[hulk180]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DCDCDBDA-8243-4779-9906-9242D1851FE0}]
"AuthorizedCDFPrefix"=""
"Comments"="Your Comments"
"Contact"="Customer Support Department"
"DisplayVersion"="1.00.0000"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,79,00,6f,00,75,00,72,00,63,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,2e,\
00,63,00,6f,00,6d,00,2f,00,68,00,65,00,6c,00,70,00,00,00
"HelpTelephone"="1-408-955-4000"
"InstallDate"="20021205"
"InstallLocation"=""
"InstallSource"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\_is329\\"
"NoModify"=dword:00000001
"NoRemove"=dword:00000001
"Publisher"="Sony"
"Readme"=hex(2):52,00,65,00,61,00,64,00,6d,00,65,00,2e,00,74,00,78,00,74,00,00,\
00
"Size"=""
"EstimatedSize"=dword:00001545
"SystemComponent"=dword:00000001
"URLInfoAbout"="http://www.sony.com"
"URLUpdateInfo"="http://www.yourcompa...com/updateinfo"
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:01000000
"Language"=dword:00000409
"DisplayName"="SupportComPatch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD15857A-CC87-4261-9CF3-A533BC2E1140}]
"InstallLocation"="D:\\eq2"
"DisplayIcon"="D:\\eq2\\EverQuest2CC.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD18BE6E-F0B8-41DC-A9F3-AC1ABB918587}]
"AuthorizedCDFPrefix"=""
"Comments"="Your Comments"
"Contact"="Customer Support Department"
"DisplayVersion"="1.00.0000"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,79,00,6f,00,75,00,72,00,63,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,2e,\
00,63,00,6f,00,6d,00,2f,00,68,00,65,00,6c,00,70,00,00,00
"HelpTelephone"="1-555-555-4505"
"InstallDate"="20021210"
"InstallLocation"=""
"InstallSource"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\_is378\\"
"NoModify"=dword:00000001
"NoRemove"=dword:00000001
"Publisher"="Sony"
"Readme"=hex(2):52,00,65,00,61,00,64,00,6d,00,65,00,2e,00,74,00,78,00,74,00,00,\
00
"Size"=""
"EstimatedSize"=dword:00000b7c
"SystemComponent"=dword:00000001
"URLInfoAbout"="http://www.sony.com"
"URLUpdateInfo"="http://www.yourcompa...com/updateinfo"
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:01000000
"Language"=dword:00000409
"DisplayName"="Help and Support"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF0DD6E9-F673-4466-8353-70B50A506FD9}]
"UninstallString"="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{DF0DD6E9-F673-4466-8353-70B50A506FD9}\\setup.exe\" "
"DisplayName"="VAIO Media Platform 2.0"
"LogFile"="C:\\Program Files\\InstallShield Installation Information\\{DF0DD6E9-F673-4466-8353-70B50A506FD9}\\setup.ilg"
"DisplayIcon"="C:\\Program Files\\Common Files\\Sony Shared\\VAIO Media Platform\\UPnPFramework.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF733005-0F40-11D6-9254-0000F460E7A9}]
"UninstallString"="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{DF733005-0F40-11D6-9254-0000F460E7A9}\\setup.exe\" -l0x9 UNINSTALL"
"DisplayName"="VAIO Media Music Server 2.0"
"LogFile"="C:\\Program Files\\InstallShield Installation Information\\{DF733005-0F40-11D6-9254-0000F460E7A9}\\setup.ilg"
"DisplayIcon"="C:\\Program Files\\Sony\\VAIO Media Music Server\\SSSvr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="9.00.2980"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,67,00,6f,00,2e,00,\
6d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,63,00,6f,00,6d,\
00,2f,00,66,00,77,00,6c,00,69,00,6e,00,6b,00,2f,00,3f,00,4c,00,69,00,6e,00,\
6b,00,49,00,64,00,3d,00,39,00,36,00,34,00,37,00,00,00
"HelpTelephone"=""
"InstallDate"="20040804"
"InstallLocation"=""
"InstallSource"="C:\\WINDOWS\\Installer\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,45,00,33,00,38,00,43,00,30,00,30,00,44,00,\
30,00,2d,00,41,00,36,00,38,00,42,00,2d,00,34,00,33,00,31,00,38,00,2d,00,41,\
00,38,00,41,00,36,00,2d,00,46,00,37,00,44,00,34,00,42,00,35,00,42,00,31,00,\
44,00,46,00,30,00,45,00,7d,00,00,00
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00003736
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,45,00,33,00,38,00,43,00,30,00,30,00,44,\
00,30,00,2d,00,41,00,36,00,38,00,42,00,2d,00,34,00,33,00,31,00,38,00,2d,00,\
41,00,38,00,41,00,36,00,2d,00,46,00,37,00,44,00,34,00,42,00,35,00,42,00,31,\
00,44,00,46,00,30,00,45,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:00000009
