Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Redirected to Ask.co.uk/ask.com

Comments

  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Do this

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    Main.txt


    Deckard's System Scanner v20071014.68
    Run by Gavin on 2008-04-06 16:04:39
    Computer is in Normal Mode.

    -- System Restore

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    76: 2008-04-06 15:04:44 UTC - RP650 - Deckard's System Scanner Restore Point
    75: 2008-04-06 13:06:31 UTC - RP649 - System Checkpoint
    74: 2008-04-05 06:13:06 UTC - RP648 - System Checkpoint
    73: 2008-04-03 17:33:14 UTC - RP647 - AntiVir PersonalEdition Classic - 03/04/2008 18:33
    72: 2008-04-02 18:31:20 UTC - RP646 - System Checkpoint


    -- First Restore Point --
    1: 2008-01-08 17:49:58 UTC - RP575 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-04-06 16:09:16
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    C:\Program Files\McAfee\VirusScan\mcods.exe
    C:\Program Files\McAfee\MSC\mcpromgr.exe
    C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
    C:\Program Files\McAfee\VirusScan\Mcshield.exe
    C:\Program Files\McAfee\VirusScan\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MpfSrv.exe
    C:\Program Files\McAfee\MSK\msksrver.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dlcdcoms.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
    C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\McAfee\MSK\mskagent.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\VeohClient.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Gavin\Local Settings\Temporary Internet Files\Content.IE5\H7BTOYZ7\dss[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R3 - URLSearchHook: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: (no name) - >¨8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
    O2 - BHO: (no name) - p>¨68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
    O2 - BHO: (no name) - rsion - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O2 - BHO: (no name) - ¨¨¨¨4-4C02-4ABF-8ECC-5164760863C6} - (no file)
    O2 - BHO: (no name) - ð=¨B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
    O3 - Toolbar: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
    O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\nvchost
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [Longacid] C:\DOCUME~1\Gavin\APPLIC~1\OPENAC~1\Surf poke wait.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [AnyDVD] "C:\Documents and Settings\Gavin\My Documents\AnyDVDHD\AnyDVD\AnyDVD.exe"
    O4 - HKCU\..\Run: [Veoh] "C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.118
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.118
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
    O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    --
    End of file - 17243 bytes

    -- File Associations

    .js - jsfile - DefaultIcon - unable to read value


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
    R2 STEC3 - c:\windows\system32\stec3.sys <Not Verified; AntiCracking; SVKP driver for NT>

    S0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys (file missing)
    S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
    S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys (file missing)
    S3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys (file missing)
    S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys (file missing)
    S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys (file missing)
    S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys (file missing)
    S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
    S3 NTPASp50 (NTPASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\ntpasp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
    S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys (file missing)
    S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
    S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys (file missing)
    S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
    R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

    S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


    -- Device Manager: Disabled

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia Windows Portable Device Driver
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia 5500 Sport
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia N70
    Device ID: ROOT\WPD\0001
    Manufacturer: Nokia
    Name: Nokia N70
    PNP Device ID: ROOT\WPD\0001
    Service: WUDFRd


    -- Scheduled Tasks

    2008-04-06 16:00:01 262 --ah
    C:\WINDOWS\Tasks\ABEBA74891E459D4.job
    2008-04-02 15:20:03 284 --a
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2008-03-15 02:00:02 350 --a
    C:\WINDOWS\Tasks\McDefragTask.job
    2008-03-14 19:30:01 346 --a
    C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FRONTROOM-Jim).job
    2008-03-01 02:00:02 352 --a
    C:\WINDOWS\Tasks\McQcTask.job


    -- Files created between 2008-03-06 and 2008-04-06

    2008-03-27 19:16:12 0 d
    C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-25 21:58:35 0 d
    C:\Program Files\VideoEgg
    2008-03-18 19:16:17 0 d
    C:\Program Files\IrfanView
    2008-03-17 01:27:37 36864 --a
    C:\WINDOWS\system32\SDDEVMGR.dll <Not Verified; TOSHIBA/MEI; Toshiba/MEI SD Card Manager API Library>
    2008-03-07 23:37:24 0 d
    C:\Program Files\uTorrent


    -- Find3M Report

    2008-04-06 15:11:01 0 d
    C:\Program Files\Dl_cats
    2008-04-02 22:04:11 0 d
    C:\Program Files\MSN Messenger
    2008-04-02 22:04:08 0 d
    C:\Program Files\Messenger Plus! Live
    2008-03-29 19:21:33 0 d
    C:\Documents and Settings\Gavin\Application Data\SiteAdvisor
    2008-03-29 02:22:11 0 d
    C:\Documents and Settings\Gavin\Application Data\Vso
    2008-03-29 02:22:11 33 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.log
    2008-03-29 02:22:08 7887 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.cat
    2008-03-29 02:22:07 47360 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    2008-03-29 02:22:07 1144 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.inf
    2008-03-29 02:21:16 0 d
    C:\Program Files\DIKO
    2008-03-27 20:00:44 0 d
    C:\Documents and Settings\Gavin\Application Data\openacepop
    2008-03-24 19:36:20 0 d
    C:\Documents and Settings\Gavin\Application Data\LimeWire
    2008-03-19 16:37:52 0 d
    C:\Program Files\Java
    2008-03-17 01:27:36 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-03-07 18:28:25 0 d
    C:\Documents and Settings\Gavin\Application Data\AVG7
    2008-03-04 18:25:34 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-04 18:25:24 0 d
    C:\Program Files\Common Files
    2008-03-04 18:25:17 0 d
    C:\Program Files\Windows Live
    2008-03-01 01:34:02 6424 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2008-02-26 17:19:02 0 d
    C:\Program Files\McAfee
    2008-02-24 20:39:23 0 d
    C:\Program Files\iPod
    2008-02-24 20:36:55 0 d
    C:\Program Files\QuickTime
    2008-02-18 17:08:52 0 d
    C:\Documents and Settings\Gavin\Application Data\Adobe
    2008-02-10 18:09:48 0 d
    C:\Documents and Settings\Gavin\Application Data\Ringtone
    2008-02-10 16:42:05 217073 -rahs---- C:\WINDOWS\meta4.exe
    2008-02-04 20:26:34 151040 ---hs---- C:\WINDOWS\system32\VistaUltm.dll
    2008-01-20 01:52:48 88 -r-hs---- C:\WINDOWS\system32\2A121B0E30.sys


