Here is the Main.txt log:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-10 20:35:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
7: 2008-04-11 00:35:36 UTC - RP8 - Deckard's System Scanner Restore Point
6: 2008-04-10 08:12:13 UTC - RP7 - System Checkpoint
5: 2008-04-09 08:03:41 UTC - RP6 - ComboFix created restore point
4: 2008-04-08 22:01:10 UTC - RP5 - Software Distribution Service 3.0
3: 2008-04-08 20:04:53 UTC - RP4 - ComboFix created restore point
-- First Restore Point --
1: 2008-04-07 18:54:55 UTC - RP2 - Good restore
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 448 MiB (512 MiB recommended).-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:33 PM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspxO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 10030 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\Owner\Desktop\backups\) ---------------
backup-20080408-032720-191 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20080408-032720-213 O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
backup-20080408-032720-329 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20080408-032720-374 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080408-032720-382 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20080408-032720-433 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20080408-032720-462 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20080408-032720-516 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20080408-032720-541 O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
backup-20080408-032720-555 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20080408-032720-594 O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
backup-20080408-032720-688 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20080408-032720-698 O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
backup-20080408-032720-750 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
backup-20080408-032720-793 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20080408-032720-812 O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
backup-20080408-032720-890 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20080408-032720-927 O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
backup-20080409-035941-148 O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
backup-20080409-035941-268 O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
backup-20080409-035941-406 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
backup-20080409-035941-415 O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
backup-20080409-035941-543 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20080409-035941-600 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20080409-035941-614 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20080409-035941-778 O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
backup-20080409-035941-801 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20080409-035941-866 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20080409-035941-873 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20080409-035942-337 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20080409-035942-407 O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
backup-20080409-035942-615 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20080409-035942-821 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20080409-035942-981 O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
S3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-10 20:06:03 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-04 22:02:21 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job
-- Files created between 2008-03-10 and 2008-04-10 -----------------------------
2008-04-09 04:35:24 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-08 16:04:12 68096 --a------ C:\WINDOWS\zip.exe
2008-04-08 16:04:12 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-08 16:04:12 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-08 16:04:12 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-08 16:04:12 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-08 16:04:12 98816 --a------ C:\WINDOWS\sed.exe
2008-04-08 16:04:12 80412 --a------ C:\WINDOWS\grep.exe
2008-04-08 16:04:12 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-08 04:08:03 0 d-------- C:\VundoFix Backups
2008-04-08 03:42:51 0 d-------- C:\WINDOWS\ERUNT
2008-04-07 15:20:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-04-07 15:19:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\McAfee
2008-04-07 15:19:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-07 15:19:21 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-07 15:19:21 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-07 15:19:21 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-07 15:19:21 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-07 15:19:21 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-07 15:19:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-07 15:19:21 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-07 15:19:20 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-07 15:19:20 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-07 15:19:20 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-07 15:19:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-07 15:19:20 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-07 15:19:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-07 15:19:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-07 15:19:20 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-07 15:19:18 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-07 03:14:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-07 02:55:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-07 02:55:52 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-04-07 02:55:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 10:34:16 0 d-------- C:\WINDOWS\system32\bits
