Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Toolbar Icons Deactivated But No Infection Found!


  • This topic is locked This topic is locked
5 replies to this topic

#1 Big_John

Big_John

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 20 June 2008 - 05:18 AM

In an attempt to sort my problem, I've downloaded and run the following:
cwshredder
rr-free-setup
spybotsd152
aaw2008
XP-ToolbarFix
SUPERAntiSpyware

and none of them have found or been able to fix my problem:

When I start Windows XP everything seems fine until I click on one of the Quick Launch Toolbar icons on the taskbar.
Then the Toolbar icons stop being clickable, and after an indeterminate period they disappear.
The place where each one was still has an alternative text available, but no icon, or potential action.

The same happens with my Desktop toolbar, which is on the lhs of my screen.
One icon clicked - I use right-click and Open, and then they don't work then they disappear.
(I use auto-hide - and when the toolbar appears it is blank).

I have run Spybot and SuperAntiSpyware - full scan - but they fail to find any malware :-(

Here's the DSS log. What do I do next, please? I am impressed with the responses over the last few days on this forum,
but can't find a case quite like mine. To cap it all, my wife's laptop - on the network has a similar problem, but with no malware found either.
Will the solution for mine be the same for hers, since we probably were infected by the same email/attachment?

Deckard's System Scanner v20071014.68
Run by John Slee on 2008-06-20 10:50:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-20 09:50:29 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as John Slee.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:48, on 20/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\PhoneConnectorVMC.exe
E:\vmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John Slee.EPIPHANY\Desktop\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\John Slee.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FlashgetMini] C:\Program Files\FlashGet Network\Flashget\Temp\setup.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users.WINDOWS\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: UseFlashGet - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204163253078
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DB670C3-7408-40CD-BD81-BFC9CF7E71D4}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFBF0A85-7597-4C8D-88EB-7795E5244572}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10600 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Motorola SM56 Data Fax Modem
Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_10CA1734&REV_80\3&61AAA01&0&8E
Manufacturer: Motorola Inc
Name: Motorola SM56 Data Fax Modem
PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_10CA1734&REV_80\3&61AAA01&0&8E
Service: Modem


-- Scheduled Tasks -------------------------------------------------------------

2008-06-06 19:28:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2010-10-10 10:09:03 0 d-------- C:\Program Files\Realtek Sound Manager
2010-10-10 10:09:02 0 d-------- C:\Program Files\AvRack
2010-10-10 10:08:38 0 d-------- C:\Program Files\Realtek AC97
2008-06-19 16:31:33 0 d-------- C:\WINDOWS\Prefetch
2008-06-19 16:16:21 0 d-------- C:\WINDOWS\system32\scripting
2008-06-19 16:16:20 0 d-------- C:\WINDOWS\l2schemas
2008-06-19 16:16:18 0 d-------- C:\WINDOWS\system32\en
2008-06-19 16:16:17 0 d-------- C:\WINDOWS\system32\bits
2008-06-19 16:06:59 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-19 01:43:48 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-06-19 01:43:24 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-19 01:43:24 0 d-------- C:\Documents and Settings\John Slee.EPIPHANY\Application Data\SUPERAntiSpyware.com
2008-06-18 23:49:31 0 d-------- C:\Program Files\Trend Micro
2008-06-18 14:54:56 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2008-06-18 12:40:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-06-18 12:26:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 11:16:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-06-18 09:54:01 0 d-------- C:\Program Files\RogueRemover FREE
2008-06-17 18:52:41 425984 --a------ C:\WINDOWS\system32\GeoCodec.dll <Not Verified; GeoVision; GeoCodec Dynamic Link Library>
2008-06-17 18:52:41 413760 --a------ C:\WINDOWS\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-06-17 18:52:41 425984 -ra------ C:\WINDOWS\GeoCodec.dll <Not Verified; GeoVision; GeoCodec Dynamic Link Library>
2008-06-16 16:42:51 0 d-------- C:\Program Files\MozBackup
2008-05-22 09:24:51 0 d-------- C:\Documents and Settings\John Slee.EPIPHANY\Application Data\GeoSetter
2008-05-22 09:24:15 0 d-------- C:\Program Files\GeoSetter


