Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Connectivity Problem


  • This topic is locked This topic is locked
3 replies to this topic

#1 geordio

geordio

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 16 April 2008 - 01:27 AM

Hi,

I suspected I had win32.pariteb (i friend said he had had it and then the same error came up on mine not long after I opened a spreadsheet from him, dagnammit). So I ran (my already installed) nod32 file scan and also downloaded and ran the Spyware Doctor scan (recommended as it caught the virus on the friends laptop). These found a few things but nothing too serious and I didn't see the aforementioned virus either.

The problem is (apart from not knowing whether I've truly gotten rid of all malware) that ever since MS messenger won't connect 'Error code: 80072ee7' and more importantly neither will Firefox or IE7.

I noticed in IE7 the status bar displays '...dnserrordiagoff.html...' which fits with it being a dns issue as Skype works well. So does pinging the dns servers.

Here is the deckard/hijackthis output:
MAIN.TXT
Deckard's System Scanner v20071014.68
Run by paul on 2008-04-16 15:31:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-16 05:32:03 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as paul.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:49 PM, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
D:\Flexeshower\fsServer\fsDatabaseServer.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\ADAM\dsamain.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\mstsc.exe
D:\Library\dsysscan.exe
D:\Library\paul.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cyberflex.manly
O17 - HKLM\Software\..\Telephony: DomainName = cyberflex.manly
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cyberflex.manly
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXESHOWER Database Server (fsDatabaseServer) - CyberFlex Software - D:\Flexeshower\fsServer\fsDatabaseServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plastic Server - Codice Software, S.L. - C:\Program Files\PlasticSCM\server\plasticd.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 6885 bytes

-- HijackThis Fixed Entries (D:\Library\backups\) ------------------------------

backup-20080416-125954-486 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 144.135.208.204:80
backup-20080416-130333-945 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
backup-20080416-130334-203 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
backup-20080416-130334-226 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
backup-20080416-130334-244 O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
backup-20080416-130334-386 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080416-130334-959 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080416-132232-955 O16 - DPF: {0CD16730-9238-410E-B2E7-F97F566B3918} (MotionDetectPT Control) - http://192.168.1.101/adm/MotionDetectPT.cab
backup-20080416-132233-684 O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.9.cab
backup-20080416-132233-759 O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} (PlayerPT Control) - http://192.168.1.101/PlayerPT.cab
backup-20080416-134229-824 O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
backup-20080416-143842-413 O4 - HKUS\S-1-5-21-4148705199-2237064452-2274825923-1019\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'SqlServer2005')
backup-20080416-143842-467 O4 - HKUS\S-1-5-21-4148705199-2237064452-2274825923-1016\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'ADAMUser')
backup-20080416-143842-695 O4 - HKUS\S-1-5-21-4148705199-2237064452-2274825923-1016\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'ADAMUser')
backup-20080416-144119-970 O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
backup-20080416-145744-110 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080416-145744-495 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080416-145744-653 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080416-145744-829 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
backup-20080416-145935-391 O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
backup-20080416-145935-463 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
backup-20080416-145935-521 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
backup-20080416-145935-525 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
backup-20080416-145935-598 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080416-145935-737 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
backup-20080416-145935-788 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
backup-20080416-145935-838 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080416-145936-222 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080416-145936-310 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080416-151511-239 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
backup-20080416-151511-384 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 GhPciScan (GhostPciScanner) - c:\program files\symantec\norton ghost 2003\ghpciscan.sys <Not Verified; Symantec Corporation; Symantec Ghost PCI Scanner>
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 tcpipBM (Bytemobile Kernel Network Provider) - c:\windows\system32\drivers\tcpipbm.sys <Not Verified; Bytemobile, Inc.; Bytemobile Optimization Client>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R1 vcdrom (Virtual CD-ROM Device Driver) - c:\program files\virtual iso drive\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 FdRedir - c:\program files\common files\protector suite ql\drivers\fdredir.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 FileDisk2 (FileDisk Protector Kernel Driver) - c:\program files\common files\protector suite ql\drivers\filedisk.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smihlp (SMI helper driver) - c:\program files\protector suite ql\smihlp.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 VMnetBridge (VMware Bridge Protocol) - c:\windows\system32\drivers\vmnetbridge.sys <Not Verified; VMware, Inc.; VMware bridge driver (32-bit)>
R2 VMnetuserif (VMware Network Application Interface) - c:\windows\system32\drivers\vmnetuserif.sys <Not Verified; VMware, Inc.; VMware network application interface driver (32-bit)>
R2 vmx86 (VMware vmx86) - c:\windows\system32\drivers\vmx86.sys <Not Verified; VMware, Inc.; VMware kernel driver>
R2 vstor2 (Vstor2 Virtual Storage Driver) - c:\program files\common files\vmware\vmware virtual image editing\vstor2.sys <Not Verified; VMware, Inc.; VMware Workstation>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 qkbfiltr (Quanta HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\qkbfiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta HotKey Keyboard Filter Driver>
R3 qmofiltr (Quanta HotKey Mouse Filter Driver) - c:\windows\system32\drivers\qmofiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta Mouse Filter Device Driver>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft® Windows NT® Operating System>

