I found this forum via this result from google:

http://www.computing.net/security/w...

I have read and attempted the points in that post, but AVG scanned the system in safe mode and found nothing, and I still have these damned pop-up windows telling me to download their software and Norton thankfully manages to block their auto-install of Win Fixer and other assorted nasties...

So I thought if someone were able to assist me personally I might have some more luck?

I have downloaded all the softwares mentioned in the above post, but feel free to repeat yourselves and we'll see how far we can get. This is the final thing I'm trying before yet another wipe of the C drive and start again :)

Thanks!

Ollie

I'm supposing you have Hijack This downloaded and installed. Rename hijackthis.exe as that sometime helps locate the baddies. Go to start> search> files and folders> type in the top space "hijackthis.exe" without the quotes> click search> when it is found in the right pane (looks like a pile of dynamite)>right click on it> click rename> rename it "show.exe" without the quotes> click a blank space on the screen.

Please download VundoFix.exe to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Post the log located at C:Vundofix.txt and a Hijack This log.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.

Vundofix.txt:

VundoFix V6.3.18

Checking Java version...

Java version is 1.5.0.10

Scan started at 2:33:09 p.m. 2/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\mndivcru.dll
C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini2
C:\WINDOWS\system32\qttss.tmp
C:\WINDOWS\system32\rqrqopn.dll
C:\WINDOWS\system32\ssttq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mndivcru.dll
C:\WINDOWS\system32\mndivcru.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.ini2
C:\WINDOWS\system32\qttss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.tmp
C:\WINDOWS\system32\qttss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqopn.dll
C:\WINDOWS\system32\rqrqopn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.3.18

Checking Java version...

Java version is 1.5.0.10

Scan started at 2:43:21 p.m. 2/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\klnmp.bak1
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\rqrqopn.dll
C:\WINDOWS\system32\ssttq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\klnmp.bak1
C:\WINDOWS\system32\klnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pmnlk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\rqrqopn.dll
C:\WINDOWS\system32\rqrqopn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pmnlk.dll Has been deleted!

Performing Repairs to the registry.
Done!

HiJackThis.log:

Logfile of HijackThis v1.99.1
Scan saved at 15:21, on 07-04-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Cordless USB Phone\Vtech Cordless Phone Suite.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\show.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.photomax.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {818D8AC2-6F15-410E-A4C9-FBD8F0050F82} - C:\WINDOWS\system32\rqrqopn.dll (file missing)
O2 - BHO: (no name) - {8E4415F2-29C8-4262-8837-F1B78307DE35} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BC293B1C-34B9-473A-A950-486F46761AA7} - C:\WINDOWS\system32\ssttq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: usb7100 Startup.lnk = C:\Program Files\Cordless USB Phone\Vtech Cordless Phone Suite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
O16 - DPF: {DABFA9AD-4E31-43F4-9D60-4CDD20F57F28} (PhotomaxUploader.ActiveXControl) - http://www.photomax.com/web/Photoma...
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

ComboFix.txt:

"Ollie" - 07-04-02 14:57:00 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Ollie\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-03-02 to 2007-04-02 ))))))))))))))))))))))))))))))))))