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [22/03/2005 23:20 C:\WINDOWS\stsystra.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/08/2005 21:05]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 10:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
    "@=" []
    "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [09/02/2006 23:34]
    "Blubster"="C:\Program Files\Blubster\Blubster.exe" [18/05/2006 21:43]
    "DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [14/09/2005 00:51]
    "dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [07/10/2005 03:01]
    "MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [07/09/2005 00:37]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 05:00 C:\WINDOWS\system32\bthprops.cpl]
    "winlogon"="C:\WINDOWS\nvchost" []
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46]
    "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [17/01/2007 18:30]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [09/02/2007 05:37]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 15:10]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/12/2007 19:49]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22/08/2004 18:05]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2008 00:13]
    "iTunesHelper"="C:\iTunes\iTunesHelper.exe" [19/02/2008 14:10]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [28/09/2006 20:09]
    "Longacid"="C:\DOCUME~1\Gavin\APPLIC~1\OPENAC~1\Surf poke wait.exe" []
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [15/01/2007 16:14]
    "AnyDVD"="C:\Documents and Settings\Gavin\My Documents\AnyDVDHD\AnyDVD\AnyDVD.exe" []
    "Veoh"="C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\VeohClient.exe" [22/02/2008 22:42]
    "@=" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ




    -- End of Deckard's System Scanner: finished at 2008-04-06 16:10:32


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    Extra.txt

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) D CPU 2.80GHz
    CPU 1: Intel(R) Pentium(R) D CPU 2.80GHz
    Percentage of Memory in Use: 29%
    Physical Memory (total/avail): 2558.07 MiB / 1815.88 MiB
    Pagefile Memory (total/avail): 3801 MiB / 3153.89 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1902.28 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 71.45 GiB total, 16.07 GiB free.
    D: is CDROM (No Media)
    E: is CDROM (No Media)
    F: is CDROM (No Media)
    G: is Removable (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD800JD-75MSA2 - 74.5 GiB - 3 partitions
    \PARTITION0 - Unknown - 47.03 MiB
    \PARTITION1 (bootable) - Installable File System - 71.45 GiB - C:
    \PARTITION2 - Unknown - 3 GiB

    \\.\PHYSICALDRIVE1 - Dell USB Mass Storage USB Device



    -- Security Center

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.
    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.

    FW: McAfee Personal Firewall v (McAfee)
    AV: AVG 7.5.519 v7.5.519 (Grisoft)
    AV: McAfee VirusScan v (McAfee) Outdated

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
    "C:\\Program Files\\MSN Messenger\\msgs.exe"="C:\\Program Files\\MSN Messenger\\msgs.exe:*:Enabled:Messenger"
    "C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe:*:Enabled:Football Manager 2007"
    "C:\\Documents and Settings\\Gavin\\My Documents\\Morpheus\\Morpheus.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
    "C:\\Documents and Settings\\Gavin\\My Documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\Documents and Settings\\Gavin\\My Documents\\My Files\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\My Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
    "C:\\Program Files\\Blubster\\Blubster.exe"="C:\\Program Files\\Blubster\\Blubster.exe:*:Enabled:Blubster"
    "C:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
    "C:\\Documents and Settings\\Gavin\\My Documents\\Wyzo\\wyzo.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\Wyzo\\wyzo.exe:*:Enabled:Wyzo"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\InterActual\\LimeWire\\LimeWire.exe"="C:\\Program Files\\InterActual\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\iTunes\\iTunes.exe"="C:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
    "C:\\Documents and Settings\\Andrew\\My Documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Andrew\\My Documents\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Documents and Settings\\Gavin\\My Documents\\My Videos\\Veoh\\VeohClient.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\My Videos\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"


    -- Environment Variables

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Gavin\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=FRONTROOM
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Gavin
    LOGONSERVER=\\FRONTROOM
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Program Files\Internet Explorer;;C:\Program Files\Windows Live\Messenger\;C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0407
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Gavin\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Gavin\LOCALS~1\Temp
    USERDOMAIN=FRONTROOM
    USERNAME=Gavin
    USERPROFILE=C:\Documents and Settings\Gavin
    windir=C:\WINDOWS
    __COMPAT_LAYER=EnableNXShowUI


    -- User Profiles

    Jim (admin)
    Jess (admin)
    Gavin (admin)
    Andrew
    Administrator (admin)


    -- Add/Remove Programs

    --> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
    --> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
    --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
    --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
    --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0009
    --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
    --> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNRecode.exe /UNINSTALL
    --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    944plc32 --> MsiExec.exe /I{50AF9AC4-6E62-405A-A269-C02B70A21E64}
    ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
    Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
    Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
    Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
    AnyDVD --> "C:\Documents and Settings\Gavin\My Documents\AnyDVDHD\AnyDVD\AnyDVD-uninst.exe" /D="C:\Documents and Settings\Gavin\My Documents\AnyDVDHD\AnyDVD"
    Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Ask Toolbar --> rundll32 C:\PROGRA~1\AskTBar\bar\1.bin\AskTBar.dll,O
    ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Audacity 1.3.4 (Unicode) --> "C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
    AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
    Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
    Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
    Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
    Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
    Creative Zen Vision M --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}\SETUP.EXE" -l0x9 /remove
    Creative ZEN Vision M Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x9 /remove
    DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
    Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
    Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
    Dell Photo AIO Printer 944 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcdUNST.EXE -NOLICENSE
    DellConnect --> MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
    DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
    Football Manager 2007 --> C:\Program Files\Sports Interactive\Football Manager 2007\uninstall2\Uninstall FM 2007.exe
    Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Intel(R) PRO Network Connections Drivers --> Prounstl.exe
    Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
    IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
    iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    LimeWire 4.16.6 --> "C:\Documents and Settings\andrew\My Documents\LimeWire\uninstall.exe"
    Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
    Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
    Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Max DVD to AVI Converter --> "C:\Program Files\PowerImage\Max DVD to AVI Converter\unins000.exe"
    McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
    McAfee Uninstaller --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
    MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
    Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
    Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
    MP3 Player Utilities --> MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
    Nero 7 Ultra Edition --> MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
    Nero 8 Micro v8.0.3.0 --> "C:\Program Files\Nero\unins000.exe"
    Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
    Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng_web[1].exe
    Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
    Nokia Software Updater --> MsiExec.exe /X{3186AEAE-E104-424D-9152-1BF6A4404758}
    PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
    QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
    Riva Producer Lite --> "C:\Program Files\Riva\Riva Producer Lite\unins000.exe"
    SDFormatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A347920-4AFC-11D5-9FB0-800649886934}\setup.exe"
    Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Serif PhotoPlus 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEFCB74C-C49F-4327-8EDF-3A81A574AC0F}\Setup.exe" -l0x9
    Skill Builder DX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Setup\Skillb\Uninstall\setup.exe"
    Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
    Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
    SUPER © Version 2008.bld.25 (Feb 5, 2008) --> C:\DOCUME~1\Gavin\MYDOCU~1\MYFILE~1\SUPER\Setup.exe /remove /q0
    VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{D1B11537-EA51-4DD8-BF1E-098BEE48868D}\setup.exe -runfromtemp -l0x0409
    Video DVD Maker Free v2.11.0.74 --> "C:\Program Files\Video DVD Maker\Uninstall.exe" "C:\Program Files\Video DVD Maker\install.log" -u
    Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
    Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
    Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
    Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
    Windows Driver Package - Nokia Modem (08/08/2007 3.3) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_32E2E448B53EE5B28E074D88802D0BAF984038DA\pccs_bluetooth.inf
    Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    Yahoo! Toolbar BETA --> C:\Program Files\Yahoo!\Common\unyt.exe


    -- Application Event Log

    Event Record #/Type33441 / Success
    Event Submitted/Written: 04/06/2008 02:30:47 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type33434 / Warning
    Event Submitted/Written: 04/06/2008 01:35:44 PM
    Event ID/Source: 32068 / Microsoft Fax
    Event Description:
    The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
    Country/region code: '*'
    Area code: '*'

    Event Record #/Type33433 / Warning
    Event Submitted/Written: 04/06/2008 01:35:44 PM
    Event ID/Source: 32026 / Microsoft Fax
    Event Description:
    Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
    No faxes can be sent or received until a fax device is installed.