2008-04-06 10:17:40 0 d-------- C:\WINDOWS\pss
2008-04-05 21:06:29 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-05 21:06:04 0 d-------- C:\127b4ffeef588c701a9d90
2008-04-05 21:03:14 0 d-------- C:\Program Files\Windows Defender
2008-04-05 15:00:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-04-05 15:00:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-05 14:13:54 28928 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-04-05 14:13:53 31744 --a------ C:\WINDOWS\msapasrc.dll
2008-04-05 14:13:53 14592 --a------ C:\WINDOWS\msa64chk.dll
2008-04-05 14:13:52 21248 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-04-05 14:13:52 11520 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-04-05 14:13:52 25856 --a------ C:\WINDOWS\shdocpl.dll
2008-04-05 14:13:52 18176 --a------ C:\WINDOWS\ntnut.exe
2008-04-05 14:13:51 31232 --a------ C:\WINDOWS\winsb.dll
2008-04-05 14:13:51 20480 --a------ C:\WINDOWS\shdocpe.dll
2008-04-05 14:13:51 17152 --a------ C:\WINDOWS\browserad.dll
2008-04-05 14:13:51 29184 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-05 14:13:50 12800 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-05 14:13:50 24320 --a------ C:\WINDOWS\avifile32.dll
2008-04-05 14:13:50 11264 --a------ C:\WINDOWS\autodisc32.dll
2008-04-05 14:13:50 12544 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-05 14:13:50 22016 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-05 14:13:50 23040 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-05 14:13:49 20480 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-05 14:13:49 15872 --a------ C:\WINDOWS\athprxy32.dll
2008-04-05 14:13:49 26368 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-05 14:13:49 10752 --a------ C:\WINDOWS\asferror32.dll
2008-04-05 14:13:49 25344 --a------ C:\WINDOWS\apphelp32.dll
2008-04-05 13:42:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-05 13:42:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-04-05 13:42:52 0 d-------- C:\Documents and Settings\LocalService\Application Data\Real
2008-04-05 13:42:51 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-05 13:42:47 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-05 13:42:43 91563 -----n--- C:\WINDOWS\lfn.exe
2008-04-04 17:14:13 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-04 16:58:43 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-04 16:58:43 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-03 15:16:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-04-02 18:23:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Template
2008-04-02 18:23:08 0 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
-- Find3M Report ---------------------------------------------------------------
2008-04-09 13:09:34 0 d-------- C:\Program Files\Common Files
2008-04-08 17:46:52 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2008-04-08 15:52:38 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-07 13:09:38 2158 --a------ C:\WINDOWS\mozver.dat
2008-04-06 22:04:50 0 d-------- C:\Program Files\Norton AntiVirus
2008-04-06 10:33:25 0 d-------- C:\Program Files\Real
2008-04-04 17:25:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-04-04 15:59:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2008-03-09 15:44:08 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-03-09 13:31:29 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-09 13:31:28 0 d-------- C:\Program Files\Nero
2008-03-09 12:58:48 0 d-------- C:\Program Files\Ahead
2008-03-09 12:55:33 0 d-------- C:\Program Files\Java
2008-03-08 21:21:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-03-04 22:54:25 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-04 22:53:24 0 d-------- C:\Program Files\Common Files\Real
2008-03-03 21:09:56 0 d-------- C:\Program Files\Windows Live
2008-03-03 04:00:36 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-02 21:31:45 0 d-------- C:\Program Files\Google
2008-03-02 18:29:00 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-03-02 17:55:16 0 d-------- C:\Program Files\LimeWire
2008-03-02 17:20:59 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-02 17:20:43 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-02 17:19:26 0 d-------- C:\Program Files\Windows Live Favorites
2008-03-02 17:11:31 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 17:10:14 0 d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2008-03-02 17:10:09 0 d-------- C:\Program Files\MySpace
2008-02-29 04:22:02 0 d-------- C:\Program Files\Messenger
2008-02-29 04:02:10 0 d-------- C:\Program Files\MSXML 4.0
2008-02-29 02:50:45 0 d-------- C:\Program Files\Pure Networks
2008-02-29 02:47:11 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-02-28 23:47:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-28 23:47:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-02-28 22:56:14 0 d-------- C:\Program Files\BigFix
2008-02-28 22:56:03 0 d-------- C:\Program Files\Common Files\AOL
2008-02-28 22:40:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-02-28 16:59:07 0 d-------- C:\Program Files\Intel
2008-02-28 16:57:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-02-28 15:51:39 0 d-------- C:\Program Files\Symantec
