Options

Spooldr Help

Unknown
edited August 2007 in Spyware & Virus Removal
I have a problem with my PC, I opened an Email which I though was harmless, but it wasn't. Since then My PC has been unable to shut itself down(I have to cut its power from the mains)
Also My Anti Virus was Blue yonder PC Guard, which included Firewall,anti Spy ware and Anti Virus, that can no longer be turned on, as soon as i turn it on it turns itself off.

A notepad document was appearing on my desktop called Spooldr

I have uninstalled PC Guard and tried to install, Zone Alarm, and also tried to install Kaspersky, both have failed due to errors.

I have also tried a system restore, but it fails because the PC has to be improperly shut down which makes the system restore fail.

And I have ran Spybot search and destroy, which found 5 minor threats and treated them, this did not effect the situation, I have the latest version of Regure, that found 843 registry errors, cleaned them but still the problem is here. Main Problem is that I'm unable to install an anti Virus.

I have my Hijack this log file below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:59:01, on 28/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Turtle Beach\Turtle Beach USB MIDI 1x1\TBUM11.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\MSI25.tmp
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Turtle Beach USB MIDI 1x1] C:\Program Files\Turtle Beach\Turtle Beach USB MIDI 1x1\TBUM11.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155739565025
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: asurscsi - Voyetra Turtle Beach, Inc. - C:\DOCUME~1\Owner\LOCALS~1\Temp\MSI25.tmp
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 8213 bytes

Comments

  • NuppiNuppi South Ostrobothnia (Finland)
    edited July 2007
    Hi neilh,

    And welcome to Icrontic :D


    I'll need more information from you. Download Deckard's System Scanner (DSS) to your Desktop.

    What DSS will do:
    * create a new System Restore point in Windows XP and Vista.
    * clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    * check some important areas of your system and produce a report for your analyst to review.
    * DSS automatically runs HijackThis 1.99.1 for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

    Note: You must be logged onto an account with administrator privileges.

    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
    5. Please attach extra.txt to your post.
  • neilh
    edited August 2007
    on your instructions here is the results of Deckard System Scanner

    main txt file ...........

    Deckard's System Scanner v20070729.57
    Run by Owner on 2007-08-01 at 13:05:49
    Computer is in Normal Mode.

    -- System Restore

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    31: 2007-08-01 12:05:54 UTC - RP605 - Deckard's System Scanner Restore Point
    30: 2007-07-28 14:34:08 UTC - RP604 - Installed Microsoft Visual C++ 2005 Redistributable
    29: 2007-07-28 14:23:34 UTC - RP603 - Installed Kaspersky Anti-Virus 6.0.
    28: 2007-07-28 14:15:57 UTC - RP602 - Restore Operation
    27: 2007-07-28 14:12:59 UTC - RP601 - Restore Operation


    -- First Restore Point --
    1: 2007-04-28 14:11:28 UTC - RP575 - Configured Voyetra Record Producer MIDI Edition


    Backed up registry hives.

    Performed disk cleanup.


    -- HijackThis (run as Owner.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:07:12, on 01/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
    C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
    C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Turtle Beach\Turtle Beach USB MIDI 1x1\TBUM11.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\blueyonder IST\bin\mpbtn.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\MSI25.tmp
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
    O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [Turtle Beach USB MIDI 1x1] C:\Program Files\Turtle Beach\Turtle Beach USB MIDI 1x1\TBUM11.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155739565025
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: asurscsi - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\MSI25.tmp (file missing)
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 8370 bytes

    -- File Associations

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    S2 CSS DVP - c:\windows\system32\drivers\css-dvp.sys (file missing)
    S3 FUTUREX - c:\program files\aida32 - personal system information\aida32.sys (file missing)
    S3 TBU11 (Turtle Beach USB MIDI 1x1 Driver) - c:\windows\system32\drivers\tbu11.sys <Not Verified; Voyetra Turtle Beach, Inc.; Turtle Beach USB MIDI 1x1>
    S3 USB200M (Linksys USB 2.0 Network Adapter ver.2) - c:\windows\system32\drivers\usb200m2.sys <Not Verified; Linksys; Linksys USB 2.0 Network Adapter ver.2>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 asurscsi - c:\docume~1\owner\locals~1\temp\msi25.tmp (file missing)
    R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>