    Event Record #/Type33426 / Warning
    Event Submitted/Written: 04/06/2008 02:31:57 AM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

    Event Record #/Type33404 / Success
    Event Submitted/Written: 04/05/2008 10:01:40 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type102421 / Error
    Event Submitted/Written: 04/06/2008 02:32:05 AM
    Event ID/Source: 10010 / DCOM
    Event Description:
    The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

    Event Record #/Type102378 / Warning
    Event Submitted/Written: 04/05/2008 07:53:49 PM
    Event ID/Source: 18 / BTHUSB
    Event Description:
    Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.

    Event Record #/Type102377 / Warning
    Event Submitted/Written: 04/05/2008 07:35:02 PM
    Event ID/Source: 18 / BTHUSB
    Event Description:
    Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.

    Event Record #/Type102311 / Warning
    Event Submitted/Written: 04/05/2008 04:07:26 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Event Record #/Type102310 / Error
    Event Submitted/Written: 04/05/2008 04:04:37 PM
    Event ID/Source: 10010 / DCOM
    Event Description:
    The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.



    -- End of Deckard's System Scanner: finished at 2008-04-06 16:10:32


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


    You have two anti-virus programs, AVG and McAfee, you need to remove one of these


    You have two firewalls, so you need to disable Windows firewall

    1. Click Start, click Run, type Firewall.cpl, and then click OK.
    2. On the General tab, click Off (not recommended), and then click OK.




    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum.



    Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

    Ask Toolbar



    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: (no name) - >¨8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
    O2 - BHO: (no name) - p>¨68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
    O2 - BHO: (no name) - rsion - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O2 - BHO: (no name) - ¨¨¨¨4-4C02-4ABF-8ECC-5164760863C6} - (no file)
    O2 - BHO: (no name) - ð=¨B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\nvchost


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Please download FixWareout from here:
    http://downloads.subratam.org/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
    Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
    Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log

    If you have internet connection problems then do the following :

    Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.



    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      [kill explorer]
      C:\WINDOWS\Tasks\ABEBA74891E459D4.job
      C:\Program Files\AskTBar
      C:\WINDOWS\nvchost
      purity 
      [start explorer]
      
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



    Reboot and post a new DSS log


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    AVG or McAfee which would you recommend me to delete. McAfee is also out of date.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 10,534 ✭✭✭✭guil


    alot of people say mcafee is useless


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    100% has to be McAfee

    Download and run the removal tool from here though

    http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe


    Then continue on with the rest of the steps


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    SDFix: Version 1.167
    Run by Gavin on 08/04/2008 at 18:43

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url - Deleted
    C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-08 18:59:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd105553]
    "001e4538cc4b"=hex:c5,35,96,89,cd,a7,91,b5,2c,2e,28,3f,a9,50,2d,72
    "001d6ecf43a1"=hex:4d,17,58,26,58,b9,f2,23,f1,1b,c5,ad,d3,21,19,f7
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ee7501421]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583b56a4a]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:56,db,26,2c,54,19,b3,11,02,c0,7d,fd,ff,a9,03,de,8b,e9,4f,ab,b0,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd105553]
    "001e4538cc4b"=hex:c5,35,96,89,cd,a7,91,b5,2c,2e,28,3f,a9,50,2d,72
    "001d6ecf43a1"=hex:4d,17,58,26,58,b9,f2,23,f1,1b,c5,ad,d3,21,19,f7
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000ee7501421]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583b56a4a]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:56,db,26,2c,54,19,b3,11,02,c0,7d,fd,ff,a9,03,de,8b,e9,4f,ab,b0,..

    scanning hidden registry entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 355


