonts
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\ehome
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\Driver Cache
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\Debug
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\Cursors
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\Connection Wizard
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\Config
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\AppPatch
2008-03-12 16:19:22 0 d

---

C:\WINDOWS\addins
2008-03-12 13:56:48 1580544 --a

---

C:\WINDOWS\system32\sfcfiles.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Find3M Report

---

2008-03-12 16:27:43 62 --ahs---- C:\Documents and Settings\Dermot Sullivan\Application Data\desktop.ini


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [10/05/2007 10:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17/11/2007 03:03]
"nwiz"="nwiz.exe" [17/11/2007 03:03 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [17/11/2007 03:03 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17/11/2007 03:03]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [26/10/2007 14:14]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [08/10/2007 14:18]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [08/10/2007 14:13]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [16/04/2007 22:50]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [10/05/2007 01:01]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [13/02/2008 19:21]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [13/03/2008 21:04]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [03/08/2004 23:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 23:56]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [13/02/2008 19:21]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [14/03/2008 21:36:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 16/04/2007 23:04 86528 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
Debugger="C:\DOCUMENTS AND SETTINGS\DERMOT SULLIVAN\DESKTOP\PROCEXP.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dermot Sullivan^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Dermot Sullivan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"idsvc"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce3134cc-f125-11dc-bd54-0015c585e0c6}]
AutoRun\command- F:\wd_windows_tools\setup.exe




-- End of Deckard's System Scanner: finished at 2008-03-15 18:22:21

---

extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- System Information

---

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 2045.97 MiB / 1393.07 MiB
Pagefile Memory (total/avail): 3938.81 MiB / 3408.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.56 MiB

C: is Fixed (NTFS) - 136.43 GiB total, 111.66 GiB free.
is Fixed (NTFS) - 10 GiB total, 6.16 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1646GSX - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 117.63 MiB
\PARTITION1 - Installable File System - 10 GiB -
\PARTITION2 (bootable) - Installable File System - 136.43 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center

---

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Sunbelt Personal Firewall v4.5.916 T (Sunbelt)
AV: AVG Anti-Virus Professional Edition v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"


-- Environment Variables

---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dermot Sullivan\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DERMOT-XPS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dermot Sullivan
LOGONSERVER=\\DERMOT-XPS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DERMOT~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DERMOT~1\LOCALS~1\Temp
USERDOMAIN=DERMOT-XPS
USERNAME=Dermot Sullivan
USERPROFILE=C:\Documents and Settings\Dermot Sullivan
windir=C:\WINDOWS


-- User Profiles

---

Dermot Sullivan (admin)


-- Add/Remove Programs

---

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Broadcom Management Programs --> MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Fingerprint Reader Suite 5.6 --> MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Laptop Integrated Webcam Driver (1.04.01.1011) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Magic ISO Maker v5.3 (build 0221) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Web --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web --> MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Expression Web MUI (English) --> MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Expression Web Service Pack 1 (SP1) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {9037FDA8-8383-4B6F-859D-D49C3C625225}
Microsoft Expression Web Service Pack 1 (SP1) --> msiexec /package {90120000-0026-0409-0000-0000000FF1CE} /uninstall {DA3B8FC6-8B1D-447A-A5EE-B226DCC10662}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {C1877F6E-C1C8-486D-A697-86431029690C}
Microsoft Office Project 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-00B4-0409-0000-0000000FF1CE} /uninstall {75EC8FFC-B913-4991-B3A1-22576D2FC45D}
Microsoft Office Project MUI (English) 2007 --> MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007 --> MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}
Microsoft Office Visio 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {EA35370F-586C-45E1-AC6C-A4E275C6B762}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_EA.exe /LANG="2057"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sunbelt Personal Firewall --> MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log

---

Event Record #/Type612 / Error
Event Submitted/Written: 03/14/2008 06:26:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iFrmewrk.exe, version 11.5.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type568 / Warning
Event Submitted/Written: 03/14/2008 00:28:46 AM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_2050727_ASPNETAppsv2050727 for Performance Library ASP.NET_2.0.50727 because error 0x80041001 was returned

Event Record #/Type567 / Warning
Event Submitted/Written: 03/14/2008 00:28:46 AM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library because it returned invalid data: 0x0

Event Record #/Type566 / Warning
Event Submitted/Written: 03/14/2008 00:28:42 AM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_ASPNETApplications for Performance Library ASP.NET because error 0x80041001 was returned

Event Record #/Type565 / Warning
Event Submitted/Written: 03/14/2008 00:28:42 AM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET performance library because it returned invalid data: 0x0



-- Security Event Log

---

No Errors/Warnings found.