2007-04-02 14:33 <DIR> d-------- C:\VundoFix Backups
2007-04-02 14:00 2,554 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-02 13:59 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-02 13:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-02 13:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-02 13:59 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-02 13:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-02 13:59 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-02 13:49 <DIR> d-------- C:\!KillBox
2007-04-02 11:01 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-02 11:01 <DIR> d-------- C:\Program Files\AVG Anti-Spyware 7.5
2007-04-02 10:47 <DIR> dr-h----- C:\MSOCache
2007-04-02 10:34 <DIR> d-------- C:\Program Files\ISO Recorder
2007-04-02 09:57 96,256 --a------ C:\WINDOWS\system32\drivers\sptd9981.sys
2007-04-02 09:57 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-01 22:54 135,680 --a------ C:\WINDOWS\system32\taskmgr2.exe
2007-04-01 14:34 <DIR> d-------- C:\Program Files\SmartSound Software
2007-04-01 14:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
2007-04-01 14:32 <DIR> d-------- C:\Program Files\CyberLink
2007-04-01 01:43 <DIR> d-------- C:\WINDOWS\Sun
2007-04-01 01:43 <DIR> d-------- C:\DOCUME~1\Ollie\APPLIC~1\Sun
2007-04-01 01:42 <DIR> d-------- C:\Program Files\Java
2007-04-01 01:42 <DIR> d-------- C:\Program Files\Common Files\Java
2007-03-30 12:36 <DIR> d-------- C:\DOCUME~1\Ollie\APPLIC~1\CD-LabelPrint
2007-03-29 16:20 <DIR> d-------- C:\Program Files\cdTree
2007-03-29 02:21 <DIR> d-------- C:\DOCUME~1\Ollie\APPLIC~1\Ahead
2007-03-29 02:20 <DIR> d-------- C:\Program Files\Nero
2007-03-29 02:20 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-03-29 02:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-03-28 15:18 <DIR> d-------- C:\WINDOWS\system32\EWS
2007-03-28 15:18 <DIR> d-------- C:\Program Files\Skylook
2007-03-26 22:02 <DIR> d-------- C:\Program Files\THErename
2007-03-26 17:44 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-03-26 17:42 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-03-26 17:42 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-26 12:36 <DIR> d-------- C:\DOCUME~1\Ollie\APPLIC~1\Opera
2007-03-26 11:39 94,210 --a------ C:\WINDOWS\system32\MSSMO.dll
2007-03-26 11:39 31,746 --a------ C:\WINDOWS\system32\SOAPISAP.dll
2007-03-26 11:39 25,090 --a------ C:\WINDOWS\system32\WiSC10.dll
2007-03-26 11:39 235,528 --a------ C:\WINDOWS\system32\mssoap1.dll
2007-03-26 11:39 23,554 --a------ C:\WINDOWS\system32\MSSOAPR.dll
2007-03-26 11:39 20,482 --a------ C:\WINDOWS\system32\XHSC10.dll
2007-03-26 11:39 169,986 --a------ C:\WINDOWS\system32\HLSC10.dll
2007-03-26 11:39 0 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-03-25 16:11 <DIR> d-------- C:\DVD
2007-03-25 14:18 7,680 --a------ C:\WINDOWS\system32\CNMVS6l.DLL
2007-03-25 14:18 116,736 --a------ C:\WINDOWS\system32\CNMLM6l.DLL
2007-03-25 14:18 <DIR> d--h----- C:\BJPrinter
2007-03-25 14:16 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-25 14:14 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2007-03-25 14:11 <DIR> d-------- C:\Program Files\Canon
2007-03-25 13:33 <DIR> d-------- C:\DOCUME~1\Ollie\APPLIC~1\WTablet
2007-03-25 13:32 6,272 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2007-03-25 13:32 5,632 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2007-03-24 00:05 <DIR> d-------- C:\Program Files\Cordless USB Phone
2007-03-23 15:25 <DIR> d-------- C:\DOCUME~1\Ollie\APPLIC~1\AdobeUM
2007-03-23 12:53 <DIR> d--h----- C:\DOCUME~1\Ollie\APPLIC~1\Move Networks
2007-03-23 10:32 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-03-23 10:32 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-03-23 10:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-03-23 10:29 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-03-23 10:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
2007-03-22 23:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\CyberLink
2007-03-22 22:19 <DIR> d-------- C:\DOCUME~1\Ollie\APPLIC~1\CyberLink
2007-03-22 22:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-03-22 22:13 <DIR> d-------- C:\Program Files\QuickTime
2007-03-22 22:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-03-22 22:11 <DIR> d-------- C:\MyWorks
2007-03-22 21:36 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-03-22 17:05 <DIR> d-------- C:\DOCUME~1\Ollie\APPLIC~1\InterVideo
2007-03-22 17:02 <DIR> d-------- C:\Program Files\InterActual
2007-03-22 17:02 <DIR> d-------- C:\Program Files\DivX
2007-03-22 16:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-03-22 16:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-03-22 16:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-03-22 16:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-03-22 16:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-03-22 16:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-03-22 16:57 <DIR> d-------- C:\Program Files\InterVideo
2007-03-22 16:57 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2007-03-22 14:48 <DIR> d-------- C:\DOCUME~1\Ollie\APPLIC~1\uTorrent
2007-03-22 14:47 177,152 --a------ C:\Program Files\utorrent.exe
2007-03-22 14:43 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-03-22 14:27 <DIR> d-------- C:\DOCUME~1\Ollie\APPLIC~1\Adobe
2007-03-22 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-03-22 14:21 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-03-22 14:19 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-03-22 13:38 <DIR> d-------- C:\DOCUME~1\Ollie\APPLIC~1\Google
2007-03-22 13:23 29,968 --a------ C:\WINDOWS\system32\mdimon.dll
2007-03-22 13:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-03-22 13:02 <DIR> d-------- C:\Program Files\Skype
2007-03-22 13:02 <DIR> d-------- C:\Program Files\Google
2007-03-22 13:02 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-03-22 13:02 <DIR> d-------- C:\DOCUME~1\Ollie\APPLIC~1\Skype
2007-03-22 13:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-03-22 13:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-03-22 12:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-03-22 12:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
2007-03-22 12:43 <DIR> d-------- C:\Program Files\Logitech
2007-03-22 12:40 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-22 12:40 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-03-22 12:40 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-22 12:40 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-22 12:40 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-22 12:40 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-22 12:40 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-22 12:40 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-22 12:40 <DIR> d-------- C:\Program Files\Common Files\logishrd
2007-03-22 12:36 8,138 --------- C:\WINDOWS\system32\drivers\PenClass.sys
2007-03-22 12:36 337 --a------ C:\WINDOWS\system32\tablet.dat
2007-03-22 12:36 140,848 --a------ C:\WINDOWS\system32\Wintab32.dll
2007-03-22 12:36 <DIR> d-------- C:\WINDOWS\system32\WTablet
2007-03-22 12:35 1,013,296 --a------ C:\WINDOWS\system32\Tablet.exe
2007-03-22 12:35 <DIR> d-------- C:\Program Files\Tablet
2007-03-22 12:04 151,552 -ra------ C:\WINDOWS\system32\stacapi.dll
2007-03-22 12:04 109,056 -ra------ C:\WINDOWS\system32\staco.dll
2007-03-22 12:04 1,021,608 -ra------ C:\WINDOWS\system32\drivers\sthda.sys
2007-03-22 12:04 <DIR> d-------- C:\Program Files\Sigmatel
2007-03-22 11:25 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000007-00000000-00000001-00001102-00000002-80661102}.dat
2007-03-22 11:25 24 --a------ C:\WINDOWS\system32\DVCState-{00000007-00000000-00000001-00001102-00000002-80661102}.dat
2007-03-22 11:06 20,480 --a------ C:\WINDOWS\INRES.DLL
2007-03-22 11:06 <DIR> d-------- C:\WINDOWS\system32\Data
2007-03-22 10:59 <DIR> d-------- C:\Program Files\Creative
2007-03-22 10:58 36,864 -ra------ C:\WINDOWS\system32\sfman32.dll
2007-03-22 10:58 36,864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2007-03-22 10:58 270,336 --a------ C:\WINDOWS\system32\SFMS32.DLL