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
    "C:\\Program Files\\MSN Messenger\\msgs.exe"="C:\\Program Files\\MSN Messenger\\msgs.exe:*:Enabled:Messenger"
    "C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe:*:Enabled:Football Manager 2007"
    "C:\\Documents and Settings\\Gavin\\My Documents\\Morpheus\\Morpheus.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
    "C:\\Documents and Settings\\Gavin\\My Documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\Documents and Settings\\Gavin\\My Documents\\My Files\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\My Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
    "C:\\Program Files\\Blubster\\Blubster.exe"="C:\\Program Files\\Blubster\\Blubster.exe:*:Enabled:Blubster"
    "C:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
    "C:\\Documents and Settings\\Gavin\\My Documents\\Wyzo\\wyzo.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\Wyzo\\wyzo.exe:*:Enabled:Wyzo"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\InterActual\\LimeWire\\LimeWire.exe"="C:\\Program Files\\InterActual\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
    "C:\\Documents and Settings\\Andrew\\My Documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Andrew\\My Documents\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Documents and Settings\\Gavin\\My Documents\\My Videos\\Veoh\\VeohClient.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\My Videos\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
    "C:\\iTunes\\iTunes.exe"="C:\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Wed 17 May 2006 88 A.SHR --- "C:\i386\2A121B0E30.sys"
    Wed 17 May 2006 2,516 A.SH. --- "C:\i386\KGyGaAvL.sys"
    Sun 10 Feb 2008 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"
    Sun 28 Oct 2007 24 ..SH. --- "C:\WINDOWS\SAE9A9BCA.tmp"
    Sun 6 Apr 2008 88 ..SHR --- "C:\WINDOWS\system32\2A121B0E30.sys"
    Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"
    Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
    Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
    Wed 9 Aug 2006 56 ..SHR --- "C:\WINDOWS\system32\FB0F25856C.sys"
    Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
    Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\i420vfw.dll"
    Sun 6 Apr 2008 6,632 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
    Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
    Mon 4 Feb 2008 151,040 ..SH. --- "C:\WINDOWS\system32\VistaUltm.dll"
    Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"
    Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\yv12vfw.dll"
    Sat 14 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 19 Nov 2007 26,624 ...H. --- "C:\Documents and Settings\Jess\My Documents\~WRL0002.tmp"
    Mon 25 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Sun 28 Oct 2007 20,222,992 A..H. --- "C:\Documents and Settings\Jim\Local Settings\Temp\BITD.tmp"
    Sun 28 Oct 2007 20,222,992 A..H. --- "C:\Documents and Settings\Jim\Local Settings\Temp\BITE.tmp"
    Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT14.tmp"
    Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT57.tmp"
    Tue 15 Aug 2006 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\3wr95buz.TMP"
    Wed 5 Jul 2006 827,017,296 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\e4gusdez.TMP"
    Tue 30 Oct 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\xzothj39.TMP"
    Sun 26 Jun 2005 616,448 ..SHR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\cygwin1.dll"
    Tue 21 Jun 2005 45,568 ..SHR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\cygz.dll"
    Sun 10 Feb 2008 72,704 ..SHR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\Setup.exe"
    Tue 4 Jun 2002 84,992 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\14_43260.dll"
    Tue 4 Jun 2002 44,032 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\28_83260.dll"
    Tue 10 Dec 2002 73,766 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\atrc3260.dll"
    Tue 10 Dec 2002 65,575 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\cook3260.dll"
    Sun 9 Jun 2002 36,864 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\ddnt3260.dll"
    Tue 4 Jun 2002 20,480 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\dnet3260.dll"
    Tue 10 Dec 2002 102,437 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\drv13260.dll"
    Tue 10 Dec 2002 176,165 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\drv23260.dll"
    Tue 10 Dec 2002 208,935 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\drv33260.dll"
    Tue 10 Dec 2002 217,127 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\drv43260.dll"
    Sun 9 Jun 2002 40,448 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\dspr3260.dll"
    Sun 4 Nov 2001 225,280 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\ivvideo.dll"
    Tue 10 Apr 2001 225,280 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\qtmlClient.dll"
    Fri 20 Feb 2004 232,960 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\raac.dll"
    Sun 9 Jun 2002 525,824 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\rnco3260.dll"
    Tue 10 Dec 2002 245,805 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\rnlt3260.dll"
    Tue 10 Dec 2002 45,093 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\rv103260.dll"
    Tue 10 Dec 2002 98,341 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\rv203260.dll"
    Tue 10 Dec 2002 94,247 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\rv303260.dll"
    Tue 10 Dec 2002 90,151 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\rv403260.dll"
    Tue 10 Dec 2002 102,439 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\sipr3260.dll"
    Sun 9 Jun 2002 49,152 ...HR --- "C:\Documents and Settings\Gavin\My Documents\My Files\SUPER\mencoder\tokr3260.dll"
    Tue 10 Apr 2007 8 A..H. --- "C:\Documents and Settings\Gavin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
    Tue 10 Apr 2007 8 A..H. --- "C:\Documents and Settings\Gavin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
    Tue 10 Apr 2007 8 A..H. --- "C:\Documents and Settings\Gavin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
    Tue 10 Apr 2007 8 A..H. --- "C:\Documents and Settings\Gavin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jim\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jim\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jim\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jim\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

    Finished!


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    Username "Gavin" - 08/04/2008 20:05:30 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    "nameserver"="85.255.113.196 85.255.112.118" <Value cleared.

    Successfully flushed the DNS Resolver Cache.


    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....


    C:\Program Files\Video ActiveX Object < Found
    Additional tools are recommended.

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe"
    "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
    "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
    "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
    "Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
    "Blubster"="C:\\Program Files\\Blubster\\Blubster.exe SILENT"
    "DLCDCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLCDtime.dll,_RunDLLEntry@16"
    "dlcdmon.exe"="\"C:\\Program Files\\Dell Photo AIO Printer 944\\dlcdmon.exe\""
    "MemoryCardManager"="\"C:\\Program Files\\Dell Photo AIO Printer 944\\memcard.exe\""
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
    "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\iTunes\\iTunesHelper.exe\""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "CTSyncU.exe"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""
    "Longacid"="C:\\DOCUME~1\\Gavin\\APPLIC~1\\OPENAC~1\\Surf poke wait.exe"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
    "AnyDVD"="\"C:\\Documents and Settings\\Gavin\\My Documents\\AnyDVDHD\\AnyDVD\\AnyDVD.exe\""
    "Veoh"="\"C:\\Documents and Settings\\Gavin\\My Documents\\My Videos\\Veoh\\VeohClient.exe\" /VeohHide"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    Explorer killed successfully
    C:\WINDOWS\Tasks\ABEBA74891E459D4.job moved successfully.
    C:\Program Files\AskTBar\SrchAstt\1.bin moved successfully.
    C:\Program Files\AskTBar\SrchAstt moved successfully.
    C:\Program Files\AskTBar\PopSwatr\History moved successfully.
    C:\Program Files\AskTBar\PopSwatr moved successfully.
    C:\Program Files\AskTBar\bar\Settings moved successfully.
    C:\Program Files\AskTBar\bar\History moved successfully.
    C:\Program Files\AskTBar\bar\Cache moved successfully.
    C:\Program Files\AskTBar\bar\1.bin moved successfully.
    C:\Program Files\AskTBar\bar moved successfully.
    C:\Program Files\AskTBar moved successfully.
    File/Folder C:\WINDOWS\nvchost not found.
    < purity >
    Explorer started successfully

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04082008_201607


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    Deckard's System Scanner v20071014.68
    Run by Gavin on 2008-04-08 20:18:06
    Computer is in Normal Mode.



    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-04-08 20:19:08
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
    C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\dlcdcoms.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\VeohClient.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Gavin\Local Settings\Temporary Internet Files\Content.IE5\0NMYMUC9\dss[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R3 - URLSearchHook: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
    O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [Longacid] C:\DOCUME~1\Gavin\APPLIC~1\OPENAC~1\Surf poke wait.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [AnyDVD] "C:\Documents and Settings\Gavin\My Documents\AnyDVDHD\AnyDVD\AnyDVD.exe"
    O4 - HKCU\..\Run: [Veoh] "C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
    O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    --
    End of file - 13470 bytes

    -- Files created between 2008-03-08 and 2008-04-08

    2008-04-08 18:39:30 0 d
    C:\WINDOWS\ERUNT
    2008-04-08 17:57:45 0 d
    C:\Program Files\Safari
    2008-04-08 17:54:57 0 d
    C:\Program Files\iPod
    2008-04-07 21:56:39 0 d
    C:\Program Files\Microsoft Silverlight
    2008-04-07 21:56:33 0 d
    C:\temp
    2008-03-27 19:16:12 0 d
    C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-25 21:58:35 0 d
    C:\Program Files\VideoEgg
    2008-03-18 19:16:17 0 d
    C:\Program Files\IrfanView