S3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bmwebcfg (Bytemobile Web Configurator) - "c:\windows\system32\bmwebcfg.exe" <Not Verified; Bytemobile, Inc.; Bytemobile Optimization Client>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
R2 fsDatabaseServer (FLEXESHOWER Database Server) - d:\flexeshower\fsserver\fsdatabaseserver.exe <Not Verified; CyberFlex Software; FLEXESHOWER >
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 VMAuthdService (VMware Authorization Service) - c:\program files\vmware\vmware workstation\vmware-authd.exe <Not Verified; VMware, Inc.; VMware Workstation>
R2 VMnetDHCP (VMware DHCP Service) - c:\windows\system32\vmnetdhcp.exe <Not Verified; VMware, Inc.; VMware Workstation>
R2 vmount2 (VMware Virtual Mount Manager Extended) - "c:\program files\common files\vmware\vmware virtual image editing\vmount2.exe" <Not Verified; VMware, Inc.; VMware Workstation>
R2 VMware NAT Service - c:\windows\system32\vmnat.exe <Not Verified; VMware, Inc.; VMware Workstation>

S2 Plastic Server - c:\program files\plasticscm\server\plasticd.exe <Not Verified; Codice Software, S.L.; Plastic>
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>
S4 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
S4 GhostStartService - c:\program files\symantec\norton ghost 2003\ghoststartservice.exe <Not Verified; Symantec Corporation; Norton Ghost Start Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Personal Area Network from TOSHIBA
Device ID: BLUETOOTH\0004&0007\0000
Manufacturer: Toshiba
Name: Bluetooth Personal Area Network from TOSHIBA
PNP Device ID: BLUETOOTH\0004&0007\0000
Service: tosrfnds

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\8C7050C09F00
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\8C7050C09F00
Service: NIC1394

Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: HID-compliant consumer control device
Device ID: HID\SMSCCIRHID&COL01\6&36043EBE&0&0000
Manufacturer: Microsoft
Name: HID-compliant consumer control device
PNP Device ID: HID\SMSCCIRHID&COL01\6&36043EBE&0&0000
Service:

Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: HID-compliant device
Device ID: HID\SMSCCIRHID&COL02\6&36043EBE&0&0001
Manufacturer: (Standard system devices)
Name: HID-compliant device
PNP Device ID: HID\SMSCCIRHID&COL02\6&36043EBE&0&0001
Service:

Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: HID-compliant device
Device ID: HID\SMSCCIRHID&COL03\6&36043EBE&0&0002
Manufacturer: (Standard system devices)
Name: HID-compliant device
PNP Device ID: HID\SMSCCIRHID&COL03\6&36043EBE&0&0002
Service:

Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: HID-compliant device
Device ID: HID\SMSCCIRHID&COL05\6&36043EBE&0&0004
Manufacturer: (Standard system devices)
Name: HID-compliant device
PNP Device ID: HID\SMSCCIRHID&COL05\6&36043EBE&0&0004
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Files created between 2008-03-16 and 2008-04-16 -----------------------------

2008-04-16 12:20:06 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-15 14:53:34 0 d-------- C:\WINDOWS\pss
2008-04-15 14:30:31 0 d-------- C:\Program Files\Common Files\PC Tools
2008-04-15 14:30:12 0 d-------- C:\Program Files\Spyware Doctor
2008-04-15 14:30:12 0 d-------- C:\Documents and Settings\paul.MANLY\Application Data\PC Tools
2008-04-15 14:30:12 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-14 20:18:47 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-04-10 22:04:56 0 d-------- C:\Program Files\SQLXML 4.0
2008-04-10 22:04:32 0 d-------- C:\Program Files\Microsoft Analysis Services
2008-04-08 12:02:15 0 d-------- C:\Documents and Settings\SqlServer2005\Application Data\Intel
2008-04-08 12:02:15 0 d-------- C:\Documents and Settings\SqlServer2005\Application Data\Identities
2008-04-08 12:02:15 0 d-------- C:\Documents and Settings\SqlServer2005\Application Data\Adobe
2008-04-08 12:02:14 0 dr------- C:\Documents and Settings\SqlServer2005\Favorites
2008-04-08 12:02:14 0 d-------- C:\Documents and Settings\SqlServer2005\Desktop
2008-04-08 12:02:14 0 d--hs---- C:\Documents and Settings\SqlServer2005\Cookies
2008-04-08 12:02:14 0 dr-h----- C:\Documents and Settings\SqlServer2005\Application Data
2008-04-08 12:02:14 0 d-------- C:\Documents and Settings\SqlServer2005\Application Data\toshiba
2008-04-08 12:02:14 0 d---s---- C:\Documents and Settings\SqlServer2005\Application Data\Microsoft
2008-04-08 12:02:13 0 d--h----- C:\Documents and Settings\SqlServer2005\Local Settings
2008-04-08 12:02:12 0 d--h----- C:\Documents and Settings\SqlServer2005\Templates
2008-04-08 12:02:12 0 dr------- C:\Documents and Settings\SqlServer2005\Start Menu
2008-04-08 12:02:12 0 dr-h----- C:\Documents and Settings\SqlServer2005\SendTo
2008-04-08 12:02:12 0 dr-h----- C:\Documents and Settings\SqlServer2005\Recent
2008-04-08 12:02:12 0 d--h----- C:\Documents and Settings\SqlServer2005\PrintHood
2008-04-08 12:02:12 1048576 --ah----- C:\Documents and Settings\SqlServer2005\NTUSER.DAT
2008-04-08 12:02:12 0 d--h----- C:\Documents and Settings\SqlServer2005\NetHood
2008-04-08 12:02:12 0 dr------- C:\Documents and Settings\SqlServer2005\My Documents
2008-04-08 12:00:31 0 d-------- C:\Program Files\MSXML 6.0
2008-04-08 09:03:48 0 d-------- C:\Program Files\Microsoft SQL Server
2008-04-07 20:18:51 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-07 10:54:11 0 d-------- C:\Program Files\PlasticSCM
2008-04-07 09:46:20 0 d-------- C:\Program Files\TeamViewer3
2008-03-31 14:41:24 0 d-------- C:\Documents and Settings\ADAMUser\Application Data\Macromedia
2008-03-31 14:40:34 0 d-------- C:\Documents and Settings\ADAMUser\Application Data\Talkback
2008-03-31 14:40:22 0 d-------- C:\Documents and Settings\ADAMUser\Application Data\Mozilla
2008-03-30 09:27:21 0 dr------- C:\Documents and Settings\SqlExpressUser\Favorites
2008-03-30 09:27:21 0 d-------- C:\Documents and Settings\SqlExpressUser\Desktop
2008-03-30 09:27:21 0 d--hs---- C:\Documents and Settings\SqlExpressUser\Cookies
2008-03-30 09:27:21 0 dr-h----- C:\Documents and Settings\SqlExpressUser\Application Data