-- Find3M Report ---------------------------------------------------------------

2008-06-20 09:58:44 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-20 09:45:47 0 d-------- C:\Documents and Settings\John Slee.EPIPHANY\Application Data\OpenOffice.org2
2008-06-19 16:17:35 0 d-------- C:\Program Files\Messenger
2008-06-19 16:16:17 0 d-------- C:\Program Files\Movie Maker
2008-06-19 16:06:06 0 d-------- C:\Program Files\Windows NT
2008-06-18 23:30:25 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-18 12:40:23 0 d-------- C:\Program Files\Lavasoft
2008-06-18 12:26:45 0 d-------- C:\Program Files\Common Files
2008-06-18 10:39:39 0 d-------- C:\Program Files\Email Marketing Pro 2008
2008-06-17 21:13:27 0 d-------- C:\Program Files\QuickTime
2008-06-13 01:29:16 0 d-------- C:\Program Files\WebCam
2008-05-26 07:37:17 0 d-------- C:\Program Files\palmOne
2008-05-25 22:16:57 0 d-------- C:\Documents and Settings\John Slee.EPIPHANY\Application Data\AVGTOOLBAR
2008-05-18 10:35:31 0 d-------- C:\Program Files\orange3
2008-05-17 20:46:05 0 d-------- C:\Program Files\AVG
2008-05-17 11:36:22 0 d-------- C:\Program Files\Water Explorer
2008-05-16 00:01:04 0 d-------- C:\Program Files\Gallery Remote
2008-05-15 23:22:59 0 d-------- C:\Documents and Settings\John Slee.EPIPHANY\Application Data\PFrank
2008-05-15 23:09:33 0 d-------- C:\Program Files\PFrank
2008-05-15 11:03:07 0 d--h----- C:\Program Files\Zero G Registry
2008-05-06 16:56:38 297 --a------ C:\WINDOWS\system32\admshare.dat
2008-05-06 16:56:38 0 d-------- C:\Documents and Settings\John Slee.EPIPHANY\Application Data\BITS
2008-04-26 08:08:20 0 d-------- C:\Documents and Settings\John Slee.EPIPHANY\Application Data\Nokia Multimedia Player
2008-04-25 21:18:10 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-25 21:18:09 0 d-------- C:\Program Files\Common Files\PCSuite
2008-04-25 21:17:13 0 d-------- C:\Program Files\Nokia
2008-04-25 21:16:13 0 d-------- C:\Program Files\PC Connectivity Solution
2008-04-25 16:43:13 0 d-------- C:\Documents and Settings\John Slee.EPIPHANY\Application Data\PC Suite
2008-04-24 18:00:14 0 d-------- C:\Program Files\Java
2008-04-24 14:48:58 0 d-------- C:\Program Files\RFViewer
2008-04-24 14:47:39 0 d-------- C:\Program Files\Common Files\Folio Shared
2008-04-22 07:50:53 0 d-------- C:\Program Files\temp
2008-04-20 20:36:51 0 d-------- C:\Documents and Settings\John Slee.EPIPHANY\Application Data\Apple Computer
2008-03-25 14:51:28 112832 --a----c- C:\WINDOWS\hpoins07.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
17/05/2008 20:46 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [17/05/2008 20:46 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"VTTimer"="VTTimer.exe" [08/03/2005 04:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [01/11/2005 05:15 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [01/03/2006 17:22 C:\WINDOWS\soundman.exe]
"SMSERIAL"="sm56hlpr.exe" [10/11/2005 05:44 C:\WINDOWS\sm56hlpr.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [20/04/2008 06:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/02/2008 10:35]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"BluetoothAuthenticationAgent"="bthprops.cpl" [14/04/2008 01:12 C:\WINDOWS\system32\bthprops.cpl]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/05/2005 00:12]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"FlashgetMini"="C:\Program Files\FlashGet Network\Flashget\Temp\setup.exe" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [17/05/2008 20:46]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/04/2007 10:08]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"ISUSPM"="C:\Documents and Settings\All Users.WINDOWS\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [29/03/2007 16:41]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [26/03/2008 18:41]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]