2007-03-22 10:58 184,320 --a------ C:\WINDOWS\PSCONV.EXE
2007-03-22 10:58 176,128 --a------ C:\WINDOWS\READREG.EXE
2007-03-22 10:57 998,004 -ra------ C:\WINDOWS\system32\drivers\ha10kx2k.sys
2007-03-22 10:57 94,208 --a------ C:\WINDOWS\DEVREG.DLL
2007-03-22 10:57 837,548 -ra------ C:\WINDOWS\system32\drivers\ctaud2k.sys
2007-03-22 10:57 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL
2007-03-22 10:57 65,536 -ra------ C:\WINDOWS\system32\a3d.dll
2007-03-22 10:57 643,072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL
2007-03-22 10:57 61,440 --a------ C:\WINDOWS\MIDIDEF.EXE
2007-03-22 10:57 57,344 --a------ C:\WINDOWS\system32\CTAGENT.DLL
2007-03-22 10:57 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL
2007-03-22 10:57 49,152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2007-03-22 10:57 49,152 --a------ C:\WINDOWS\CTDCRES.DLL
2007-03-22 10:57 44,055 -ra------ C:\WINDOWS\system32\ctdaught.dat
2007-03-22 10:57 36,864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL
2007-03-22 10:57 319,488 --a------ C:\WINDOWS\system32\CTDEVCON.DLL
2007-03-22 10:57 28,672 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL
2007-03-22 10:57 24,576 --a------ C:\WINDOWS\system32\CTHELPER.EXE
2007-03-22 10:57 213,860 -ra------ C:\WINDOWS\system32\drivers\ctsfm2k.sys
2007-03-22 10:57 195,432 -ra------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2007-03-22 10:57 179,669 -ra------ C:\WINDOWS\system32\ctstatic.dat
2007-03-22 10:57 164,044 --a------ C:\WINDOWS\system32\ctdlang.dat
2007-03-22 10:57 156,604 -ra------ C:\WINDOWS\system32\drivers\emupia2k.sys
2007-03-22 10:57 155,648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL
2007-03-22 10:57 135,168 --a------ C:\WINDOWS\system32\OPENAL32.DLL
2007-03-22 10:57 127,948 -ra------ C:\WINDOWS\system32\drivers\ctac32k.sys
2007-03-22 10:57 113,373 -ra------ C:\WINDOWS\system32\ctbasicw.dat
2007-03-22 10:57 113,273 --a------ C:\WINDOWS\system32\CTBAS2W.DAT
2007-03-22 10:57 110,592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL
2007-03-22 10:57 110,592 --a------ C:\WINDOWS\system32\COMMONFX.DLL
2007-03-22 10:57 11,068 -ra------ C:\WINDOWS\system32\drivers\ctprxy2k.sys
2007-03-22 10:57 106,496 --a------ C:\WINDOWS\system32\CTDPROXY.DLL
2007-03-22 10:57 106,496 --a------ C:\WINDOWS\system32\CTASIO.DLL
2007-03-22 10:24 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-03-22 10:24 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-03-22 10:23 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-22 10:23 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-22 10:23 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-22 10:23 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-22 10:23 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-22 10:23 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-03-22 10:23 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-03-22 10:23 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-22 10:23 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-22 10:23 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-22 10:23 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-22 10:23 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-22 10:23 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-22 10:23 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2007-03-22 10:23 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-22 10:23 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-22 10:23 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-22 10:23 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-22 10:23 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-22 10:23 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-03-22 10:22 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-22 10:22 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-22 10:22 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-22 10:22 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-22 10:22 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-22 10:22 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-22 10:22 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-22 10:22 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-22 10:22 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-22 10:22 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-22 10:22 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-22 10:22 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-22 10:22 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-22 10:22 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-22 10:22 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-22 10:22 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-22 10:22 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-22 10:22 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-22 10:22 <DIR> dr------- C:\Program Files
2007-03-22 10:22 <DIR> d--hs---- C:\WINDOWS\Installer
2007-03-22 10:22 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-22 10:22 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-03-22 10:21 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-22 10:21 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-03-22 10:21 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-22 10:21 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-22 10:21 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-22 10:21 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-22 10:21 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-22 10:21 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-22 10:21 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-22 10:21 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-22 10:21 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-22 10:21 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-22 10:21 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-22 10:21 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-22 10:21 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-22 10:21 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-22 10:21 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-22 10:21 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-22 10:21 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-22 10:21 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-22 10:21 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-22 10:21 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-22 10:21 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-22 10:21 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-22 10:21 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-22 10:21 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-22 10:21 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-22 10:21 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-22 10:21 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-22 10:21 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-22 10:21 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-22 10:21 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-22 10:21 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-22 10:21 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-22 10:21 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-22 10:21 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-22 10:21 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-03-22 10:20 <DIR> d--hs---- C:\System Volume Information
2007-03-22 10:20 <DIR> d-------- C:\Documents and Settings
2007-03-22 10:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Symantec Temporary Files
2007-03-22 10:13 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-22 10:13 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-03-22 10:13 <DIR> dr------- C:\WINDOWS\Web
2007-03-22 10:13 <DIR> d--h----- C:\WINDOWS\inf
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\WinSxS
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\twain_32