2008-03-30 09:27:21 0 d-------- C:\Documents and Settings\SqlExpressUser\Application Data\toshiba
2008-03-30 09:27:21 0 d---s---- C:\Documents and Settings\SqlExpressUser\Application Data\Microsoft
2008-03-30 09:27:21 0 d-------- C:\Documents and Settings\SqlExpressUser\Application Data\Intel
2008-03-30 09:27:21 0 d-------- C:\Documents and Settings\SqlExpressUser\Application Data\Identities
2008-03-30 09:27:21 0 d-------- C:\Documents and Settings\SqlExpressUser\Application Data\Adobe
2008-03-30 09:27:20 0 d--h----- C:\Documents and Settings\SqlExpressUser\Templates
2008-03-30 09:27:20 0 dr------- C:\Documents and Settings\SqlExpressUser\Start Menu
2008-03-30 09:27:20 0 dr-h----- C:\Documents and Settings\SqlExpressUser\SendTo
2008-03-30 09:27:20 0 dr-h----- C:\Documents and Settings\SqlExpressUser\Recent
2008-03-30 09:27:20 0 d--h----- C:\Documents and Settings\SqlExpressUser\PrintHood
2008-03-30 09:27:20 0 d--h----- C:\Documents and Settings\SqlExpressUser\NetHood
2008-03-30 09:27:20 0 dr------- C:\Documents and Settings\SqlExpressUser\My Documents
2008-03-30 09:27:20 0 d--h----- C:\Documents and Settings\SqlExpressUser\Local Settings
2008-03-30 09:27:19 1048576 --ah----- C:\Documents and Settings\SqlExpressUser\NTUSER.DAT
2008-03-27 08:30:13 0 d-------- C:\Documents and Settings\paul.MANLY\Application Data\CDBurnerXP_Soft
2008-03-27 08:28:51 0 d-------- C:\Program Files\CDBurnerXP
2008-03-25 08:26:34 0 d-------- C:\Documents and Settings\ADAMUser\Application Data\Intel
2008-03-25 08:26:34 0 d-------- C:\Documents and Settings\ADAMUser\Application Data\Identities
2008-03-25 08:26:34 0 d-------- C:\Documents and Settings\ADAMUser\Application Data\Adobe
2008-03-25 08:26:33 0 d--h----- C:\Documents and Settings\ADAMUser\Local Settings
2008-03-25 08:26:33 0 dr------- C:\Documents and Settings\ADAMUser\Favorites
2008-03-25 08:26:33 0 d-------- C:\Documents and Settings\ADAMUser\Desktop
2008-03-25 08:26:33 0 d--hs---- C:\Documents and Settings\ADAMUser\Cookies
2008-03-25 08:26:33 0 dr-h----- C:\Documents and Settings\ADAMUser\Application Data
2008-03-25 08:26:33 0 d-------- C:\Documents and Settings\ADAMUser\Application Data\toshiba
2008-03-25 08:26:33 0 d---s---- C:\Documents and Settings\ADAMUser\Application Data\Microsoft
2008-03-25 08:26:32 0 d--h----- C:\Documents and Settings\ADAMUser\Templates
2008-03-25 08:26:32 0 dr------- C:\Documents and Settings\ADAMUser\Start Menu
2008-03-25 08:26:32 0 dr-h----- C:\Documents and Settings\ADAMUser\SendTo
2008-03-25 08:26:32 0 dr-h----- C:\Documents and Settings\ADAMUser\Recent
2008-03-25 08:26:32 0 d--h----- C:\Documents and Settings\ADAMUser\PrintHood
2008-03-25 08:26:32 1310720 --ah----- C:\Documents and Settings\ADAMUser\NTUSER.DAT
2008-03-25 08:26:32 0 d--h----- C:\Documents and Settings\ADAMUser\NetHood
2008-03-25 08:26:32 0 dr------- C:\Documents and Settings\ADAMUser\My Documents
2008-03-25 08:21:33 0 d-------- C:\WINDOWS\ADAM
2008-03-25 08:21:19 0 d--h---c- C:\WINDOWS\$ADAMUninstallADAM$
2008-03-24 09:20:30 0 d-------- C:\Program Files\NCH Software
2008-03-22 18:26:20 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-03-22 18:26:16 0 d-------- C:\Documents and Settings\paul.MANLY\Application Data\NCH Swift Sound
2008-03-22 18:25:01 0 d-------- C:\Program Files\NCH Swift Sound
2008-03-22 16:35:54 0 d-------- C:\Documents and Settings\paul.MANLY\Application Data\Audacity
2008-03-22 16:35:33 0 d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)