-- System Event Log

---

Event Record #/Type1234 / Error
Event Submitted/Written: 03/15/2008 05:38:09 PM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type1233 / Error
Event Submitted/Written: 03/15/2008 05:32:40 PM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type1232 / Error
Event Submitted/Written: 03/15/2008 05:32:17 PM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type1223 / Warning
Event Submitted/Written: 03/15/2008 04:42:55 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type1221 / Error
Event Submitted/Written: 03/15/2008 04:42:12 PM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.



-- End of Deckard's System Scanner: finished at 2008-03-15 18:22:21

---

ActorSeeksJob

Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

   ---

   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

     ---

   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

   ---

4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Dermot2468

Thanks for your help, here is the combofix.txt file


ComboFix 08-03-14.4 - Dermot Sullivan 2008-03-17 15:16:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1536 [GMT 0:00]
Running from: C:\Documents and Settings\Dermot Sullivan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\system32\drivers\cbidf2kk.sys
C:\WINDOWS\system32\drivers\core.cache.dsk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

\LEGACY_CBIDF2KK

---

\cbidf2kk


((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-15 18:18 . 2008-03-15 18:18 <DIR> d

---

C:\Deckard
2008-03-14 23:29 . 2008-03-14 23:37 <DIR> d--h

---

C:\WINDOWS\msdownld.tmp
2008-03-14 21:43 . 2008-03-14 21:43 <DIR> d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\AdobeUM
2008-03-14 21:37 . 2008-03-14 21:37 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-14 21:36 . 2008-03-14 21:36 <DIR> d

---

C:\Program Files\Common Files\Adobe Systems Shared
2008-03-14 20:05 . 2008-03-14 20:05 <DIR> d

---

C:\Documents and Settings\Dermot Sullivan\Phone Browser
2008-03-14 20:02 . 2008-03-14 20:04 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-14 20:01 . 2008-03-14 20:01 <DIR> d

---

C:\Program Files\Common Files\PCSuite
2008-03-14 20:01 . 2008-03-14 20:32 <DIR> d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Nokia
2008-03-14 20:00 . 2008-03-14 20:00 <DIR> d

---

C:\Program Files\PC Connectivity Solution
2008-03-14 20:00 . 2008-03-14 20:00 <DIR> d

---

C:\Program Files\Nokia
2008-03-14 20:00 . 2008-03-14 20:01 <DIR> d

---

C:\Program Files\Common Files\Nokia
2008-03-14 20:00 . 2008-03-14 20:05 <DIR> d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\PC Suite
2008-03-14 20:00 . 2007-02-22 10:15 137,216 --a

---

C:\WINDOWS\system32\drivers\nmwcd.sys
2008-03-14 20:00 . 2007-02-22 10:15 90,624 --a

---

C:\WINDOWS\system32\nmwcdcls.dll
2008-03-14 20:00 . 2007-02-22 10:15 65,536 --a

---

C:\WINDOWS\system32\nmwcdcocls.dll
2008-03-14 20:00 . 2007-02-22 10:15 12,288 --a

---

C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-03-14 20:00 . 2007-02-22 10:15 12,288 --a

---

C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-03-14 20:00 . 2007-02-22 10:15 8,320 --a

---

C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-03-14 19:59 . 2008-03-14 19:59 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Installations
2008-03-14 19:00 . 2008-03-14 19:00 101 --a

---

C:\WINDOWS\wininit.ini
2008-03-14 18:34 . 2008-03-14 18:34 <DIR> d

---

C:\Program Files\Spybot - Search & Destroy
2008-03-14 18:34 . 2008-03-14 19:00 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-14 18:25 . 2008-03-17 15:08 1,187 --a

---

C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-14 18:12 . 2008-03-14 18:12 <DIR> d

---

C:\Program Files\Sunbelt Software
2008-03-14 16:34 . 2008-03-14 16:35 <DIR> d

---

C:\Program Files\Microsoft Silverlight
2008-03-13 21:56 . 2008-03-13 21:56 <DIR> d