C:\Documents and Settings\John Slee.EPIPHANY\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 3:41:28 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/26/2006 8:56:55 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/26/2006 12:24:59 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [1/1/2007 12:22:03 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 9:15:54 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28e60155-ee01-11dc-8457-000d888eddaa}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28e60156-ee01-11dc-8457-000d888eddaa}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31a2c79a-f811-11dc-847f-0014a59a0895}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31a2c79b-f811-11dc-847f-0014a59a0895}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36fa1034-ee72-11dc-8458-0014a59a0895}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c32ba74-f006-11dc-845d-0014a59a0895}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7cf184a-f064-11dc-8461-000d888eddaa}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7cf184b-f064-11dc-8461-000d888eddaa}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d51d1d4c-f872-11dc-8481-0014a59a0895}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d51d1d4d-f872-11dc-8481-0014a59a0895}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60bb227-f6b6-11dc-847c-0014a59a0895}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60bb228-f6b6-11dc-847c-0014a59a0895}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60bb229-f6b6-11dc-847c-0014a59a0895}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60bb22a-f6b6-11dc-847c-0014a59a0895}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60bb22d-f6b6-11dc-847c-0014a59a0895}]
AutoRun\command- E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60bb22e-f6b6-11dc-847c-0014a59a0895}]
AutoRun\command- E:\StartVMCLite.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8724 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-20 11:00:36 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® M CPU 410 @ 1.46GHz
Percentage of Memory in Use: 81%
Physical Memory (total/avail): 446.1 MiB / 82.35 MiB
Pagefile Memory (total/avail): 1054.64 MiB / 452.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.67 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 9.88 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST96812A S SCSI Disk Device - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\John Slee.EPIPHANY\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EPIPHANY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\John Slee.EPIPHANY
LOGONSERVER=\\EPIPHANY
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\John Slee.EPIPHANY\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\MySQL\MySQL Server 5.0\bin;C:\PROGRA~1\COMMON~1\FOLIOS~1;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOHNSL~1.EPI\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOHNSL~1.EPI\LOCALS~1\Temp
USERDOMAIN=EPIPHANY
USERNAME=John Slee
USERPROFILE=C:\Documents and Settings\John Slee.EPIPHANY
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

John Slee.EPIPHANY (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom 802.11 Network Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose
Family History Resource File Viewer 2.0 --> C:\PROGRA~1\RFViewer\UNWISE.EXE C:\PROGRA~1\RFViewer\INSTALL.LOG
Family Tree Maker 7.5 --> C:\WINDOWS\IsUninst.exe -f"c:\program files\ftw\Uninst.isu"
FLV Player 2.0, build 23 --> C:\Program Files\FLV Player\uninst.exe
Gallery Remote --> "C:\Program Files\Gallery Remote\UninstallerData\Uninstall gallery_remote.exe"
GeoSetter 2.5.3 --> "C:\Program Files\GeoSetter\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver --> MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111 -->
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Larry's OpenOffice and StarOffice Indexer --> "C:\Program Files\Larry's GDS Plugins\Larry's OpenOffice and StarOffice Indexer\Uninstall.exe"
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co.dll,SM56UnInstaller
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySQL Server 5.0 --> MsiExec.exe /I{608FFCC7-7237-47BB-ABD5-8341754A3BBA}
MySQL Tools for 5.0 --> MsiExec.exe /I{EC561602-C0B9-4FAA-A175-1B3273639AC3}
Navvygator --> rundll32.exe dfshim.dll,ShArpMaintain Navvygator.application, Culture=en-GB, PublicKeyToken=a7469cf6ff7908cb, processorArchitecture=msil
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite --> C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{90C07306-2B13-4236-B6D7-6E294110D141}\Nokia_PC_Suite_rel_6_86_8_6_eng_web.exe
Nokia PC Suite --> MsiExec.exe /I{90C07306-2B13-4236-B6D7-6E294110D141}
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Palm Desktop --> MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
PC Connectivity Solution --> MsiExec.exe /I{DA678507-B6F0-4216-89B7-FD8674E61CE3}
Peter's Flexible RenAmiNg Kit (PFrank) 2.17 --> "C:\Program Files\PFrank\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) -->
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Vodafone Mobile Connect Lite --> MsiExec.exe /I{B5761811-28F3-4257-B537-815C5EEF472C}
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Driver Package - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMerge 2.6.14.0 --> "C:\Program Files\WinMerge\unins000.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type3208 / Warning
Event Submitted/Written: 06/20/2008 09:42:13 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type3207 / Warning
Event Submitted/Written: 06/20/2008 09:42:13 AM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type3200 / Warning
Event Submitted/Written: 06/19/2008 04:33:50 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type3199 / Warning
Event Submitted/Written: 06/19/2008 04:33:49 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type3195 / Warning
Event Submitted/Written: 06/19/2008 04:31:55 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type36305 / Warning
Event Submitted/Written: 06/19/2008 09:56:14 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "SAS window"