-- Find3M Report ---------------------------------------------------------------

2008-04-16 15:31:55 0 d-------- C:\Documents and Settings\paul.MANLY\Application Data\FileZilla
2008-04-16 15:04:46 0 d-------- C:\Documents and Settings\paul.MANLY\Application Data\Skype
2008-04-16 11:23:08 0 d-------- C:\Documents and Settings\paul.MANLY\Application Data\skypePM
2008-04-15 14:30:31 0 d-------- C:\Program Files\Common Files
2008-04-07 10:46:08 0 d-------- C:\Documents and Settings\paul.MANLY\Application Data\TeamViewer
2008-03-28 10:18:38 0 d-------- C:\Documents and Settings\paul.MANLY\Application Data\VMware
2008-03-22 19:21:26 0 d-------- C:\Program Files\DivX
2008-03-18 08:25:05 0 d-------- C:\Program Files\Java
2008-03-18 08:20:15 0 d-------- C:\Documents and Settings\paul.MANLY\Application Data\Adobe
2008-03-10 17:23:55 0 d-------- C:\Program Files\Google
2008-03-10 11:03:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-10 11:00:51 0 d-------- C:\Documents and Settings\paul.MANLY\Application Data\IndigoRose
2008-03-10 10:18:59 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-03-10 10:17:56 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-10 10:17:27 0 d-------- C:\Program Files\MSBuild
2008-03-10 09:33:18 0 d-------- C:\Program Files\Microsoft.NET
2008-03-10 09:30:04 0 d-------- C:\Program Files\Microsoft Device Emulator
2008-03-10 09:20:58 0 d-------- C:\Program Files\HTML Help Workshop
2008-03-10 09:13:59 0 d-------- C:\Program Files\Common Files\Business Objects
2008-03-10 09:11:56 0 d-------- C:\Program Files\CE Remote Tools
2008-03-04 15:17:17 0 d-------- C:\Documents and Settings\paul.MANLY\Application Data\Notepad++
2008-03-04 15:16:59 0 d-------- C:\Program Files\Notepad++
2008-03-04 14:16:15 0 d-------- C:\Program Files\Paint.NET
2008-02-27 06:13:46 0 d-------- C:\Program Files\Windows Live
2008-02-27 06:12:46 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-21 12:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 12:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-21 12:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-21 12:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-21 12:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-02-21 12:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-02-21 12:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-02-21 12:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-19 09:36:42 0 d-------- C:\Documents and Settings\paul.MANLY\Application Data\Google


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [29/12/2005 02:21 PM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"NDSTray.exe"="NDSTray.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/03/2006 06:02 PM]
"nwiz"="nwiz.exe" [16/02/2006 09:34 AM C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [16/02/2006 09:34 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 03:25 AM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [12/03/2007 08:19 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 12:47 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [02/08/2006 12:38 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [02/08/2006 12:32 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 11:55 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [30/12/2004 06:32 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 10:00 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [07/12/2007 02:08 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11/09/2006 04:40 AM]

C:\Documents and Settings\paul.MANLY\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 8:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [1/01/2006 8:21:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 24/02/2006 10:49 AM 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= psqlpwd scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
~C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
~C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
~C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
launchapp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
~"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
~"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
~C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MOD]
~C:\Program Files\Microangelo\muamgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXOBG]
~C:\WINDOWS\MXOALDR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
~"C:\Program Files\Protector Suite QL\launcher.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
~"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
~C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
~"C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaApp]
~C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- Z:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-04-16 15:36:43 ------------