---

C:\Program Files\Lavasoft
2008-03-13 21:54 . 2008-03-13 21:54 <DIR> d

---

C:\Program Files\MSECache
2008-03-13 20:55 . 2007-07-30 19:19 271,224 --a

---

C:\WINDOWS\system32\mucltui.dll
2008-03-13 20:55 . 2007-07-30 19:19 207,736 --a

---

C:\WINDOWS\system32\muweb.dll
2008-03-13 20:55 . 2007-07-30 19:19 30,072 --a

---

C:\WINDOWS\system32\mucltui.dll.mui
2008-03-13 20:48 . 2008-03-13 20:49 <DIR> d

---

C:\Program Files\Microsoft Expression
2008-03-13 20:43 . 2008-03-13 21:16 162 --a

---

C:\WINDOWS\ODBC.INI
2008-03-13 20:40 . 2006-10-26 19:56 32,592 --a

---

C:\WINDOWS\system32\msonpmon.dll
2008-03-13 20:39 . 2008-03-13 20:39 <DIR> d

---

C:\Program Files\Microsoft Works
2008-03-13 20:38 . 2008-03-13 20:38 <DIR> d

---

C:\Program Files\Microsoft.NET
2008-03-13 20:36 . 2008-03-13 20:36 <DIR> d

---

C:\Program Files\Microsoft Visual Studio 8
2008-03-13 20:35 . 2008-03-13 20:46 <DIR> d

---

C:\WINDOWS\SHELLNEW
2008-03-13 20:35 . 2008-03-14 17:23 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-13 20:34 . 2008-03-13 20:34 <DIR> dr-h

---

C:\MSOCache
2008-03-13 20:10 . 2008-03-17 15:16 <DIR> d

---

C:\temp
2008-03-13 20:00 . 2008-03-13 20:21 <DIR> d

---

C:\Program Files\MagicISO
2008-03-13 18:27 . 2008-03-13 18:27 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-13 18:22 . 2008-03-14 21:35 <DIR> d

---

C:\Program Files\Common Files\Adobe
2008-03-13 17:58 . 2008-03-17 14:34 <DIR> d

---

C:\WINDOWS\system32\drivers\Avg
2008-03-13 17:58 . 2008-03-13 17:58 <DIR> d

---

C:\Program Files\AVG
2008-03-13 17:58 . 2008-03-13 21:24 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\avg8
2008-03-13 17:58 . 2008-03-13 17:58 96,520 --a

---

C:\WINDOWS\system32\drivers\avgldx86.sys
2008-03-13 17:58 . 2008-03-13 21:04 74,760 --a

---

C:\WINDOWS\system32\drivers\avgtdix.sys
2008-03-13 17:58 . 2008-03-13 22:43 12,424 --a

---

C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-03-13 17:58 . 2008-03-13 22:43 10,520 --a

---

C:\WINDOWS\system32\avgrsstx.dll
2008-03-13 17:49 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-12 20:41 . 2008-03-12 20:41 <DIR> d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Kerio
2008-03-12 20:27 . 2008-03-12 20:27 499,712 --a

---

C:\WINDOWS\system32\msvcp71.dll
2008-03-12 20:27 . 2008-03-12 20:27 348,160 --a

---

C:\WINDOWS\system32\msvcr71.dll
2008-03-12 20:11 . 2008-03-12 20:11 1,167 --a

---

C:\WINDOWS\mozver.dat
2008-03-12 20:05 . 2008-03-12 21:49 <DIR> d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Azureus
2008-03-12 20:05 . 2008-03-12 20:05 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-12 20:00 . 2008-03-13 17:34 <DIR> d

---

C:\Program Files\PeerGuardian2
2008-03-12 19:49 . 2008-03-12 19:49 <DIR> d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Talkback
2008-03-12 19:41 . 2008-03-12 19:41 <DIR> d

---

C:\Program Files\Dell Support Center
2008-03-12 19:41 . 2008-03-12 19:41 <DIR> d

---

C:\Program Files\Common Files\supportsoft
2008-03-12 19:41 . 2008-03-12 19:41 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-12 19:27 . 2008-03-13 20:39 <DIR> d

---

C:\Program Files\MSBuild
2008-03-12 19:26 . 2008-03-12 19:46 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Dell
2008-03-12 19:23 . 2008-03-14 00:27 <DIR> d

---

C:\WINDOWS\system32\XPSViewer
2008-03-12 19:22 . 2008-03-12 19:22 <DIR> d

---

C:\Program Files\Reference Assemblies
2008-03-12 19:21 . 2008-03-12 19:21 <DIR> d

---

C:\Program Files\MSXML 6.0
2008-03-12 19:21 . 2006-06-29 13:07 14,048

---

C:\WINDOWS\system32\spmsg2.dll
2008-03-12 19:19 . 2008-03-12 19:19 <DIR> d

---

C:\Program Files\Windows Media Connect 2
2008-03-12 19:18 . 2008-03-14 18:54 <DIR> d