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:09000ba4
"Language"=dword:00000409
"DisplayName"="Windows Media Encoder 9 Series"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E5EE9939-259F-4DE2-8023-5C49E16A4F43}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="11.0.2"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20050523"
"InstallLocation"=""
"InstallSource"="C:\\WINDOWS\\TEMP\\NAV\\NAV\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,45,00,35,00,45,00,45,00,39,00,39,00,33,00,\
39,00,2d,00,32,00,35,00,39,00,46,00,2d,00,34,00,44,00,45,00,32,00,2d,00,38,\
00,30,00,32,00,33,00,2d,00,35,00,43,00,34,00,39,00,45,00,31,00,36,00,41,00,\
34,00,46,00,34,00,33,00,7d,00,00,00
"Publisher"="Symantec Corp."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00000295
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,45,00,35,00,45,00,45,00,39,00,39,00,33,\
00,39,00,2d,00,32,00,35,00,39,00,46,00,2d,00,34,00,44,00,45,00,32,00,2d,00,\
38,00,30,00,32,00,33,00,2d,00,35,00,43,00,34,00,39,00,45,00,31,00,36,00,41,\
00,34,00,46,00,34,00,33,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:0000000b
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0b000002
"Language"=dword:00000409
"DisplayName"="Norton AntiVirus Parent MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F167B66E-1D99-4B3B-9C2E-F30117430D0B}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="2.0.37.20031006"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,68,00,70,00,2e,00,63,00,6f,00,6d,00,2f,00,73,00,75,00,70,00,70,00,6f,\
00,72,00,74,00,00,00
"HelpTelephone"=""
"InstallDate"="20040203"
"InstallLocation"=""
"InstallSource"="C:\\WINDOWS\\Hewlett-Packard\\Setup Files\\HP Software Update\\{E0476241-E6CA-4409-BC86-DE95C3E90FB0}\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,58,00,7b,00,46,00,31,00,36,00,37,00,42,00,36,00,36,00,\
45,00,2d,00,31,00,44,00,39,00,39,00,2d,00,34,00,42,00,33,00,42,00,2d,00,39,\
00,43,00,32,00,45,00,2d,00,46,00,33,00,30,00,31,00,31,00,37,00,34,00,33,00,\
30,00,44,00,30,00,42,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="Hewlett-Packard"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00000386
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,58,00,7b,00,46,00,31,00,36,00,37,00,42,00,36,00,36,\
00,45,00,2d,00,31,00,44,00,39,00,39,00,2d,00,34,00,42,00,33,00,42,00,2d,00,\
39,00,43,00,32,00,45,00,2d,00,46,00,33,00,30,00,31,00,31,00,37,00,34,00,33,\
00,30,00,44,00,30,00,42,00,7d,00,00,00
"URLInfoAbout"="http://www.hp.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000002
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:02000025
"Language"=dword:00000000
"DisplayName"="HP Software Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F34D9A5F-484A-4E31-A9D3-908CB265B289}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="5.6.2808"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,73,00,79,00,67,00,61,00,74,00,65,00,2e,00,63,00,6f,00,6d,00,2f,00,73,\
00,75,00,70,00,70,00,6f,00,72,00,74,00,2f,00,73,00,75,00,70,00,70,00,6f,00,\
72,00,74,00,5f,00,73,00,77,00,69,00,74,00,63,00,68,00,2e,00,68,00,74,00,6d,\
00,00,00
"HelpTelephone"=""
"InstallDate"="20050511"
"InstallLocation"=""
"InstallSource"="C:\\Program Files\\Common Files\\Wise Installation Wizard\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,46,00,33,00,34,00,44,00,39,00,41,00,35,00,\
46,00,2d,00,34,00,38,00,34,00,41,00,2d,00,34,00,45,00,33,00,31,00,2d,00,41,\
00,39,00,44,00,33,00,2d,00,39,00,30,00,38,00,43,00,42,00,32,00,36,00,35,00,\
42,00,32,00,38,00,39,00,7d,00,00,00
"Publisher"="Sygate Technologies, Inc."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00002ed8
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,46,00,33,00,34,00,44,00,39,00,41,00,35,\
00,46,00,2d,00,34,00,38,00,34,00,41,00,2d,00,34,00,45,00,33,00,31,00,2d,00,\
41,00,39,00,44,00,33,00,2d,00,39,00,30,00,38,00,43,00,42,00,32,00,36,00,35,\
00,42,00,32,00,38,00,39,00,7d,00,00,00
"URLInfoAbout"="http://www.sygate.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000005
"VersionMinor"=dword:00000006
"WindowsInstaller"=dword:00000001
"Version"=dword:05060af8
"Language"=dword:00000409
"DisplayName"="Sygate Personal Firewall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F61F2821-694C-475F-99AB-6AF2EFDF40FD}]