EXTRA...
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2250 @ 1.73GHz
CPU 1: Genuine Intel® CPU T2250 @ 1.73GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 1022.11 MiB / 452.57 MiB
Pagefile Memory (total/avail): 2463.03 MiB / 1703.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.15 MiB

C: is Fixed (NTFS) - 29.29 GiB total, 7.84 GiB free.
D: is Fixed (NTFS) - 63.62 GiB total, 5.84 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS541010G9SA00 - 93.16 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 63.62 GiB - D:
\PARTITION2 - Unknown - 251.02 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: Spyware Doctor with AntiVirus v4.4.5 (PC Tools)
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Borland\\Delphi7\\Bin\\webappdbg.exe"="C:\\Program Files\\Borland\\Delphi7\\Bin\\webappdbg.exe:*:Enabled:Borland Web App Debugger"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Beyond Compare 2\\BC2.exe"="C:\\Program Files\\Beyond Compare 2\\BC2.exe:*:Enabled:Beyond Compare"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Borland\\Delphi7\\Bin\\serverinfo.exe"="C:\\Program Files\\Borland\\Delphi7\\Bin\\serverinfo.exe:*:Enabled:ServerInfo for the Web App Debugger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Project\\Flexeshower\\1.3.0\\etc\\bin\\fsSiteEngine.exe"="D:\\Project\\Flexeshower\\1.3.0\\etc\\bin\\fsSiteEngine.exe:*:Enabled:FlexeShower Engine"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"D:\\Project\\Flexeshower\\install\\Flexeshower\\fsSiteEngine.exe"="D:\\Project\\Flexeshower\\install\\Flexeshower\\fsSiteEngine.exe:*:Enabled:FlexeShower Engine"
"D:\\Project\\Flexeshower\\1.4.x\\bin\\fsSiteEngine.exe"="D:\\Project\\Flexeshower\\1.4.x\\bin\\fsSiteEngine.exe:*:Enabled:fsSiteEngine.exe"
"D:\\Project\\Flexeshower\\1.4.1\\etc\\bin\\fsSiteEngine.exe"="D:\\Project\\Flexeshower\\1.4.1\\etc\\bin\\fsSiteEngine.exe:*:Enabled:FlexeShower Engine"
"C:\\Program Files\\CyberFlex\\Flexeshower\\fsSiteServer.exe"="C:\\Program Files\\CyberFlex\\Flexeshower\\fsSiteServer.exe:*:Enabled:FLEXESHOWER E-Commerce Server"
"C:\\Program Files\\CyberFlex\\Flexeshower\\fsSiteEngine.exe"="C:\\Program Files\\CyberFlex\\Flexeshower\\fsSiteEngine.exe:*:Enabled:FLEXESHOWER Database Server"
"C:\\Program Files\\CyberFlex\\Flexeshower\\fsServer\\fsDatabaseServer.exe"="C:\\Program Files\\CyberFlex\\Flexeshower\\fsServer\\fsDatabaseServer.exe:*:Enabled:FLEXESHOWER Database Server"
"D:\\Flexeshower\\fsServer\\fsDatabaseServer.exe"="D:\\Flexeshower\\fsServer\\fsDatabaseServer.exe:*:Enabled:FLEXESHOWER Database Server"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Flexeshower\\fsServer\\fsDatabaseServer.exe"="C:\\Flexeshower\\fsServer\\fsDatabaseServer.exe:*:Enabled:FLEXESHOWER Database Server"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\paul.MANLY\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SILVERSURFER
ComSpec=C:\WINDOWS\system32\cmd.exe
DVCL=D:\Delphi\VCL7
DXVCL=D:\Delphi\VCL7\DevExpress
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\paul.MANLY
lib=C:\Program Files\SQLXML 4.0\bin\
LOGONSERVER=\\SHADOWS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PlasticSCM\server;C:\Program Files\PlasticSCM\client;C:\Program Files\Borland\Delphi7\Bin;D:\Delphi\VCL7\DevExpress\Library\Delphi7;C:\Program Files\Borland\Delphi7\Projects\Bpl\;C:\Program Files\Borland\Delphi7\Bin;d:\delphi\vcl7;C:\Program Files\Borland\Delphi7\Projects\Bpl\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;"C:\Program Files\Symantec\Norton Ghost 2003\";C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PAUL~1.MAN\LOCALS~1\Temp
TMP=C:\DOCUME~1\PAUL~1.MAN\LOCALS~1\Temp
USERDNSDOMAIN=CYBERFLEX.MANLY
USERDOMAIN=MANLY
USERNAME=paul
USERPROFILE=C:\Documents and Settings\paul.MANLY
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