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\wins
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\spool
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\ras
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\npp
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\mui
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\IME
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\ias
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\export
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\config
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\3076
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\2052
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\1054
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\1042
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\1041
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\1037
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\1033
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\1031
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\1028
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32\1025
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system32
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\system
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\security
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\Resources
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\repair
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\Provisioning
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\PeerNet
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\pchealth
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\OemDir
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\mui
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\msapps
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\msagent
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\Media
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\java
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\ime
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\Help
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\ehome
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\Debug
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\Cursors
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\Config
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\AppPatch
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS\addins
2007-03-22 10:13 <DIR> d-------- C:\WINDOWS
2007-03-22 02:11 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-03-22 01:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-22 01:02 <DIR> d---s---- C:\DOCUME~1\Ollie\UserData
2007-03-22 00:44 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-22 00:44 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-03-21 23:58 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-21 23:57 36,864 -ra------ C:\WINDOWS\system32\e100bmsg.dll
2007-03-21 23:57 23,040 -ra------ C:\WINDOWS\system32\IntelNic.dll
2007-03-21 23:57 157,696 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys
2007-03-21 23:57 126,976 -ra------ C:\WINDOWS\system32\Prounstl.exe
2007-03-21 23:52 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-03-21 23:51 41,216 -ra------ C:\WINDOWS\system32\drivers\sfng32.sys
2007-03-21 23:46 <DIR> d-------- C:\Program Files\Intel
2007-03-21 23:44 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-03-21 23:42 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-03-21 23:42 <DIR> d-------- C:\Program Files\Multimedia Card Reader
2007-03-21 23:38 <DIR> d-------- C:\DOCUME~1\Ollie\APPLIC~1\Symantec
2007-03-21 23:17 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-03-21 23:17 <DIR> d-------- C:\Program Files\Symantec
2007-03-21 23:17 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-03-21 23:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-03-21 23:16 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-03-21 23:15 <DIR> d--hs---- C:\RECYCLER
2007-03-21 23:07 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-21 23:07 <DIR> d-------- C:\Program Files\Philips Flat Panel Adjust
2007-03-21 22:59 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-21 22:53 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-03-21 22:53 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-03-21 22:53 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-21 22:53 <DIR> d-------- C:\WINDOWS\nview
2007-03-21 22:53 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-03-21 22:45 3,145,728 --ah----- C:\DOCUME~1\Ollie\NTUSER.DAT
2007-03-21 22:44 229,376 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-21 22:44 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-21 22:44 <DIR> d-------- C:\WINDOWS\Prefetch
2007-03-21 22:34 229,376 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-21 22:31 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-21 22:31 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-21 22:31 0 -rahs---- C:\MSDOS.SYS
2007-03-21 22:31 0 -rahs---- C:\IO.SYS
2007-03-21 22:31 0 --a------ C:\CONFIG.SYS
2007-03-21 22:31 0 --a------ C:\AUTOEXEC.BAT
2007-03-21 22:31 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-03-21 22:31 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-03-21 22:31 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-03-21 22:30 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-03-21 22:30 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-21 22:30 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-03-21 22:30 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-21 22:30 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-03-21 22:29 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-21 22:29 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-21 22:29 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-21 22:29 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-21 22:29 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-21 22:29 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-21 22:29 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-21 22:29 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-21 22:29 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-21 22:29 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-21 22:29 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-21 22:29 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-21 22:29 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-21 22:29 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-21 22:29 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-21 22:29 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-21 22:29 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-21 22:29 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-21 22:29 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-21 22:29 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-21 22:29 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-21 22:29 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-21 22:29 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-21 22:29 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-21 22:29 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-21 22:29 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-21 22:29 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-21 22:29 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-21 22:29 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-21 22:29 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-21 22:29 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-21 22:29 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-21 22:29 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-21 22:29 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-21 22:29 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-21 22:29 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-21 22:29 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-21 22:29 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-21 22:29 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-21 22:29 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-21 22:29 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-21 22:29 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-21 22:29 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-21 22:29 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-21 22:29 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-21 22:29 <DIR> d---s---- C:\WINDOWS\Tasks