"AuthorizedCDFPrefix"=""
"Comments"="All URL's valid as of October 2001"
"Contact"="Customer Support Department"
"DisplayVersion"="12.00.0000"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,69,00,6e,00,74,00,75,00,69,00,74,00,2e,00,63,00,6f,00,6d,00,2f,00,73,\
00,75,00,70,00,70,00,6f,00,72,00,74,00,2f,00,71,00,75,00,69,00,63,00,6b,00,\
65,00,6e,00,00,00
"HelpTelephone"="1-900-555-4932"
"InstallDate"="20030221"
"InstallLocation"=""
"InstallSource"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\QUICK\\DISK1\\"
"NoModify"=dword:00000001
"NoRemove"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Intuit"
"Readme"=hex(2):52,00,65,00,61,00,64,00,6d,00,65,00,2e,00,74,00,78,00,74,00,00,\
00
"Size"=""
"EstimatedSize"=dword:00011518
"SystemComponent"=dword:00000001
"URLInfoAbout"="http://www.intuit.com"
"URLUpdateInfo"="http://www.intuit.co...uicken/updates"
"VersionMajor"=dword:0000000c
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0c000000
"Language"=dword:00000409
"DisplayName"="Quicken 2003 New User Edition"
"DisplayIcon"="C:\\Program Files\\Quicken\\qw2k31.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F64306A5-4C32-41bb-B153-53986527FAB4}]
"DisplayIcon"=",0"
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="2005.1.0.111"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20050523"
"InstallLocation"=""
"InstallSource"="C:\\WINDOWS\\TEMP\\NAV\\Support\\SymSC\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,58,00,7b,00,46,00,36,00,34,00,33,00,30,00,36,00,41,00,\
35,00,2d,00,34,00,43,00,33,00,32,00,2d,00,34,00,31,00,62,00,62,00,2d,00,42,\
00,31,00,35,00,33,00,2d,00,35,00,33,00,39,00,38,00,36,00,35,00,32,00,37,00,\
46,00,41,00,42,00,34,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Symantec Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00000265
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,58,00,7b,00,46,00,36,00,34,00,33,00,30,00,36,00,41,\
00,35,00,2d,00,34,00,43,00,33,00,32,00,2d,00,34,00,31,00,62,00,62,00,2d,00,\
42,00,31,00,35,00,33,00,2d,00,35,00,33,00,39,00,38,00,36,00,35,00,32,00,37,\
00,46,00,41,00,42,00,34,00,7d,00,00,00
"URLInfoAbout"="http://www.symantec.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:000007d5
"VersionMinor"=dword:00000001
"WindowsInstaller"=dword:00000001
"Version"=dword:d5010000
"Language"=dword:00000409
"DisplayName"="Norton WMI Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}]
"AuthorizedCDFPrefix"=""
"Comments"="Your Comments"
"Contact"="Customer Support Department"
"DisplayVersion"="1.20"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,79,00,6f,00,75,00,72,00,63,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,2e,\
00,63,00,6f,00,6d,00,2f,00,68,00,65,00,6c,00,70,00,00,00
"HelpTelephone"="1-555-555-4505"
"InstallDate"="20021205"
"InstallLocation"=""
"InstallSource"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\_is113\\"
"NoModify"=dword:00000001
"NoRemove"=dword:00000001
"Publisher"="Your Company Name"
"Readme"=hex(2):52,00,65,00,61,00,64,00,6d,00,65,00,2e,00,74,00,78,00,74,00,00,\
00
"Size"=""
"EstimatedSize"=dword:0000043e
"SystemComponent"=dword:00000001
"URLInfoAbout"="http://www.yourcompany.com"
"URLUpdateInfo"="http://www.yourcompa...com/updateinfo"
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000014
"WindowsInstaller"=dword:00000001
"Version"=dword:01140000
"Language"=dword:00000409
"DisplayName"="VAIO Survey Standalone"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE117AA8-6CF3-4F2D-96C9-CAE35C309704}]
"UninstallString"="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{FE117AA8-6CF3-4F2D-96C9-CAE35C309704}\\setup.exe\" "
"DisplayName"="KODAK Camera Connection Software"
"LogFile"="C:\\Program Files\\InstallShield Installation Information\\{FE117AA8-6CF3-4F2D-96C9-CAE35C309704}\\setup.ilg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF005ABC-1422-4BEC-91C4-DD5935E56AAA}]
"UninstallString"="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{FF005ABC-1422-4BEC-91C4-DD5935E56AAA}\\setup.exe\" "
"DisplayName"="DVD Creation"
"LogFile"="C:\\Program Files\\InstallShield Installation Information\\{FF005ABC-1422-4BEC-91C4-DD5935E56AAA}\\setup.ilg"










Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tgcmd"="\"c:\\program files\\support.com\\client\\bin\\tgcmd.exe\" /server"
"nwiz"="nwiz.exe /install"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="D:\\jackie\\iTunesHelper.exe"
"AWMON"="\"D:\\jackie\\AD-AWA~1\\Ad-Watch.exe\""
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"amzvpxgsby"="c:\\windows\\system32\\amzvpxgsby.exe -start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[Advertisements]

OK, it's still in the registry.

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ and delete amzvpxgsby

Try doing this in Normal Mode first. Use regedit again. If that can't find it, try using regedt32 (start->run) instead. And if that fails, see if RegistrarLite can find it.

If the above still fails, try using all 3 methods in safe mode.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

attrib -s -r -h c:\windows\system32\amzvpxgsby.exe
attrib -s -r -h C:\WINDOWS\SYSTEM32\mscloc~1.dll
attrib -s -r -h C:\WINDOWS\SYSTEM32\msploc~1.dll
del c:\windows\system32\amzvpxgsby.exe
del C:\WINDOWS\SYSTEM32\mscloc~1.dll
del C:\WINDOWS\SYSTEM32\msploc~1.dll

Save the file as "delete.bat" in your main C: drive. Make sure to save it with the quotes.

Now hit ctrl+alt+del and go to the processes tab. Look for explorer.exe and end that process. Your desktop icons and start menu will disappear, that's ok. Now go to File->New Task and type in c:\delete.bat and hit OK. A screen should come up and flash away quickly. Now go to File->New Task and type in explorer and hit OK.

Restart and post a new Silent Runners log.

[greyknight17]

OK, it's still in the registry.

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ and delete amzvpxgsby

Try doing this in Normal Mode first. Use regedit again. If that can't find it, try using regedt32 (start->run) instead. And if that fails, see if RegistrarLite can find it.

If the above still fails, try using all 3 methods in safe mode.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

attrib -s -r -h c:\windows\system32\amzvpxgsby.exe
attrib -s -r -h C:\WINDOWS\SYSTEM32\mscloc~1.dll
attrib -s -r -h C:\WINDOWS\SYSTEM32\msploc~1.dll
del c:\windows\system32\amzvpxgsby.exe
del C:\WINDOWS\SYSTEM32\mscloc~1.dll
del C:\WINDOWS\SYSTEM32\msploc~1.dll

Save the file as "delete.bat" in your main C: drive. Make sure to save it with the quotes.

Now hit ctrl+alt+del and go to the processes tab. Look for explorer.exe and end that process. Your desktop icons and start menu will disappear, that's ok. Now go to File->New Task and type in c:\delete.bat and hit OK. A screen should come up and flash away quickly. Now go to File->New Task and type in explorer and hit OK.

Restart and post a new Silent Runners log.