Event Record #/Type36304 / Warning
Event Submitted/Written: 06/19/2008 09:56:14 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "SAS window"

Event Record #/Type36200 / Error
Event Submitted/Written: 06/19/2008 04:32:40 PM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{D851F103-8C90-4321-AFF0-58BA5BD421C2}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type36196 / Warning
Event Submitted/Written: 06/19/2008 04:31:57 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- %4.

Event Record #/Type36169 / Error
Event Submitted/Written: 06/19/2008 01:06:48 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Windows XP Service Pack 3 (KB936929).



-- End of Deckard's System Scanner: finished at 2008-06-20 11:00:36 ------------

BC AdBot (Login to Remove)

 


#2 Big_John

Big_John
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 03 July 2008 - 02:29 AM

Here's an update, for clarification. Should this topic be moved to Windows XP forum?

When I right-click on any of the icons on the Quick Launch Toolbar, I get the usual menu:
Open
Explore
PFrank
Search
WinMerge
Geosetter
Scan with AVG
Send to
Cut
Copy
Create Shortcut
Delete
Rename
Properties

Left-Clicking on any of these options works as it is supposed to.

However, if I right-click on any of the QL Toobar icons a second time, the Taskbar menu appears, preceded by
Open folder (this opens the Quick Launch Toolbar folder)
Toolbars
Cascade Windows
Tile Windows Horizontally
Tile Windows Vertically
Show the Desktop
Task Manager
Lock the Taskbar
Properties

and, crucially, left-clicking on any of the icons has no effect.
(Broadly speaking, the same happens with the Desktop toolbar.)

I had given up waiting for help, as I've had over 40 viewers, and no reply, so with the help of Katana on http://forums.spybot.info/showthread.php?t=29717 I have that I do not have any malware. You can see that thread to look at the various logs produced.

At her suggestion, I used http://www.kellys-korner-xp.com/taskbarplus!.htm - the Taskbar / "Toolbars greyed out or missing" option restores icons' left click function by restarting the Windows Shell.
She suggested that I should now ask on this site.

Sorry if I have not followed guidelines. I hope someone will still be willing and able to help me.

#3 Big_John

Big_John
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 09 July 2008 - 02:48 AM

Please close this thread. The issue belongs in the Windows XP forum.
Thanks

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:25 AM

Posted 13 July 2008 - 10:08 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 Big_John

Big_John
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 14 July 2008 - 03:53 AM

Thank you for your reply, but please reread my post. I have ascertained that there is no malware.

Please close this thread. The issue belongs in the Windows XP forum.
Thanks



#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:25 AM

Posted 14 July 2008 - 07:00 AM

Thanks, I missed your last post.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users