---

C:\WINDOWS\system32\LogFiles
2008-03-12 19:18 . 2008-03-14 20:05 <DIR> d

---

C:\WINDOWS\system32\drivers\UMDF
2008-03-12 19:07 . 2008-03-12 19:07 <DIR> d

---

C:\WINDOWS\system32\URTTemp
2008-03-12 18:43 . 2006-11-13 06:02 288,768

---

C:\WINDOWS\system32\rhttpaa.dll
2008-03-12 18:43 . 2006-11-13 06:02 116,736

---

C:\WINDOWS\system32\aaclient.dll
2008-03-12 18:43 . 2006-11-13 06:02 36,352

---

C:\WINDOWS\system32\tsgqec.dll
2008-03-12 18:39 . 2008-03-13 17:39 <DIR> d

---

C:\Program Files\Google
2008-03-12 18:26 . 2008-03-12 18:26 0 --a

---

C:\WINDOWS\nsreg.dat
2008-03-12 18:16 . 2008-03-14 16:32 <DIR> d--h

---

C:\WINDOWS\$hf_mig$
2008-03-12 18:16 . 2006-10-16 16:10 23,856 --a

---

C:\WINDOWS\system32\spupdsvc.exe
2008-03-12 18:14 . 2008-03-12 18:14 <DIR> d--hs---- C:\Documents and Settings\Dermot Sullivan\UserData
2008-03-12 18:07 . 2008-03-12 18:07 <DIR> d

---

C:\Program Files\Fingerprint Reader Suite
2008-03-12 18:07 . 2008-03-12 18:07 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\UIB
2008-03-12 18:06 . 2007-02-27 10:21 160,256 --a

---

C:\WINDOWS\system32\drivers\b57xp32.sys
2008-03-12 18:06 . 2007-02-27 10:21 160,256 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys
2008-03-12 18:05 . 2008-03-12 18:05 <DIR> d

---

C:\Program Files\Broadcom
2008-03-12 18:02 . 2008-03-12 18:02 <DIR> d

---

C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-03-12 18:02 . 2008-03-12 18:02 <DIR> d

---

C:\Documents and Settings\NetworkService\Application Data\Intel
2008-03-12 18:02 . 2008-03-12 18:02 <DIR> d

---

C:\Documents and Settings\LocalService\Application Data\Intel
2008-03-12 18:02 . 2008-03-12 18:02 <DIR> d

---

C:\Documents and Settings\Dermot Sullivan\Application Data\Intel
2008-03-12 18:02 . 2008-03-12 18:02 376,832 --a

---

C:\WINDOWS\system32\AegisI5Installer.exe
2008-03-12 18:02 . 2008-03-12 18:02 21,361 --a

---

C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-12 18:02 . 2008-03-12 18:02 21,361 --a

---

C:\WINDOWS\AegisP.sys
2008-03-12 18:02 . 2008-03-12 18:02 13,984 --a

---

C:\WINDOWS\AegisP.inf
2008-03-12 18:02 . 2008-03-12 18:02 10,640 --a

---

C:\WINDOWS\AegisP.cat
2008-03-12 18:01 . 2008-03-12 18:01 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Intel
2008-03-12 18:01 . 2007-08-27 11:12 2,777,088 --a

---

C:\WINDOWS\system32\NETw4r32.dll
2008-03-12 18:01 . 2007-09-26 06:01 2,236,032 --a

---

C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-03-12 18:01 . 2007-08-27 11:12 745,472 --a

---

C:\WINDOWS\system32\NETw4c32.dll
2008-03-12 17:58 . 2008-03-12 17:58 22,729 --a

---

C:\newkey

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 17:34 11,960 ----a-w C:\WINDOWS\system32\drivers\kwflower.log
2008-03-13 17:33 5,730 ----a-w C:\WINDOWS\system32\drivers\kwfupper.log
2008-03-12 18:01

---

d

---

w C:\Program Files\Intel
2008-03-12 16:57

---

d

---

w C:\Program Files\DIFX
2008-03-12 16:49

---

d

---

w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 23:13 721408 --a

---

C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 23:13 721408 --a

---

C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 19:21 202544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 10:22 405504]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 03:03 8495104]
"nwiz"="nwiz.exe" [2007-11-17 03:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-11-17 03:03 86016 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 03:03 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 14:14 1024000]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 14:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 14:13 1101824]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 22:50 49168]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-05-10 01:01 36864]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 19:21 16384]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-03-13 21:04 1172760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-04-16 23:04 86528 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Dermot Sullivan^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Dermot Sullivan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a