    -- Find3M Report

    2008-04-08 20:11:59 0 d
    C:\Program Files\Dl_cats
    2008-04-08 17:53:43 0 d
    C:\Program Files\QuickTime
    2008-04-08 15:08:31 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-04-07 22:08:11 0 d
    C:\Program Files\Common Files
    2008-04-07 22:08:02 0 d
    C:\Program Files\McAfee.com
    2008-04-06 21:37:15 6632 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2008-04-06 21:37:13 88 -r-hs---- C:\WINDOWS\system32\2A121B0E30.sys
    2008-04-02 22:04:11 0 d
    C:\Program Files\MSN Messenger
    2008-04-02 22:04:08 0 d
    C:\Program Files\Messenger Plus! Live
    2008-03-29 02:22:11 0 d
    C:\Documents and Settings\Gavin\Application Data\Vso
    2008-03-29 02:22:11 33 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.log
    2008-03-29 02:22:08 7887 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.cat
    2008-03-29 02:22:07 47360 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    2008-03-29 02:22:07 1144 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.inf
    2008-03-29 02:21:16 0 d
    C:\Program Files\DIKO
    2008-03-27 20:00:44 0 d
    C:\Documents and Settings\Gavin\Application Data\openacepop
    2008-03-24 19:36:20 0 d
    C:\Documents and Settings\Gavin\Application Data\LimeWire
    2008-03-19 16:37:52 0 d
    C:\Program Files\Java
    2008-03-07 23:37:24 0 d
    C:\Program Files\uTorrent
    2008-03-07 18:28:25 0 d
    C:\Documents and Settings\Gavin\Application Data\AVG7
    2008-03-04 18:25:34 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-04 18:25:17 0 d
    C:\Program Files\Windows Live
    2008-02-18 17:08:52 0 d
    C:\Documents and Settings\Gavin\Application Data\Adobe
    2008-02-10 18:09:48 0 d
    C:\Documents and Settings\Gavin\Application Data\Ringtone
    2008-02-10 16:42:05 217073 -rahs---- C:\WINDOWS\meta4.exe
    2008-02-04 20:26:34 151040 ---hs---- C:\WINDOWS\system32\VistaUltm.dll


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [22/03/2005 23:20 C:\WINDOWS\stsystra.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/08/2005 21:05]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 10:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
    "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [09/02/2006 23:34]
    "Blubster"="C:\Program Files\Blubster\Blubster.exe" [18/05/2006 21:43]
    "DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [14/09/2005 00:51]
    "dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [07/10/2005 03:01]
    "MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [07/09/2005 00:37]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 05:00 C:\WINDOWS\system32\bthprops.cpl]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 15:10]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/12/2007 19:49]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22/08/2004 18:05]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
    "iTunesHelper"="C:\iTunes\iTunesHelper.exe" [30/03/2008 10:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [28/09/2006 20:09]
    "Longacid"="C:\DOCUME~1\Gavin\APPLIC~1\OPENAC~1\Surf poke wait.exe" []
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [15/01/2007 16:14]
    "AnyDVD"="C:\Documents and Settings\Gavin\My Documents\AnyDVDHD\AnyDVD\AnyDVD.exe" []
    "Veoh"="C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\VeohClient.exe" [01/04/2008 18:35]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ




    -- End of Deckard's System Scanner: finished at 2008-04-08 20:19:33


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    That's everything done now. Sorry it took me a couple of days.



    Just to note when doing a System Scan on HiJackThis the following entry:
    O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\nvchost


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      [kill explorer]
      C:\Program Files\Video ActiveX Object
      purity 
      [start explorer]
      
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



    Reboot and tell me how your PC is running


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    Malwarebytes' Anti-Malware 1.11
    Database version: 603

    Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|)
    Objects scanned: 231227
    Time elapsed: 1 hour(s), 37 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 30
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 35
    Files Infected: 704

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoEgg.ActiveXLoader (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoEgg.ActiveXLoader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\VideoAXObject.Chl (Trojan.Zlob) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\Video ActiveX Object (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Start Menu\Programs\ContraVirus (Rogue.ContraVirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2817 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2817\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater\2364 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater\2663 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\VideoEgg\Loader\2364\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2655\resour


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    Deckard's System Scanner v20071014.68
    Run by Gavin on 2008-04-09 22:01:16
    Computer is in Normal Mode.



    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-04-09 22:01:35
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
    C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dlcdcoms.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\VeohClient.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Gavin\Desktop\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R3 - URLSearchHook: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
    O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [Longacid] C:\DOCUME~1\Gavin\APPLIC~1\OPENAC~1\Surf poke wait.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Veoh] "C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
    O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    --
    End of file - 13413 bytes

    -- Files created between 2008-03-09 and 2008-04-09

    2008-04-09 19:08:57 0 d
    C:\DVDVideoSoft
    2008-04-09 19:08:39 0 d
    C:\Program Files\Common Files\DVDVideoSoft
    2008-04-09 19:08:37 0 d
    C:\Program Files\DVDVideoSoft
    2008-04-09 16:01:03 0 d
    C:\Documents and Settings\Gavin\Application Data\Malwarebytes
    2008-04-09 16:00:54 0 d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-09 16:00:53 0 d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-08 18:39:30 0 d
    C:\WINDOWS\ERUNT
    2008-04-08 17:54:57 0 d
    C:\Program Files\iPod
    2008-04-07 21:56:39 0 d
    C:\Program Files\Microsoft Silverlight
    2008-04-07 21:56:33 0 d
    C:\temp
    2008-03-27 19:16:12 0 d
    C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-25 21:58:35 0 d
    C:\Program Files\VideoEgg
    2008-03-18 19:16:17 0 d
    C:\Program Files\IrfanView


    -- Find3M Report

    2008-04-09 20:46:19 0 d
    C:\Program Files\Dl_cats
    2008-04-09 19:08:39 0 d
    C:\Program Files\Common Files
    2008-04-08 22:13:45 0 d
    C:\Documents and Settings\Gavin\Application Data\AVG7
    2008-04-08 22:03:22 0 d
    C:\Documents and Settings\Gavin\Application Data\Apple Computer
    2008-04-08 17:53:43 0 d
    C:\Program Files\QuickTime
    2008-04-08 15:08:31 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-04-07 22:08:02 0 d
    C:\Program Files\McAfee.com
    2008-04-06 21:37:15 6632 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2008-04-06 21:37:13 88 -r-hs---- C:\WINDOWS\system32\2A121B0E30.sys
    2008-04-02 22:04:11 0 d
    C:\Program Files\MSN Messenger
    2008-04-02 22:04:08 0 d
    C:\Program Files\Messenger Plus! Live
    2008-03-29 02:22:11 0 d
    C:\Documents and Settings\Gavin\Application Data\Vso
    2008-03-29 02:22:11 33 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.log
    2008-03-29 02:22:08 7887 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.cat
    2008-03-29 02:22:07 47360 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    2008-03-29 02:22:07 1144 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.inf
    2008-03-29 02:21:16 0 d
    C:\Program Files\DIKO
    2008-03-27 20:00:44 0 d
    C:\Documents and Settings\Gavin\Application Data\openacepop
    2008-03-24 19:36:20 0 d
    C:\Documents and Settings\Gavin\Application Data\LimeWire
    2008-03-19 16:37:52 0 d
    C:\Program Files\Java
    2008-03-07 23:37:24 0 d
    C:\Program Files\uTorrent
    2008-03-04 18:25:34 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-04 18:25:17 0 d
    C:\Program Files\Windows Live
    2008-02-18 17:08:52 0 d
    C:\Documents and Settings\Gavin\Application Data\Adobe
    2008-02-10 18:09:48 0 d
    C:\Documents and Settings\Gavin\Application Data\Ringtone
    2008-02-10 16:42:05 217073 -rahs---- C:\WINDOWS\meta4.exe
    2008-02-04 20:26:34 151040 ---hs---- C:\WINDOWS\system32\VistaUltm.dll