    -- Scheduled Tasks

    2007-07-28 15:26:24 372 --a
    C:\WINDOWS\Tasks\RegCure.job
    2006-12-29 23:08:38 330 --ah
    C:\WINDOWS\Tasks\MP Scheduled Scan.job


    -- Files created between 2007-07-01 and 2007-08-01

    2007-07-28 15:54:11 0 d
    C:\Program Files\Trend Micro
    2007-07-28 15:35:50 0 d
    C:\Documents and Settings\Owner\Application Data\Prevx
    2007-07-28 15:35:08 0 d
    C:\Documents and Settings\All Users\Application Data\Prevx
    2007-07-28 15:35:07 0 d
    C:\Program Files\Prevx2
    2007-07-28 15:34:18 77312 --a
    C:\WINDOWS\ua2.dll
    2007-07-28 15:25:50 0 d
    C:\Program Files\RegCure
    2007-07-28 15:23:59 74396 --a
    C:\WINDOWS\system32\drivers\klin.dat
    2007-07-28 15:23:58 74908 --a
    C:\WINDOWS\system32\drivers\klick.dat
    2007-07-28 15:23:40 0 d
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-07-28 15:23:38 13600 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-07-28 15:23:38 131104 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-07-28 14:36:24 4212 ---h
    C:\WINDOWS\system32\zllictbl.dat
    2007-07-28 14:35:59 11264 --a
    C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
    2007-07-28 14:34:44 0 d
    C:\WINDOWS\Internet Logs
    2007-07-28 14:30:51 0 d
    C:\Program Files\Kaspersky Lab
    2007-07-28 14:30:19 0 d
    C:\KAV
    2007-07-28 14:24:03 0 d--h
    C:\Documents and Settings\Administrator\Templates
    2007-07-28 14:24:03 0 dr
    C:\Documents and Settings\Administrator\Start Menu
    2007-07-28 14:24:03 0 dr-h
    C:\Documents and Settings\Administrator\SendTo
    2007-07-28 14:24:03 0 d--h
    C:\Documents and Settings\Administrator\Recent
    2007-07-28 14:24:03 0 d--h
    C:\Documents and Settings\Administrator\PrintHood
    2007-07-28 14:24:03 524288 --ah
    C:\Documents and Settings\Administrator\NTUSER.DAT
    2007-07-28 14:24:03 0 d--h
    C:\Documents and Settings\Administrator\NetHood
    2007-07-28 14:24:03 0 d
    C:\Documents and Settings\Administrator\My Documents
    2007-07-28 14:24:03 0 d--h
    C:\Documents and Settings\Administrator\Local Settings
    2007-07-28 14:24:03 0 d
    C:\Documents and Settings\Administrator\Favorites
    2007-07-28 14:24:03 0 d
    C:\Documents and Settings\Administrator\Desktop
    2007-07-28 14:24:03 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
    2007-07-28 14:24:03 0 dr-h
    C:\Documents and Settings\Administrator\Application Data
    2007-07-28 14:24:03 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2007-07-27 11:12:24 0 dr-h
    C:\Documents and Settings\Owner\Recent
    2007-07-11 16:19:21 0 d
    C:\Documents and Settings\All Users\Application Data\JollyBear


    -- Find3M Report

    2007-08-01 12:51:52 0 d
    C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
    2007-07-28 14:10:17 0 d
    C:\Program Files\Common Files\Command Software
    2007-07-28 14:08:48 0 d
    C:\Program Files\blueyonder
    2007-07-28 14:08:41 0 d
    C:\Program Files\Common Files\PestPatrol
    2007-07-22 14:28:18 0 d
    C:\Program Files\Shockwave.com
    2007-07-22 13:49:40 0 d
    C:\Documents and Settings\Owner\Application Data\PlayFirst
    2007-07-12 08:51:36 0 d
    C:\Program Files\Oberon Media
    2007-07-11 16:18:45 0 d
    C:\Program Files\Common Files\Oberon Media
    2007-06-10 12:47:05 35 --a
    C:\WINDOWS\popcinfo.dat
    2007-06-09 18:15:10 0 d
    C:\Program Files\Common Files
    2007-06-07 10:18:58 0 d
    C:\Program Files\Webshots