---

2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a

---

2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a

---

2007-03-23 13:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-03-13 22:43]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-03-13 17:58]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-03-13 21:04]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-03-13 21:04]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-03-13 21:04]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-02-13 19:21]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-08 01:00]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-10-11 01:03]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 18:45]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-04-16 22:44]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2008-01-16 09:58]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce3134cc-f125-11dc-bd54-0015c585e0c6}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 15:22:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

---

Other Running Processes

---

.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
.
**************************************************************************
.
Completion time: 2008-03-17 15:25:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-17 15:25:05
.
2008-03-13 22:39:20 --- E O F ---

ActorSeeksJob

Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)

• Scan Options:

Scan Archives
Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

Select

My Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.

• Now click on the Save as Text button:

[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.



Also post a new HijackThis log and tell me how your PC is running

Dermot2468

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:34, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Dermot Sullivan\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9049 bytes



Kaspersky log:

KASPERSKY ONLINE SCANNER REPORT
Monday, March 17, 2008 6:28:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/03/2008
Kaspersky Anti-Virus database records: 635906
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
\
E:\
Scan Statistics
Total number of scanned objects 59567
Number of viruses found 2
Number of infected objects 7
Number of suspicious objects 0
Duration of the scan process 01:24:11

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg8\AvgAm\avgam.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgam.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Application Data\Adobe\Acrobat\7.0\dermot-xps.err Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Application Data\Mozilla\Firefox\Profiles\h3da5vt3.default\cert8.db Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Application Data\Mozilla\Firefox\Profiles\h3da5vt3.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Application Data\Mozilla\Firefox\Profiles\h3da5vt3.default\history.dat Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Application Data\Mozilla\Firefox\Profiles\h3da5vt3.default\key3.db Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Application Data\Mozilla\Firefox\Profiles\h3da5vt3.default\parent.lock Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Application Data\Mozilla\Firefox\Profiles\h3da5vt3.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Application Data\Mozilla\Firefox\Profiles\h3da5vt3.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Application Data\Mozilla\Firefox\Profiles\h3da5vt3.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\Application Data\Mozilla\Firefox\Profiles\h3da5vt3.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\Application Data\Mozilla\Firefox\Profiles\h3da5vt3.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\Application Data\Mozilla\Firefox\Profiles\h3da5vt3.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\Application Data\Mozilla\Firefox\Profiles\h3da5vt3.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\Application Data\SupportSoft\DellSupportCenter\Dermot Sullivan\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\History\History.IE5\MSHist012008031720080318\index.dat Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\Temp\Acr74.tmp Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0000\~efe2.tmp Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0001\~efe2.tmp Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dermot Sullivan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\QooBox\Quarantine\catchme2008-03-17_152213.48.zip/cbidf2kk.sys Infected: Rootkit.Win32.Agent.zl skipped
C:\QooBox\Quarantine\catchme2008-03-17_152213.48.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{65D5AD46-C261-4A3B-9FA3-17038E8D285E}\RP13\A0002389.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped
C:\System Volume Information\_restore{65D5AD46-C261-4A3B-9FA3-17038E8D285E}\RP13\A0002389.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped
C:\System Volume Information\_restore{65D5AD46-C261-4A3B-9FA3-17038E8D285E}\RP13\A0002389.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{65D5AD46-C261-4A3B-9FA3-17038E8D285E}\RP13\A0002389.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{65D5AD46-C261-4A3B-9FA3-17038E8D285E}\RP13\A0002389.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{65D5AD46-C261-4A3B-9FA3-17038E8D285E}\RP45\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
\System Volume Information\_restore{65D5AD46-C261-4A3B-9FA3-17038E8D285E}\RP45\change.log Object is locked skipped
Scan process completed.





Thanks, the popups seem to have gone now althought that scan still detected a virus

ActorSeeksJob

Your logs are clean ! We need to do a few things

Now lets uninstall Combofix:

• Click START then RUN
• Now type Combofix /u in the runbox and click OK

The above procedure will do the following:

1. Delete ComboFix and its associated files and folders.
2. Delete VundoFix backups, if present
3. Delete the C:\Deckard folder, if present
4. Delete the C:_OtMoveIt folder, if present
5. Reset the clock settings.
6. Hide file extensions, if required.
7. Hide System/Hidden files, if required.
8. Reset System Restore.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.