2008-02-28 15:51:13 0 d-------- C:\Program Files\SymNetDrv
2008-02-28 15:48:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-02-28 12:49:53 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-02-28 12:48:34 0 d-------- C:\Program Files\Digital Media Reader
2008-02-28 12:48:23 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-28 12:46:15 0 d-------- C:\Program Files\CyberLink
2008-02-28 12:46:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-28 12:45:36 0 d-------- C:\Program Files\Microsoft Works
2008-02-28 12:43:43 0 d-------- C:\Program Files\QuickTime
2008-02-28 12:43:34 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-02-28 12:42:37 335 --a------ C:\WINDOWS\nsreg.dat
2008-02-28 12:41:38 0 d-------- C:\Program Files\Microsoft Money
2008-02-28 12:41:05 0 d-------- C:\Program Files\MSN Encarta Plus
2008-02-28 12:40:57 0 d-------- C:\Program Files\NVIDIA Corporation
2008-02-28 12:40:57 0 d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-02-28 12:39:36 0 d-------- C:\Program Files\Common Files\Java
2008-02-28 12:39:31 0 d-------- C:\Program Files\Common Files\New Boundary
2008-02-28 12:23:43 60 --a------ C:\MOVE_RECOVERY
2008-02-01 12:11:10 586240 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
12/17/2007 12:12 PM 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [08/04/2004 03:00 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 04:42 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/17/2008 11:42 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/12/2004 05:50 AM]
"nwiz"="nwiz.exe" [07/12/2004 05:50 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/12/2004 05:50 AM]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [06/04/2004 12:51 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 11:42 PM]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [10/18/2004 06:05 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [02/28/2008 03:51 PM]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [12/17/2007 12:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/04/2008 10:51 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [01/22/2008 07:43 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [02/01/2008 04:32 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/05/2008 02:23 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [10/28/2005 04:25 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
-- End of Deckard's System Scanner: finished at 2008-04-10 20:48:27 ------------
Here's the extra.txt log
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Sempron 3000+
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 447.48 MiB / 111.74 MiB
Pagefile Memory (total/avail): 1057.42 MiB / 466.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.95 MiB
C: is Fixed (NTFS) - 69.57 GiB total, 49.5 GiB free.
D: is Fixed (FAT32) - 4.95 GiB total, 2.87 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
\\.\PHYSICALDRIVE0 - WDC WD800BB-22JHA0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 69.57 GiB - C:
\PARTITION1 - Unknown - 4.96 GiB - D:
\\.\PHYSICALDRIVE1 - eM Bay Reader USB Device
\\.\PHYSICALDRIVE2 - eM Bay Reader USB Device
\\.\PHYSICALDRIVE3 - eM Bay Reader USB Device
\\.\PHYSICALDRIVE4 - eM Bay Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FW: Norton Internet Worm Protection v2005 (Symantec)
FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Norton AntiVirus 2005 v2005 (Symantec Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PISTOL357
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\PISTOL357
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Intel\DMIX
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=PISTOL357
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GTOneCare --> MsiExec.exe /X{72690A58-4C2A-4CDE-928C-DF925B125F43}
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Documents and Settings\Owner\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Network Connections 12.4.38.0 --> MsiExec.exe /i{888D0F50-FF0A-4808-966E-23D63277BF2A} ARPREMOVE=1
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Live OneCare Resources v2.0.2500.22 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}
Microsoft Windows OneCare Live v2.0.2500.22 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Windows OneCare Live v2.0.2500.22 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nero 7 Demo --> MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NvMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\setup.exe" -uninstall
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Live OneCare Family Safety --> MsiExec.exe /X{3403CB31-D7C1-43F4-9D2F-579758C0CF09}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type1933 / Error
Event Submitted/Written: 04/10/2008 08:22:44 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Norton AntiVirus 2005 -- Norton AntiVirus 2005 does not support the Repair feature, please uninstall and reinstall.
Event Record #/Type1932 / Warning
Event Submitted/Written: 04/10/2008 08:22:43 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{C6F5B6CF-609C-428E-876F-CA83176C021B}', feature 'Complete' failed during request for component '{6EA56B47-0667-460E-A91B-53AA80E3616D}'
Event Record #/Type1931 / Warning
Event Submitted/Written: 04/10/2008 08:22:43 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{C6F5B6CF-609C-428E-876F-CA83176C021B}', feature 'Complete', component '{6DD22B40-C9AA-4632-A6C3-F364E77568C0}' failed. The resource 'C:\Program Files\Norton AntiVirus\Quarantine\Portal\' does not exist.