[hulk180]

Heres the reg search log for the file amzvpxgsby


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "amzvpxgsby" 5/27/2005 10:09:00 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amzvpxgsby"="c:\\windows\\system32\\amzvpxgsby.exe -start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\amzvpxgsby]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\amzvpxgsby]
"UninstallString"="c:\\windows\\system32\\amzvpxgsby.exe -uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\amzvpxgsby]
"DisplayName"="amzvpxgsby"

[HKEY_USERS\S-1-5-21-3445059235-2326974442-1771888417-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\windows\\system32\\amzvpxgsby.exe"="amzvpxgsby"









"Silent Runners.vbs", revision 37, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATI Launchpad" = ""D:\ATI\main\launchpd.exe"" ["ATI Technologies Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"tgcmd" = ""c:\program files\support.com\client\bin\tgcmd.exe" /server" ["Support.com, Inc."]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"iTunesHelper" = "D:\jackie\iTunesHelper.exe" ["Apple Computer, Inc."]
"AWMON" = ""D:\jackie\AD-AWA~1\Ad-Watch.exe"" ["Lavasoft Sweden"]
"HTpatch" = "C:\WINDOWS\htpatch.exe" [file not found]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" [file not found]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" [file not found]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [file not found]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [file not found]
"amzvpxgsby" = "c:\windows\system32\amzvpxgsby.exe -start" [null data]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{cc3ebf80-1a70-11d3-bdf2-00902745d0a9}" = "Mixman Shell Extention"
-> {CLSID}\InProcServer32\(Default) = "Tk421.dll" ["Mixman Technologies Inc."]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\shellext.dll" ["Eastman Kodak"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "D:\jackie\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "D:\security suite\shellhook.dll" ["TODO: <Firmenname>"]
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


Enabled Active Desktop and Wallpaper:
-------------------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Brooks Benjamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (VALUED-B8142DE8-Brooks Benjamin)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]
"McAfee.com Update Check (VALUED-B8142DE8-JACKIE WOOHOO)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]
"Norton AntiVirus - Scan my computer - JACKIE WOOHOO" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Registration reminder 2" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:2" [MS]
"Registration reminder 3" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:3" [MS]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 20 - 21


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "c:\program files\javasoft\jre1.4\1.4.1\bin\npjpi141.dll" [file not found]

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
"ButtonText" = "MoneySide"
"CLSIDExtension" = "{DD6687B5-CB43-4211-BFC9-2942CCBDCB3E}"


HOSTS file
----------

C:\WINDOWS\system32\Drivers\Etc\HOSTS

maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
dcfssvc, Dcfssvc, "C:\WINDOWS\System32\DRIVERS\dcfssvc.exe" ["Eastman Kodak Company"]
ewido security suite control, ewido security suite control, "D:\security suite\ewidoctrl.exe" ["ewido networks"]
iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Sygate Personal Firewall, SmcService, "D:\spf\smc.exe" ["Sygate Technologies, Inc."]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
VAIO Media Music Server (Application), VAIOMediaPlatform-MusicServer-AppServer, ""C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application)"" ["Sony Corporation"]
VAIO Media Music Server (HTTP), VAIOMediaPlatform-MusicServer-HTTP, ""C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP"" ["Sony Corporation"]
VAIO Media Music Server (UPnP), VAIOMediaPlatform-MusicServer-UPnP, "C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe" ["Sony Corporation"]
VAIO Media Photo Server (Application), VAIOMediaPlatform-PhotoServer-AppServer, "C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe" [empty string]
VAIO Media Photo Server (HTTP), VAIOMediaPlatform-PhotoServer-HTTP, ""C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP"" ["Sony Corporation"]
VAIO Media Photo Server (UPnP), VAIOMediaPlatform-PhotoServer-UPnP, "C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe" ["Sony Corporation"]
VAIO Media Video Server (Application), VAIOMediaPlatform-VideoServer-AppServer, ""C:\Program Files\Sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (Application)"" ["Sony Corporation"]
VAIO Media Video Server (HTTP), VAIOMediaPlatform-VideoServer-HTTP, ""C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP"" ["Sony Corporation"]
VAIO Media Video Server (UPnP), VAIOMediaPlatform-VideoServer-UPnP, "C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe" ["Sony Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

[greyknight17]

I will ask for more assistance on this. Man, this is one is giving us more problems than I thought.

Will get back to you as soon as I get a response from the other experts.

EDIT: OK, download GetLogXP and unzip it to your desktop. Double click on the GetLogXP.bat file to run it and post the log here.

[hulk180]

I went into safe mode and did a regsrch for amzvpxgsby and manually deleted them from the registry. That seemed to work. When i did a RegSrch for amzvpxgsby in normal mode, it came up with no instances of it.