paul.MANLY (admin)
paulj (admin)
ADAMUser (admin)
SqlExpressUser
SqlServer2005
Administrator (admin)
paul (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Active Directory Application Mode Service Pack 1 --> "C:\WINDOWS\$ADAMUninstallADAM$\spuninst\spuninst.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adam Instance S2Wiki --> "C:\WINDOWS\ADAM\adamuninstall.exe" /i:S2Wiki
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Audacity 1.3.4 (Unicode) --> "C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
AutoCAD 2006 - English --> MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Beyond Compare Version 2.4 --> "C:\Program Files\Beyond Compare 2\unins000.exe"
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Borland Delphi 7 --> MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
CDBurnerXP --> "C:\Program Files\CDBurnerXP\unins000.exe"
Cisco Systems VPN Client 5.0.00.0340 --> MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Codice Software PlasticSCM professional --> C:\Program Files\PlasticSCM\uninstall.exe
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IBD1HDAa.inf
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
EurekaLog 6.0.11 Professional --> "D:\Delphi\VCL7\EurekaLog\unins000.exe"
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
FileZilla Client 3.0.5.2 --> C:\Program Files\FileZilla Client\uninstall.exe
FLEXESHOWER Client --> "C:\WINDOWS\FLEXESHOWER Client\uninstall.exe" "/U:D:\Flexeshower\fsClient\Uninstall\uninstall.xml"
FLEXESHOWER Server --> "C:\WINDOWS\FLEXESHOWER Server\uninstall.exe" "/U:D:\Flexeshower\fsServer\Uninstall\uninstall.xml"
GDR 1406 for SQL Server Tools and Workstation Components 2005 ENU (KB932557) --> C:\WINDOWS\SQLTools9_KB932557_ENU\Hotfix.exe /Uninstall
Google Desktop Plugin - Goocal --> MsiExec.exe /X{CDF3606C-63B5-4BA1-BA14-6158F36756B1}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31\HXFSETUP.EXE -U -IBD1HDAm.inf
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "D:\Library\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l0409
Logitech QuickCam --> MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
MetaFrame Presentation Server Client --> MsiExec.exe /I{2C42ED1E-6315-4E63-89E6-057EA114EBB8}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microangelo 5.5 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microangelo\m5uninst.isu"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{91510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Backward compatibility --> MsiExec.exe /I{96327C3C-96BE-4C7A-A6F7-A71635E5949A}
Microsoft SQL Server 2005 Books Online (English) --> MsiExec.exe /I{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}
Microsoft SQL Server 2005 Express Edition --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools --> MsiExec.exe /I{4D2DFB70-AECB-47BF-A895-3B3AA544934F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
ModelMaker 6.20 --> C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\ModelMakerTools\ModelMaker\6.2\UnInst.log" "/APPNAME=ModelMaker 6.20"
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NOD32 Antivirus System --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
Norton Ghost --> MsiExec.exe /I{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
Nullsoft Install System --> "C:\Program Files\NSIS\uninst-nsis.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Paint.NET v3.30 --> MsiExec.exe /X{FF09A6A1-4DE5-467D-AA26-EF18C0EA4DAB}
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Prism Video Converter --> C:\Program Files\NCH Software\Prism\uninst.exe
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for Step By Step Interactive Training (KB898458) -->
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skype 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SMSC CIR HID V5.3.2600.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x9 UNINSTALL -removeonly
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SQLXML4 --> MsiExec.exe /I{8C62A94B-4AB6-485F-A111-93056684D340}
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 3 --> C:\Program Files\TeamViewer3\uninstall.exe
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
Toshiba Controls Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{ACA1086B-9B62-4F80-B4B9-5659395E4F25} /l1033
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA SD Memory Card Format --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\setup.exe"
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
Toshiba Touchpad Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA} /l1033
Toshiba Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{099D12EC-0321-4CAC-A0CC-33D020156FCD} /l1033
TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe"
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
USB Storage Adapter FX (MXO) --> MXOun.exe MXOFX
VMware Workstation --> MsiExec.exe /I{98D1A713-438C-4A23-8AB6-41B37C4A2D47}
Vodafone Mobile Connect --> MsiExec.exe /I{28D1D5CE-45D6-4208-8B87-C752B5BC1E3B}
VSS Remoting Client 3.5 Build 20070725 --> "C:\Program Files\VSS Remoting\Client\unins000.exe"
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WebEx --> C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB888316 -->
Windows XP Media Center Edition 2005 KB894553 -->
Windows XP Media Center Edition 2005 KB895678 -->
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinISO v5.3 --> C:\PROGRA~1\WinISO53\UNWISE.EXE C:\PROGRA~1\WinISO53\INSTALL.LOG
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type27326 / Error
Event Submitted/Written: 04/16/2008 03:36:22 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type27325 / Error
Event Submitted/Written: 04/16/2008 03:36:22 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type27324 / Error
Event Submitted/Written: 04/16/2008 03:36:22 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Event Record #/Type27323 / Error
Event Submitted/Written: 04/16/2008 03:36:11 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type27322 / Error
Event Submitted/Written: 04/16/2008 03:36:02 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type37830 / Warning
Event Submitted/Written: 04/16/2008 03:29:42 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\SHADOWS on the network \Device\NetBT_Tcpip_{BCC91D44-8025-4FF6-958B-9B777795DC3B}.
The data is the error code.