Event Record #/Type1929 / Error
Event Submitted/Written: 04/10/2008 08:22:43 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Norton AntiVirus 2005 -- Norton AntiVirus 2005 does not support the Repair feature, please uninstall and reinstall.
Event Record #/Type1928 / Warning
Event Submitted/Written: 04/10/2008 08:22:41 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{C6F5B6CF-609C-428E-876F-CA83176C021B}', feature 'Complete' failed during request for component '{6EA56B47-0667-460E-A91B-53AA80E3616D}'
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type4722 / Warning
Event Submitted/Written: 04/10/2008 08:32:58 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type4720 / Warning
Event Submitted/Written: 04/10/2008 08:12:07 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%NT AUTHORITY29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NT AUTHORITY29 can't undo changes that you allow.
For more information please see the following:
%NT AUTHORITY295
Scan ID: {97467A35-EC50-48F5-AE3D-C706BA09E103}
Agent: %NT AUTHORITY43
User: NT AUTHORITY\SYSTEM
Name: %NT AUTHORITY291
ID: %NT AUTHORITY292
Severity: 1.5.1944.05
Category: 1.5.1944.06
Path Found: %NT AUTHORITY296
Alert Type: %NT AUTHORITY298
Process Name: C:\WINDOWS\system32\svchost.exe
Detection Type: 1.5.1944.02
Status: 1.5.1944.00
Event Record #/Type4719 / Warning
Event Submitted/Written: 04/10/2008 07:12:07 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%NT AUTHORITY29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NT AUTHORITY29 can't undo changes that you allow.
For more information please see the following:
%NT AUTHORITY295
Scan ID: {3C7AF1B4-7279-4F32-9397-15DAC3CA3854}
Agent: %NT AUTHORITY43
User: NT AUTHORITY\SYSTEM
Name: %NT AUTHORITY291
ID: %NT AUTHORITY292
Severity: 1.5.1944.05
Category: 1.5.1944.06
Path Found: %NT AUTHORITY296
Alert Type: %NT AUTHORITY298
Process Name: C:\WINDOWS\system32\svchost.exe
Detection Type: 1.5.1944.02
Status: 1.5.1944.00
Event Record #/Type4718 / Warning
Event Submitted/Written: 04/10/2008 06:12:06 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%NT AUTHORITY29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NT AUTHORITY29 can't undo changes that you allow.
For more information please see the following:
%NT AUTHORITY295
Scan ID: {7D8E34A4-F0EC-4990-B64F-683F424B894A}
Agent: %NT AUTHORITY43
User: NT AUTHORITY\SYSTEM
Name: %NT AUTHORITY291
ID: %NT AUTHORITY292
Severity: 1.5.1944.05
Category: 1.5.1944.06
Path Found: %NT AUTHORITY296
Alert Type: %NT AUTHORITY298
Process Name: C:\WINDOWS\system32\svchost.exe
Detection Type: 1.5.1944.02
Status: 1.5.1944.00
Event Record #/Type4717 / Warning
Event Submitted/Written: 04/10/2008 05:12:07 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%NT AUTHORITY29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NT AUTHORITY29 can't undo changes that you allow.
For more information please see the following:
%NT AUTHORITY295
Scan ID: {F13E8ECF-15E5-4BC3-B7BF-A62B6DEF8AA6}
Agent: %NT AUTHORITY43
User: NT AUTHORITY\SYSTEM
Name: %NT AUTHORITY291
ID: %NT AUTHORITY292
Severity: 1.5.1944.05
Category: 1.5.1944.06
Path Found: %NT AUTHORITY296
Alert Type: %NT AUTHORITY298
Process Name: C:\WINDOWS\system32\svchost.exe
Detection Type: 1.5.1944.02
Status: 1.5.1944.00
-- End of Deckard's System Scanner: finished at 2008-04-10 20:48:27 ------------
Here is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:46 PM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live&