Heres the fresh silent runners log:

"Silent Runners.vbs", revision 37, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATI Launchpad" = ""D:\ATI\main\launchpd.exe"" ["ATI Technologies Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"tgcmd" = ""c:\program files\support.com\client\bin\tgcmd.exe" /server" ["Support.com, Inc."]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"iTunesHelper" = "D:\jackie\iTunesHelper.exe" ["Apple Computer, Inc."]
"AWMON" = ""D:\jackie\AD-AWA~1\Ad-Watch.exe"" ["Lavasoft Sweden"]
"HTpatch" = "C:\WINDOWS\htpatch.exe" [file not found]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" [file not found]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" [file not found]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [file not found]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [file not found]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{cc3ebf80-1a70-11d3-bdf2-00902745d0a9}" = "Mixman Shell Extention"
-> {CLSID}\InProcServer32\(Default) = "Tk421.dll" ["Mixman Technologies Inc."]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\shellext.dll" ["Eastman Kodak"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "D:\jackie\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "D:\security suite\shellhook.dll" ["TODO: <Firmenname>"]
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


Enabled Active Desktop and Wallpaper:
-------------------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Brooks Benjamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (VALUED-B8142DE8-Brooks Benjamin)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]
"McAfee.com Update Check (VALUED-B8142DE8-JACKIE WOOHOO)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]
"Norton AntiVirus - Scan my computer - JACKIE WOOHOO" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Registration reminder 2" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:2" [MS]
"Registration reminder 3" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:3" [MS]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 20 - 21


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "c:\program files\javasoft\jre1.4\1.4.1\bin\npjpi141.dll" [file not found]

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
"ButtonText" = "MoneySide"
"CLSIDExtension" = "{DD6687B5-CB43-4211-BFC9-2942CCBDCB3E}"


HOSTS file
----------

C:\WINDOWS\system32\Drivers\Etc\HOSTS

maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
dcfssvc, Dcfssvc, "C:\WINDOWS\System32\DRIVERS\dcfssvc.exe" ["Eastman Kodak Company"]
ewido security suite control, ewido security suite control, "D:\security suite\ewidoctrl.exe" ["ewido networks"]
iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Sygate Personal Firewall, SmcService, "D:\spf\smc.exe" ["Sygate Technologies, Inc."]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
VAIO Media Music Server (Application), VAIOMediaPlatform-MusicServer-AppServer, ""C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application)"" ["Sony Corporation"]
VAIO Media Music Server (HTTP), VAIOMediaPlatform-MusicServer-HTTP, ""C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP"" ["Sony Corporation"]
VAIO Media Music Server (UPnP), VAIOMediaPlatform-MusicServer-UPnP, "C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe" ["Sony Corporation"]
VAIO Media Photo Server (Application), VAIOMediaPlatform-PhotoServer-AppServer, "C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe" [empty string]
VAIO Media Photo Server (HTTP), VAIOMediaPlatform-PhotoServer-HTTP, ""C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP"" ["Sony Corporation"]
VAIO Media Photo Server (UPnP), VAIOMediaPlatform-PhotoServer-UPnP, "C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe" ["Sony Corporation"]
VAIO Media Video Server (Application), VAIOMediaPlatform-VideoServer-AppServer, ""C:\Program Files\Sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (Application)"" ["Sony Corporation"]
VAIO Media Video Server (HTTP), VAIOMediaPlatform-VideoServer-HTTP, ""C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP"" ["Sony Corporation"]
VAIO Media Video Server (UPnP), VAIOMediaPlatform-VideoServer-UPnP, "C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe" ["Sony Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

[greyknight17]

That's great. Did you used regedit or regedt32 to do this?

Were you able to delete these two files:

C:\WINDOWS\SYSTEM32\mscloc~1.dll
C:\WINDOWS\SYSTEM32\msploc~1.dll

[hulk180]

When i click on the Getlog link it goes to a G2G screen saying I dont have permission to use this feature.

[hulk180]

I used regedt32. I didnt get the other 2 files-- I completely forgot about those. Ill go back into safe mode now and get them.

[greyknight17]

Hmm, the attachment must be for those with higher member status. We don't need it now since you got rid of it using regedt32.

Post back on the followup regarding those two dll files.

[hulk180]

In safe mode I deleted C:\WINDOWS\SYSTEM32\mscloc~1.dll, but could not find the other one. I did a search for it and a RegSrch (not sure if that would have found it tho) for it and nothing came up.