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [04/10/2005 15:12 C:\WINDOWS\SOUNDMAN.EXE]
    "Motive SmartBridge"="C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe" [22/09/2005 09:05]
    "PCguardadvisor.exe"="C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe" [28/04/2006 15:27]
    "SideWinderTrayV4"="C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe" [02/06/2000 19:07]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [17/10/2006 18:59]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [01/02/2007 03:52]
    "Turtle Beach USB MIDI 1x1"="C:\Program Files\Turtle Beach\Turtle Beach USB MIDI 1x1\TBUM11.exe" [17/06/2003 15:31]
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [11/04/2002 04:19]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [29/01/2007 23:02]
    "PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [19/07/2007 16:12]
    "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [25/10/2006 14:21]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/08/2007 12:52]

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [26/02/2006 05:19:16]
    Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [20/09/2006 11:01:08]
    WkCalRem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [20/06/2002 12:21:32]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
    blueyonder Instant Support Tool.lnk - C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe [20/08/2006 15:20:07]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [16/08/2006 17:35:54]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
    \Magentic.exe /c

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "C:\Program Files\Windows Defender\MSASCui.exe" -hide




    -- End of Deckard's System Scanner: finished at 2007-08-01 at 13:07:50

    and here is the extra txt

    Deckard's System Scanner v20070729.57
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
    Percentage of Memory in Use: 59%
    Physical Memory (total/avail): 509.98 MiB / 206.23 MiB
    Pagefile Memory (total/avail): 1249.34 MiB / 1019.97 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1967.81 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 153.38 GiB total, 143.24 GiB free.
    D: is Fixed (NTFS) - 74.52 GiB total, 66.46 GiB free.
    E: is CDROM (No Media)


    -- Security Center

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.

    AV: Prevx 2.0 v1.0.1.33 (Prevx Ltd.) Disabled

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\\Program Files\\Magentic\\bin\\Magentic.exe"="D:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
    "D:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="D:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
    "C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Enabled:NAVBrowser"
    "D:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="D:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Documents and Settings\\Owner\\Desktop\\ecard.exe"="C:\\Documents and Settings\\Owner\\Desktop\\ecard.exe:*:Enabled:ecard"
    "C:\\Documents and Settings\\Owner\\Desktop\\Unused Desktop Shortcuts\\ecard.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Unused Desktop Shortcuts\\ecard.exe:*:Disabled:ecard"
    "C:\\WINDOWS\\spooldr.exe"="C:\\WINDOWS\\spooldr.exe:*:Enabled:enable"


    -- Environment Variables

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Owner\Application Data
    CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=HOME-3706D78005
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Owner
    LOGONSERVER=\\HOME-3706D78005
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\Program Files\Mozilla Firefox\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0204
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    USERDOMAIN=HOME-3706D78005
    USERNAME=Owner
    USERPROFILE=C:\Documents and Settings\Owner
    windir=C:\WINDOWS


    -- User Profiles

    Owner (admin)
    Administrator (new local, admin)