2007-03-21 22:29 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-03-21 22:29 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-03-21 22:29 <DIR> d-------- C:\WINDOWS\srchasst
2007-03-21 22:29 <DIR> d-------- C:\Program Files\Movie Maker
2007-03-21 22:29 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-03-21 22:28 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-21 22:28 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-21 22:28 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-21 22:28 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-21 22:28 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-21 22:28 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-03-21 22:28 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-21 22:28 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-21 22:28 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-21 22:28 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-21 22:28 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-21 22:28 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-21 22:28 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-21 22:28 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-21 22:28 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-21 22:28 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-21 22:28 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-21 22:28 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-21 22:28 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-21 22:28 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-21 22:28 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-03-21 22:28 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-21 22:28 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-21 22:28 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-21 22:28 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-21 22:28 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-21 22:28 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-21 22:28 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-21 22:28 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-21 22:28 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-21 22:28 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-21 22:28 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-21 22:28 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-21 22:28 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-21 22:28 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-21 22:28 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-21 22:28 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-03-21 22:28 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-21 22:28 <DIR> d-------- C:\WINDOWS\Registration
2007-03-21 22:28 <DIR> d-------- C:\Program Files\Online Services
2007-03-21 22:28 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-03-21 22:28 <DIR> d-------- C:\Program Files\Messenger
2007-03-21 22:27 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-21 22:27 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-21 22:27 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-21 22:27 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-21 22:27 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-21 22:27 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-21 22:27 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-21 22:27 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-21 22:27 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-21 22:27 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-21 22:27 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-21 22:27 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-21 22:27 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-21 22:27 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-21 22:27 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-21 22:27 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-21 22:27 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-03-21 22:27 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-21 22:27 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-21 22:27 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-21 22:27 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-21 22:27 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-21 22:27 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-21 22:27 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-21 22:27 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-21 22:27 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-21 22:27 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-21 22:27 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-21 22:27 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-21 22:27 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-21 22:27 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-21 22:27 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-21 22:27 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-21 22:27 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-21 22:27 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-21 22:27 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-21 22:27 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-21 22:27 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-21 22:27 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-21 22:27 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-21 22:27 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-21 22:27 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-21 22:27 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-21 22:27 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-21 22:27 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-21 22:27 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-21 22:27 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-21 22:27 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-03-21 22:27 <DIR> d-------- C:\WINDOWS\system32\Com
2007-03-21 22:27 <DIR> d-------- C:\Program Files\Windows NT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-22 10:21 62 --ahs---- C:\DOCUME~1\Ollie\APPLIC~1\desktop.ini
2007-02-08 00:24 323624 --a------ C:\WINDOWS\system32\wiaaut.dll
2007-02-06 17:45 25632 --a------ C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2007-02-06 17:44 1964064 --a------ C:\WINDOWS\system32\drivers\LVMVdrv.sys
2007-02-06 17:42 1691808 --a------ C:\WINDOWS\system32\drivers\Lvckap.sys
2007-02-03 10:32 527136 --a------ C:\WINDOWS\system32\lvui2rc.dll
2007-02-03 10:32 41504 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-02-03 10:32 215840 --a------ C:\WINDOWS\system32\lvui2.dll
2007-02-03 10:29 264992 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-02-03 10:29 129824 --a------ C:\WINDOWS\system32\lvci1051.dll
2007-02-03 10:27 938272 --a------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2007-02-03 09:01 13398 --a------ C:\WINDOWS\system32\repository.reg
2007-01-10 14:47 624784 --a------ C:\WINDOWS\system32\symneti.dll
2007-01-10 14:47 242320 --a------ C:\WINDOWS\system32\symredir.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"WINDVDPatch"="CTHELPER.EXE"
"SigmatelSysTrayApp"="sttray.exe"
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"LVCOMSX"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\LVComSX.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{818D8AC2-6F15-410E-A4C9-FBD8F0050F82}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\SETUP.EXE
Shell\configure\command E:\SETUP.EXE
Shell\install\command E:\SETUP.EXE