I ran the dllCompare and it found:

* DLLCompare Log version(1.0.0.125)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\msvcp70.dll Sat Jan 5 2002 4:40:18a A.S.. 487,424 476.00 K
________________________________________________

1,500 items found: 1,500 files (1 H/S), 0 directories.
Total of file sizes: 331,708,655 bytes 316.34 M

Administrator Account = True

--------------------End log---------------------



And heres the fresh silentrunners log:

"Silent Runners.vbs", revision 37, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATI Launchpad" = ""D:\ATI\main\launchpd.exe"" ["ATI Technologies Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"tgcmd" = ""c:\program files\support.com\client\bin\tgcmd.exe" /server" ["Support.com, Inc."]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"iTunesHelper" = "D:\jackie\iTunesHelper.exe" ["Apple Computer, Inc."]
"AWMON" = ""D:\jackie\AD-AWA~1\Ad-Watch.exe"" ["Lavasoft Sweden"]
"HTpatch" = "C:\WINDOWS\htpatch.exe" [file not found]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" [file not found]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" [file not found]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [file not found]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [file not found]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{cc3ebf80-1a70-11d3-bdf2-00902745d0a9}" = "Mixman Shell Extention"
-> {CLSID}\InProcServer32\(Default) = "Tk421.dll" ["Mixman Technologies Inc."]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\shellext.dll" ["Eastman Kodak"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "D:\jackie\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "D:\security suite\shellhook.dll" ["TODO: <Firmenname>"]
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


Enabled Active Desktop and Wallpaper:
-------------------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Brooks Benjamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (VALUED-B8142DE8-Brooks Benjamin)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]
"McAfee.com Update Check (VALUED-B8142DE8-JACKIE WOOHOO)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]
"Norton AntiVirus - Scan my computer - JACKIE WOOHOO" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Registration reminder 2" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:2" [MS]
"Registration reminder 3" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:3" [MS]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 20 - 21


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "c:\program files\javasoft\jre1.4\1.4.1\bin\npjpi141.dll" [file not found]

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
"ButtonText" = "MoneySide"
"CLSIDExtension" = "{DD6687B5-CB43-4211-BFC9-2942CCBDCB3E}"


HOSTS file
----------

C:\WINDOWS\system32\Drivers\Etc\HOSTS

maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
dcfssvc, Dcfssvc, "C:\WINDOWS\System32\DRIVERS\dcfssvc.exe" ["Eastman Kodak Company"]
ewido security suite control, ewido security suite control, "D:\security suite\ewidoctrl.exe" ["ewido networks"]
iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Sygate Personal Firewall, SmcService, "D:\spf\smc.exe" ["Sygate Technologies, Inc."]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
VAIO Media Music Server (Application), VAIOMediaPlatform-MusicServer-AppServer, ""C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application)"" ["Sony Corporation"]
VAIO Media Music Server (HTTP), VAIOMediaPlatform-MusicServer-HTTP, ""C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP"" ["Sony Corporation"]
VAIO Media Music Server (UPnP), VAIOMediaPlatform-MusicServer-UPnP, "C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe" ["Sony Corporation"]
VAIO Media Photo Server (Application), VAIOMediaPlatform-PhotoServer-AppServer, "C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe" [empty string]
VAIO Media Photo Server (HTTP), VAIOMediaPlatform-PhotoServer-HTTP, ""C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP"" ["Sony Corporation"]
VAIO Media Photo Server (UPnP), VAIOMediaPlatform-PhotoServer-UPnP, "C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe" ["Sony Corporation"]
VAIO Media Video Server (Application), VAIOMediaPlatform-VideoServer-AppServer, ""C:\Program Files\Sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (Application)"" ["Sony Corporation"]
VAIO Media Video Server (HTTP), VAIOMediaPlatform-VideoServer-HTTP, ""C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP"" ["Sony Corporation"]
VAIO Media Video Server (UPnP), VAIOMediaPlatform-VideoServer-UPnP, "C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe" ["Sony Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

[greyknight17]

I think you got it all

Your log is clean.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Make sure to get the latest updates for Windows and Internet Explorer at http://v5.windowsupd...t.aspx?ln=en-us.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.

[hulk180]

Thanks so much for the help. You all at G2G rock!

You definitely earned the donation! Dont spend it all in one place.

[greyknight17]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.