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [22/03/2005 23:20 C:\WINDOWS\stsystra.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/08/2005 21:05]
    "ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 10:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
    "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [09/02/2006 23:34]
    "Blubster"="C:\Program Files\Blubster\Blubster.exe" [18/05/2006 21:43]
    "DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [14/09/2005 00:51]
    "dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [07/10/2005 03:01]
    "MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [07/09/2005 00:37]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 05:00 C:\WINDOWS\system32\bthprops.cpl]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 15:10]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/12/2007 19:49]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22/08/2004 18:05]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
    "iTunesHelper"="C:\iTunes\iTunesHelper.exe" [30/03/2008 10:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [28/09/2006 20:09]
    "Longacid"="C:\DOCUME~1\Gavin\APPLIC~1\OPENAC~1\Surf poke wait.exe" []
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [15/01/2007 16:14]
    "Veoh"="C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\VeohClient.exe" [01/04/2008 18:35]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ




    -- End of Deckard's System Scanner: finished at 2008-04-09 22:01:55


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O4 - HKCU\..\Run: [Longacid] C:\DOCUME~1\Gavin\APPLIC~1\OPENAC~1\Surf poke wait.exe


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      [kill explorer]
      C:\DOCUME~1\Gavin\APPLIC~1\OPENAC~1
      purity 
      [start explorer]
      
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



    Reboot and do this

    click on Start, click on Run
    copy and paste the following in bold in the open window and then click OK
    "%userprofile%\desktop\dss.exe" /config
    This will open up DSS configuration
    click on Check All
    click Scan
    DSS will now run again when finished
    Please post back both logs that open in notepad
    Main txt and extra txt


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    Explorer killed successfully
    C:\DOCUME~1\Gavin\APPLIC~1\OPENAC~1 moved successfully.
    < purity >
    Explorer started successfully

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04092008_225926


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    Deckard's System Scanner v20071014.68
    Run by Gavin on 2008-04-09 23:43:15
    Computer is in Normal Mode.

    -- System Restore

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    79: 2008-04-09 22:43:23 UTC - RP657 - Deckard's System Scanner Restore Point
    78: 2008-04-09 17:59:41 UTC - RP656 - Remove AnyDVD
    77: 2008-04-09 17:57:04 UTC - RP655 - Install AnyDVD
    76: 2008-04-09 16:04:08 UTC - RP654 - Software Distribution Service 3.0
    75: 2008-04-08 21:04:55 UTC - RP653 - Removed Safari


    -- First Restore Point --
    1: 2008-01-10 21:20:04 UTC - RP579 - Install AnyDVD


    Performed disk cleanup.



    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-04-09 23:43:39
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
    C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\system32\dlcdcoms.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\VeohClient.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Gavin\Desktop\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R3 - URLSearchHook: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
    O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Veoh] "C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
    O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    --
    End of file - 13243 bytes

    -- HijackThis Fixed Entries (C:\Documents and Settings\Gavin\Desktop\backups\) -

    backup-20080408-200126-103 O2 - BHO: (no name) - ð=¨B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
    backup-20080408-200126-393 O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    backup-20080408-200126-434 O2 - BHO: (no name) - ¨¨¨¨4-4C02-4ABF-8ECC-5164760863C6} - (no file)
    backup-20080408-200126-459 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    backup-20080408-200126-562 O2 - BHO: (no name) - p>¨68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
    backup-20080408-200126-594 O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    backup-20080408-200126-772 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    backup-20080408-200126-783 O2 - BHO: (no name) - >¨8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
    backup-20080408-200126-851 O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    backup-20080408-200126-958 O2 - BHO: (no name) - rsion - (no file)
    backup-20080409-155742-688 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    backup-20080409-225857-666 O4 - HKCU\..\Run: [Longacid] C:\DOCUME~1\Gavin\APPLIC~1\OPENAC~1\Surf poke wait.exe

    -- File Associations

    .js - jsfile - DefaultIcon - unable to read value
    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
    R2 STEC3 - c:\windows\system32\stec3.sys <Not Verified; AntiCracking; SVKP driver for NT>

    S0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys (file missing)
    S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
    S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys (file missing)
    S3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys (file missing)
    S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys (file missing)
    S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys (file missing)
    S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys (file missing)
    S3 catchme - c:\docume~1\gavin\locals~1\temp\catchme.sys (file missing)
    S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
    S3 NTPASp50 (NTPASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\ntpasp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
    S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys (file missing)
    S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
    S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys (file missing)
    S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
    R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


    -- Device Manager: Disabled

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia Windows Portable Device Driver
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia 5500 Sport
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia N70
    Device ID: ROOT\WPD\0001
    Manufacturer: Nokia
    Name: Nokia N70
    PNP Device ID: ROOT\WPD\0001
    Service: WUDFRd


    -- Process Modules

    C:\WINDOWS\explorer.exe (pid 700)
    2007-06-19 10:49:12 562688 --a
    C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll <Not Verified; Nokia; Phone Browser>
    2007-06-15 12:16:44 659456 --a
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll <Not Verified; Nokia; PC Suite Common Modules>
    2007-06-05 16:36:56 27648 --a
    C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.NLR <Not Verified; Nokia; Nokia Phone Browser>
    2007-05-04 12:13:28 543744 --a
    C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.NGR <Not Verified; Nokia; Nokia Phone Browser>
    2005-11-15 11:07:16 1802240 --a
    C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll <Not Verified; Nero AG; Nero Digital Tools>
    2007-06-19 10:37:56 5120 --a
    C:\Program Files\Nokia\Nokia PC Suite 6\Lang\ConnectionManager_eng.NLR <Not Verified; Nokia; Nokia Connection Manager>


    -- Scheduled Tasks

    2008-04-09 15:20:05 284 --a
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2008-03-14 19:30:01 346 --a
    C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FRONTROOM-Jim).job