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Ollie.job

********************************************************************

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Be sure to update AVG Anti- Spyware

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":

O2 - BHO: (no name) - {818D8AC2-6F15-410E-A4C9-FBD8F0050F82} - C:\WINDOWS\system32\rqrqopn.dll (file missing)

O2 - BHO: (no name) - {8E4415F2-29C8-4262-8837-F1B78307DE35} - C:\WINDOWS\system32\pmnlk.dll (file missing)

O2 - BHO: (no name) - {BC293B1C-34B9-473A-A950-486F46761AA7} - C:\WINDOWS\system32\ssttq.dll (file missing)

Exit Hijack This but remain in safe mode.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

AVG Anti-Spyware - Scan Report

+ Created at: 14:47 07-04-03

+ Scan result:

Nothing found.

::Report end

Beautiful! Thanks very much for your help!

Ollie

One more thing to do, your java is out of date and can cause you to get infected.

Download the latest version of http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement". The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.

Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed

. Then from your desktop double-click on jre-1_6_0-windowsi586-p.exe to install the newest version.

Glad we could help.

All done and everything is running smoothly, interruption free. It's a clean feeling, like getting out of a bath... :)

One thing I've noticed though - when I click Start/Turn off computer, and then restart or turn off, the computer starts to shut down the open applications and Task Bar icons, and then stops. I then have to go back in to Start/Turn off computer and select restart or turn off again, this time successfully.