Event Record #/Type37827 / Error
Event Submitted/Written: 04/16/2008 03:18:50 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'server,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: No such service is known. The service cannot be found in the specified name space. (0x8007277C)

Event Record #/Type37826 / Error
Event Submitted/Written: 04/16/2008 03:18:48 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer '2.pool.ntp.org,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: No such service is known. The service cannot be found in the specified name space. (0x8007277C)

Event Record #/Type37814 / Error
Event Submitted/Written: 04/16/2008 03:03:51 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Plastic Server service failed to start due to the following error:
%%1053

Event Record #/Type37813 / Error
Event Submitted/Written: 04/16/2008 03:03:51 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Plastic Server service to connect.



-- End of Deckard's System Scanner: finished at 2008-04-16 15:36:43 ------------


I've been messing on with hijackthis and checking (and stopping) as many services from start up etc as I dare to but with no joy.

Any help much appreciated.
Thanks in advance, Paul.

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 26 April 2008 - 01:36 PM

Hello geordio,

Welcome to Bleeping Computer :blink:

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 geordio

geordio
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 April 2008 - 05:19 PM

Gday and thanks :wacko:

Sorry, I forgot this was still posted. Fixed it in the end (after throwing most every bit of rootkit/virus/spyware detecting software I could find at this thing!!) i think it was Dial-a-fix that sorted the dns problem (I say 'think' as I'd ran that many apps over those few days that its all a little blurry :blink:

Anyway, thanks for the offer :thumbsup:

Being new to this forum, do I close this thread?! If so then as I write this I can't see any obvious way to do so...

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 26 April 2008 - 05:39 PM

Hello,

Thank you so much fer letting me know. I'll close the thread. :thumbsup:

Take care!
tea


Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users