    -- Files created between 2008-03-09 and 2008-04-09

    2008-04-09 19:08:57 0 d
    C:\DVDVideoSoft
    2008-04-09 19:08:39 0 d
    C:\Program Files\Common Files\DVDVideoSoft
    2008-04-09 19:08:37 0 d
    C:\Program Files\DVDVideoSoft
    2008-04-09 16:01:03 0 d
    C:\Documents and Settings\Gavin\Application Data\Malwarebytes
    2008-04-09 16:00:54 0 d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-09 16:00:53 0 d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-08 18:39:30 0 d
    C:\WINDOWS\ERUNT
    2008-04-08 17:54:57 0 d
    C:\Program Files\iPod
    2008-04-07 21:56:39 0 d
    C:\Program Files\Microsoft Silverlight
    2008-04-07 21:56:33 0 d
    C:\temp
    2008-03-27 19:16:12 0 d
    C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-25 21:58:35 0 d
    C:\Program Files\VideoEgg
    2008-03-18 19:16:17 0 d
    C:\Program Files\IrfanView


    -- Find3M Report

    2008-04-09 23:26:11 0 d
    C:\Program Files\Dl_cats
    2008-04-09 19:08:39 0 d
    C:\Program Files\Common Files
    2008-04-08 22:13:45 0 d
    C:\Documents and Settings\Gavin\Application Data\AVG7
    2008-04-08 22:03:22 0 d
    C:\Documents and Settings\Gavin\Application Data\Apple Computer
    2008-04-08 17:53:43 0 d
    C:\Program Files\QuickTime
    2008-04-08 15:08:31 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-04-07 22:08:02 0 d
    C:\Program Files\McAfee.com
    2008-04-06 21:37:15 6632 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2008-04-06 21:37:13 88 -r-hs---- C:\WINDOWS\system32\2A121B0E30.sys
    2008-04-02 22:04:11 0 d
    C:\Program Files\MSN Messenger
    2008-04-02 22:04:08 0 d
    C:\Program Files\Messenger Plus! Live
    2008-03-29 02:22:11 0 d
    C:\Documents and Settings\Gavin\Application Data\Vso
    2008-03-29 02:22:11 33 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.log
    2008-03-29 02:22:08 7887 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.cat
    2008-03-29 02:22:07 47360 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    2008-03-29 02:22:07 1144 --a
    C:\Documents and Settings\Gavin\Application Data\pcouffin.inf
    2008-03-29 02:21:16 0 d
    C:\Program Files\DIKO
    2008-03-24 19:36:20 0 d
    C:\Documents and Settings\Gavin\Application Data\LimeWire
    2008-03-19 16:37:52 0 d
    C:\Program Files\Java
    2008-03-07 23:37:24 0 d
    C:\Program Files\uTorrent
    2008-03-04 18:25:34 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-04 18:25:17 0 d
    C:\Program Files\Windows Live
    2008-02-18 17:08:52 0 d
    C:\Documents and Settings\Gavin\Application Data\Adobe
    2008-02-10 18:09:48 0 d
    C:\Documents and Settings\Gavin\Application Data\Ringtone
    2008-02-10 16:42:05 217073 -rahs---- C:\WINDOWS\meta4.exe
    2008-02-04 20:26:34 151040 ---hs---- C:\WINDOWS\system32\VistaUltm.dll


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [22/03/2005 23:20 C:\WINDOWS\stsystra.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/08/2005 21:05]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 10:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
    "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [09/02/2006 23:34]
    "Blubster"="C:\Program Files\Blubster\Blubster.exe" [18/05/2006 21:43]
    "DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [14/09/2005 00:51]
    "dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [07/10/2005 03:01]
    "MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [07/09/2005 00:37]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 05:00 C:\WINDOWS\system32\bthprops.cpl]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 15:10]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/12/2007 19:49]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22/08/2004 18:05]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
    "iTunesHelper"="C:\iTunes\iTunesHelper.exe" [30/03/2008 10:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [28/09/2006 20:09]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [15/01/2007 16:14]
    "Veoh"="C:\Documents and Settings\Gavin\My Documents\My Videos\Veoh\VeohClient.exe" [01/04/2008 18:35]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ




    -- End of Deckard's System Scanner: finished at 2008-04-09 23:45:16


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) D CPU 2.80GHz
    CPU 1: Intel(R) Pentium(R) D CPU 2.80GHz
    Percentage of Memory in Use: 22%
    Physical Memory (total/avail): 2558.07 MiB / 1977.05 MiB
    Pagefile Memory (total/avail): 3801 MiB / 3364.63 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1887.14 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 71.45 GiB total, 15.91 GiB free.
    D: is CDROM (No Media)
    E: is CDROM (No Media)
    F: is CDROM (No Media)
    G: is Removable (No Media)
    H: is Fixed (NTFS) - 149.05 GiB total, 72.36 GiB free.

    \\.\PHYSICALDRIVE0 - WDC WD800JD-75MSA2 - 74.5 GiB - 3 partitions
    \PARTITION0 - Unknown - 47.03 MiB
    \PARTITION1 (bootable) - Installable File System - 71.45 GiB - C:
    \PARTITION2 - Unknown - 3 GiB

    \\.\PHYSICALDRIVE2 - Dell USB Mass Storage USB Device

    \\.\PHYSICALDRIVE1 - ST316002 1A USB Device - 149.05 GiB - 1 partition
    \PARTITION0 - Installable File System - 149.05 GiB



    -- Security Center

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.

    AV: AVG 7.5.519 v7.5.519 (Grisoft)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
    "C:\\Program Files\\MSN Messenger\\msgs.exe"="C:\\Program Files\\MSN Messenger\\msgs.exe:*:Enabled:Messenger"
    "C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe:*:Enabled:Football Manager 2007"
    "C:\\Documents and Settings\\Gavin\\My Documents\\Morpheus\\Morpheus.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
    "C:\\Documents and Settings\\Gavin\\My Documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\Documents and Settings\\Gavin\\My Documents\\My Files\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\My Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
    "C:\\Program Files\\Blubster\\Blubster.exe"="C:\\Program Files\\Blubster\\Blubster.exe:*:Enabled:Blubster"
    "C:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
    "C:\\Documents and Settings\\Gavin\\My Documents\\Wyzo\\wyzo.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\Wyzo\\wyzo.exe:*:Enabled:Wyzo"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\InterActual\\LimeWire\\LimeWire.exe"="C:\\Program Files\\InterActual\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
    "C:\\Documents and Settings\\Andrew\\My Documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Andrew\\My Documents\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Documents and Settings\\Gavin\\My Documents\\My Videos\\Veoh\\VeohClient.exe"="C:\\Documents and Settings\\Gavin\\My Documents\\My Videos\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
    "C:\\iTunes\\iTunes.exe"="C:\\iTunes\\iTunes.exe:*:Enabled:iTunes"


    -- Environment Variables

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Gavin\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=FRONTROOM
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Gavin
    LOGONSERVER=\\FRONTROOM
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0407
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Gavin\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Gavin\LOCALS~1\Temp
    USERDOMAIN=FRONTROOM
    USERNAME=Gavin
    USERPROFILE=C:\Documents and Settings\Gavin
    windir=C:\WINDOWS
    __COMPAT_LAYER=EnableNXShowUI