    -- Add/Remove Programs

    --> C:\PROGRA~1\BLUEYO~1\Uninstall.exe blueyonder
    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
    Alice Greenfingers --> "C:\Program Files\Oberon Media\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Oberon Media\Alice Greenfingers\install.log"
    Amazonia --> "C:\Program Files\Oberon Media\Amazonia\Uninstall.exe" "C:\Program Files\Oberon Media\Amazonia\install.log"
    Bejeweled 2 Deluxe(R) --> C:\PROGRA~1\SHOCKW~1.COM\BEJEWE~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\BEJEWE~1\INSTALL.LOG
    Big Kahuna Reef 2: Chain Reaction --> C:\PROGRA~1\SHOCKW~1.COM\BIGKAH~2\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\BIGKAH~2\INSTALL.LOG
    blueyonder Instant Support Tool --> C:\WINDOWS\Motive\blueyonder\MCCUninst.exe
    Cake Mania --> C:\PROGRA~1\SHOCKW~1.COM\CAKEMA~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\CAKEMA~1\INSTALL.LOG
    Chocolatier --> C:\PROGRA~1\SHOCKW~1.COM\CHOCOL~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\CHOCOL~1\INSTALL.LOG
    Diner Dash®: Flo on the Go --> C:\PROGRA~1\SHOCKW~1.COM\DINERD~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\DINERD~1\INSTALL.LOG
    EPSON PhotoQuicker3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst
    EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
    Gem Slider Deluxe --> "C:\Program Files\Oberon Media\Gem Slider Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Gem Slider Deluxe\install.log"
    Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
    Hemera Products --> C:\PROGRA~1\HEMERA~1\UNWISE.EXE C:\PROGRA~1\HEMERA~1\INSTALL.LOG
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Photo and Imaging 1.0 - Scanjet 3500c Series --> MsiExec.exe /I{B8E952E3-A823-443A-8493-39A0CCE0E3EB}
    IL-2 Sturmovik: Forgotten Battles --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3} /l1033
    IL-2 Sturmovik: Forgotten Battles AEP --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D2BBEABB-A8DF-4451-A7C4-63C87B31E325} /l1033
    IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
    Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
    J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
    Jigsaw Puzzle Player --> C:\PROGRA~1\SHOCKW~1.COM\JIGSAW~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\JIGSAW~1\INSTALL.LOG
    Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
    Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
    Mahjong Escape Ancient Japan --> "C:\Program Files\Oberon Media\Mahjong Escape Ancient Japan\Uninstall.exe" "C:\Program Files\Oberon Media\Mahjong Escape Ancient Japan\install.log"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
    Mozilla Firefox (2.0.0.5) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
    OpenOffice.org 2.0 --> MsiExec.exe /I{BF4C2438-CAFF-4DB0-BB77-48BB1781F313}
    PCguard advisor 1.3.22 --> "C:\Program Files\blueyonder\PCguard advisor\unins000.exe"
    Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
    Prevx 2.0 --> "C:\Documents and Settings\All Users\Application Data\Prevx\PrevxSetup.exe" ACTION=UNINSTALL -V -REBOOT -APP
    QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    RegCure 1.0.0.43 --> C:\Program Files\RegCure\uninst.exe
    Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
    SideWinder Precision 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Hardware\Game Controllers\Precision 2\Uninst.isu" -c"C:\Program Files\Microsoft Hardware\Game Controllers\Precision 2\Uninstall.dll"
    Turtle Beach USB MIDI 1x1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74B0050D-709E-4BD4-A5F4-5A7819F324FA}\setup.exe"
    ubi.com --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
    VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Voyetra Record Producer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{28358FC7-703D-4D27-B791-B93C36650157}
    Voyetra Record Producer MIDI Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{73F40936-82D2-417F-AD95-D2633A810873}
    Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
    Webshots Toolbar --> C:\Program Files\Webshots\ToolbarUninstall.exe
    Windows Defender --> MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
    Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
    Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
    YAMAHA Digital Music Notebook --> MsiExec.exe /X{0D0DDFE1-CAE2-4EA4-8589-1B21E1320383}


    -- End of Deckard's System Scanner: finished at 2007-08-01 at 13:07:50
  • NuppiNuppi South Ostrobothnia (Finland)
    edited August 2007
    Hi,


    Click Start > run > Type to box Msconfig and hit enter

    Go to Startup page and unmark all lines what have mention PREVX

    Scan with hijack and check:

    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
    O23 - Service: asurscsi - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\MSI25.tmp (file missing)

    Close alla programs and click fix checked.

    Copy all text in box below to notepad : 
    SC stop asurscsi
SC delete asurscsi

    Save file to the desktop name regfix1.reg filetype "all files"

    double click it and if appaers any question answer yes.


    You have to boot your comp.
  • neilh
    edited August 2007
    okay i have done all of that, prevx was actaully my anti virus but i've uinstalled it and removed the files as your instructions, what has that done, do you think my pc will let me put anti virus software on now?
  • NuppiNuppi South Ostrobothnia (Finland)
    edited August 2007
    Hi,

    Probably PrevX prevents to install another antivirus, If its running.

    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


    After that try to install Firewall and antivirus :D
  • neilh
    edited August 2007
    I cant post the log of combo fix because it says i cannot post links yet
  • NuppiNuppi South Ostrobothnia (Finland)
    edited August 2007
    Hi,

    Copy contens of C:\combofix.txt and paste it to reply.
  • NuppiNuppi South Ostrobothnia (Finland)
    edited August 2007
    Glad I could be of assistance! The help you received here was free. Please read through some of these Prevention Tips that Short-Media offers.

    This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

    Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.

    If you are not the user who started this thread, you must start a new Thread instead :)

    Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here
Sign In or Register to comment.