Any ideas why it would not be shutting down properly first time? It's going to get fairly annoying if I have to do that every time!

If not, thanks so much for your help in cleaning up the computer!

Ollie

I don't see anything but we can look a little further.

Please download F-Secure BlackLight
Click no to viewing unsecure pages if asked then accept the agreement.
Click download (Download Blacklight Beta graphical user interface version ) and download it to your desktop.
Double click blbeta.exe> click run> accept licence agreement> next.
Click Scan> Next. After the scan you'll see a list of all items found.
Please click Next and then Exit. Do NOT choose rename for any items yet! I need to see the log first, because legitimate items can also be present there.
A log will be created on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx are numbers)
Please post the contents of the log in your next reply.

Please download SilentRunners from this link http://www.silentrunners.org/Silent%20Runners.zip. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.

Silent Runners:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
----

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Sunkist2k" = "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" ["Alcor Micro, Corp."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"osCheck" = ""C:\Program Files\Norton AntiVirus\osCheck.exe"" ["Symantec Corporation"]
"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"SigmatelSysTrayApp" = "sttray.exe" [file not found]
"LogitechCommunicationsManager" = ""C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"" ["Logitech Inc."]
"LVCOMSX" = ""C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"" ["Logitech Inc."]
"LogitechQuickCamRibbon" = ""C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide" ["Logitech Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Easy-PrintToolBox" = "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"!AVG Anti-Spyware" = ""C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]
"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
\InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{86637DEE-91AE-4EE1-906C-3C743B53507F}" = "Exif Tag Viewer"
-> {HKLM...CLSID} = "ExifPage Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ExifView.dll" ["Foxbat"]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{34F4B935-17DC-4885-8BC9-CCD1ADF42F93}" = "Record ISO Image to CD"
-> {HKLM...CLSID} = "CISORecorderContextMenu Object"
\InProcServer32\(Default) = "C:\Program Files\ISO Recorder\ISORecorder.dll" ["Alex Feinman"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Create ISO Image from directory\(Default) = "{34F4B935-17DC-4885-8BC9-CCD1ADF42F93}"
-> {HKLM...CLSID} = "CISORecorderContextMenu Object"
\InProcServer32\(Default) = "C:\Program Files\ISO Recorder\ISORecorder.dll" ["Alex Feinman"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Group Policies {GPedit.msc branch and setting}:
------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Startup items in "Ollie" & "All Users" startup folders:
--------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
"Microsoft Office Outlook 2007" -> shortcut to: "C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe" [MS]
"TabUserW.exe" -> shortcut to: "C:\WINDOWS\system32\WTablet\TabUserW.exe" ["Wacom Technology, Corp."]
"usb7100 Startup" -> shortcut to: "C:\Program Files\Cordless USB Phone\Vtech Cordless Phone Suite.exe" ["Vtech Communications"]

Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Run Full System Scan - Ollie" -> launches: "C:\Program Files\Norton AntiVirus\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:
--

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
-------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Send to OneNote"
"MenuText" = "S&end to OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]

{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
\InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
--------

Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared Files\RichVideo.exe"" [empty string]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Process Monitor, LVPrcSrv, "c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe" ["Logitech Inc."]
Symantec AppCore Service, SymAppCore, ""C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
TabletService, TabletService, "C:\WINDOWS\system32\Tablet.exe" ["Wacom Technology, Corp."]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Canon BJ Language Monitor PIXMA iP8500\Driver = "CNMLM6l.DLL" ["CANON INC."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 62 seconds.
---------- (total run time: 112 seconds)

FSBL:

04/04/07 12:54:59 [Info]: BlackLight Engine 1.0.61 initialized
04/04/07 12:54:59 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/04/07 12:54:59 [Note]: 7019 4
04/04/07 12:54:59 [Note]: 7005 0
04/04/07 12:55:01 [Note]: 7006 0
04/04/07 12:55:01 [Note]: 7011 1952
04/04/07 12:55:01 [Note]: 7026 0
04/04/07 12:55:01 [Note]: 7026 0
04/04/07 12:55:05 [Note]: FSRAW library version 1.7.1021
04/04/07 13:00:15 [Note]: 7007 0

Looks clean to me.

Ok, thanks!

If anything shows up let us know.

Glad we could help.