    -- User Profiles

    Jim (admin)
    Jess (admin)
    Gavin (admin)
    Andrew
    Administrator (admin)


    -- Add/Remove Programs

    --> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
    --> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
    --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
    --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
    --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0009
    --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
    --> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNRecode.exe /UNINSTALL
    --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    944plc32 --> MsiExec.exe /I{50AF9AC4-6E62-405A-A269-C02B70A21E64}
    ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
    Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
    Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
    Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
    Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Ask Toolbar --> rundll32 C:\PROGRA~1\AskTBar\bar\1.bin\AskTBar.dll,O
    ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Audacity 1.3.4 (Unicode) --> "C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
    AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
    Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
    Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
    Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
    Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
    Creative Zen Vision M --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}\SETUP.EXE" -l0x9 /remove
    Creative ZEN Vision M Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x9 /remove
    DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
    Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
    Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
    Dell Photo AIO Printer 944 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcdUNST.EXE -NOLICENSE
    DellConnect --> MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
    DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
    Football Manager 2007 --> C:\Program Files\Sports Interactive\Football Manager 2007\uninstall2\Uninstall FM 2007.exe
    Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
    Free DVD Decrypter version 1.3 --> "C:\Program Files\DVDVideoSoft\Free DVD Decrypter\unins000.exe"
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
    HijackThis 2.0.0 --> "C:\Documents and Settings\Gavin\Desktop\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Intel(R) PRO Network Connections Drivers --> Prounstl.exe
    Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
    iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
    Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
    Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Max DVD to AVI Converter --> "C:\Program Files\PowerImage\Max DVD to AVI Converter\unins000.exe"
    MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
    Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
    Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
    MP3 Player Utilities --> MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
    Nero 7 Ultra Edition --> MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
    Nero 8 Micro v8.0.3.0 --> "C:\Program Files\Nero\unins000.exe"
    Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
    Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng_web[1].exe
    Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
    Nokia Software Updater --> MsiExec.exe /X{3186AEAE-E104-424D-9152-1BF6A4404758}
    PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
    QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
    Riva Producer Lite --> "C:\Program Files\Riva\Riva Producer Lite\unins000.exe"
    Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Serif PhotoPlus 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEFCB74C-C49F-4327-8EDF-3A81A574AC0F}\Setup.exe" -l0x9
    Skill Builder DX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Setup\Skillb\Uninstall\setup.exe"
    Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
    Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
    SUPER © Version 2008.bld.25 (Feb 5, 2008) --> C:\DOCUME~1\Gavin\MYDOCU~1\MYFILE~1\SUPER\Setup.exe /remove /q0
    Uninstall 1.0.0.0 --> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
    VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
    Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
    Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
    Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
    Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
    Windows Driver Package - Nokia Modem (08/08/2007 3.3) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_32E2E448B53EE5B28E074D88802D0BAF984038DA\pccs_bluetooth.inf
    Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    Yahoo! Toolbar BETA --> C:\Program Files\Yahoo!\Common\unyt.exe


    -- Application Event Log

    Event Record #/Type33770 / Warning
    Event Submitted/Written: 04/09/2008 11:25:31 PM
    Event ID/Source: 32068 / Microsoft Fax
    Event Description:
    The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
    Country/region code: '*'
    Area code: '*'

    Event Record #/Type33769 / Warning
    Event Submitted/Written: 04/09/2008 11:25:31 PM
    Event ID/Source: 32026 / Microsoft Fax
    Event Description:
    Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
    No faxes can be sent or received until a fax device is installed.

    Event Record #/Type33742 / Warning
    Event Submitted/Written: 04/09/2008 08:46:52 PM
    Event ID/Source: 1001 / MsiInstaller
    Event Description:
    Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

    Event Record #/Type33741 / Warning
    Event Submitted/Written: 04/09/2008 08:46:52 PM
    Event ID/Source: 1004 / MsiInstaller
    Event Description:
    Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS', component '{ACD935F6-53F3-469B-842F-2CE17B80840C}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Interval' does not exist.

    Event Record #/Type33740 / Warning
    Event Submitted/Written: 04/09/2008 08:46:52 PM
    Event ID/Source: 1001 / MsiInstaller
    Event Description:
    Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type103254 / Warning
    Event Submitted/Written: 04/09/2008 11:45:04 PM
    Event ID/Source: 57 / Ftdisk
    Event Description:
    The system failed to flush data to the transaction log. Corruption may occur.

    Event Record #/Type103253 / Warning
    Event Submitted/Written: 04/09/2008 11:45:04 PM
    Event ID/Source: 57 / Ftdisk
    Event Description:
    The system failed to flush data to the transaction log. Corruption may occur.

    Event Record #/Type103152 / Warning
    Event Submitted/Written: 04/09/2008 03:21:36 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Event Record #/Type103108 / Error
    Event Submitted/Written: 04/08/2008 10:05:55 PM
    Event ID/Source: 7023 / Service Control Manager
    Event Description:
    The Application Management service terminated with the following error:
    %%126

    Event Record #/Type103104 / Error
    Event Submitted/Written: 04/08/2008 10:05:55 PM
    Event ID/Source: 7023 / Service Control Manager
    Event Description:
    The Application Management service terminated with the following error:
    %%126



    -- End of Deckard's System Scanner: finished at 2008-04-09 23:45:16


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Looking good

    Hows the PC running ?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    Seems going good, no redirecting to note.

    Cheers man. Can I delete the programs I download (although I'll most likely keep Malware Bytes)?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    One final thing
    • Make sure you have an Internet Connection.
    • Double-click OTMoveIt2.exe to run it.
    • Click on the CleanUp! button
    • A list of tool components used in the Cleanup of malware will be downloaded.
    • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
    • Click Yes to beging the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


    Uninstall your old versions of Java


    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type

    cleanmgr

    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



    Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
    http://www.adobe.com/products/acrobat/readstep2.html



    Below I have included a number of recommendations for how to protect your computer against malware infections.

    * Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

    * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
    SpywareBlaster protects against bad ActiveX
    IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
    Have a look at this tutorial for IE-Spyad here

    * SpywareGuard offers realtime protection from spyware installation attempts.

    Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
    Here

    Thank you for your patience, and performing all of the procedures requested.


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    Right done the steps above, just on the program one. Which one's would you recommend? and how many anti-malware/adware programs can I have?

    Will I run another DSS scan?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    No need for another DSS scan

    For anti-virus and firewall programs, you can only have one of each, I recommend AVG and Comodo

    For anti-spyware, you can have more than one, I recommend MBAM and Dr. Web Cureit

    Anything else ?


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    No that's it by the looks of it. Can I get rid of the programs I download throughout?



    Once again thanks very much.;)


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Yes you can but OTMoveIt should have done it


  • Registered Users, Registered Users 2 Posts: 17,974 ✭✭✭✭Gavin "shels"


    Yes you can but OTMoveIt should have done it


    It got rid of most of them, left one or two.


Advertisement