I think I have a problem

michgal2k · May 2008

I am running Windows Vista and all of a sudden when I try to go to aol.com and read email - IE 7 freezes and I have to use task manager to get out of it. Can you see if I have a problem?
Also when I recently installed and ran AVG free - it found trojan horse Startpage.CQS but did not remove it. I am very confused. Can someone help?

Here is my HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:43 PM, on 5/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Fran\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft

Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12

\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05

\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12

\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3

\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no

file)
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) -

http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) -

http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://myvpn.ford.com/dana-

cached/sc/JuniperSetupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft

Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program

Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot -

Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major

Audio\WDM\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file

missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program

Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8427 bytes

Thomas · May 2008

Hello michgal2k,

The log shows some sort of ActiveX install that occurred there tied to an Americangreetings.com owned company. They seem to be heavy into the screensaver/ecard business and I suspect are mostly undesirable ad related business areas. Let's take a more detailed look here. Be sure in Notepad to go to Format, and uncheck Word Wrap when posting logs. Yours is a bit broken up due to that.

First though follow the steps here to disable SpyBot's TeaTimer, as it will interfere with the repairs. Be sure to do all the steps, including the required reboot. If you have any difficulties accomplishing those then please go ahead and uninstall SpyBot - TeaTimer has been causing too many problems in repairs to make it worth any extra effort while we do them. You can always reinstall it after if you choose to. You have SpySweeper as well, and in truth that and TeaTimer are really not the best combination to have.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Options, place a check next to the following:

Backup Registry Hives

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

You can use extra posts here if needed for that.

michgal2k · May 2008

Here are the logs:
Deckard's System Scanner v20071014.68
Run by Fran on 2008-05-18 14:04:21
Computer is in Normal Mode.

Backed up registry hives.

-- HijackThis (run as Fran.exe)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:56 PM, on 5/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Fran\Desktop\dss.exe
C:\Users\Fran\Fran.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://myvpn.ford.com/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8359 bytes

-- HijackThis Fixed Entries (C:\Users\Fran\backups\)

backup-20071022-075338-935 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
backup-20071022-080033-937 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab

-- File Associations

.pif - piffile - shell\open\command - unable to read value
.reg - regfile - shell\open\command - unable to read value
.scr - scrfile - shell\open\command - unable to read value

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys
R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" (file missing)

-- Device Manager: Disabled

No disabled devices found.

-- Files created between 2008-04-18 and 2008-05-18

2008-05-16 10:22:29 352 --ah

C:\Windows\nod32fixtemdono.reg
2008-05-16 10:01:54 0 d

C:\Program Files\%temp&
2008-05-16 09:59:24 0 d

C:\Users\All Users\ESET
2008-05-16 09:58:15 0 d

C:\Users\All Users\Avg8
2008-05-14 14:56:24 0 d--h

C:\$AVG8.VAULT$
2008-05-13 10:55:19 0 d

C:\Users\All Users\Citrix
2008-05-13 10:54:22 0 d

C:\Program Files\Citrix

-- Find3M Report

2008-05-16 10:01:20 0 d

C:\Users\Fran\AppData\Roaming\ESET
2008-05-15 09:22:24 0 d

C:\Program Files\Windows Mail
2008-05-14 14:26:32 0 d

C:\Program Files\Common Files
2008-04-24 22:22:18 0 d

C:\Program Files\Java
2008-04-19 09:05:09 0 d

C:\Program Files\Google
2008-04-12 21:41:11 164 --a

C:\install.dat

-- Registry Dump

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/24/2007 11:00 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/17/2006 07:52 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [11/15/2006 02:08 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [11/15/2006 02:07 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [11/15/2006 02:07 PM]
"SigmatelSysTrayApp"="sttray.exe" [02/08/2007 01:11 AM C:\Windows\sttray.exe]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 12:37 PM]
"@=" []
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [10/13/2006 12:31 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 08:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [03/13/2008 04:48 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 10:27 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [11/12/2006 03:19 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"Aim6"="" []

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 5:45:42 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/15/2007 9:20:19 PM]
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [3/20/2008 10:26:50 PM]
QuickSet.lnk - C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [4/15/2007 9:17:13 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05317a90-f20b-11db-9dda-0019b96748fe}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3471b118-b3f1-11dc-879e-0019b96748fe}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-05-18 14:08:26

Next:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

-- System Information

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 2037.82 MiB / 1112.2 MiB
Pagefile Memory (total/avail): 4294.2 MiB / 2557.46 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.45 MiB

C: is Fixed (NTFS) - 99.74 GiB total, 66.05 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.93 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200BEVS-75RST0 ATA Device - 111.79 GiB - 4 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 99.74 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2048 MiB

-- Security Center

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ESET Personal firewall v3.0.650.0 (ESET, spol. s r. o.)
AV: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)
AS: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Spy Sweeper v5.5.7.124 (Webroot Software Inc)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Fran\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FRAN-LAPTOP
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Fran
LOCALAPPDATA=C:\Users\Fran\AppData\Local
LOGONSERVER=\\FRAN-LAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Fran\AppData\Local\Temp
TMP=C:\Users\Fran\AppData\Local\Temp
USERDOMAIN=FRAN-LAPTOP
USERNAME=Fran
USERPROFILE=C:\Users\Fran
windir=C:\Windows

-- User Profiles

Fran

-- Add/Remove Programs

--> "C:\Program Files\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\Dell Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\Dell Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\Dell Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\Dell Games\Dell Game Console\Uninstall.exe"
--> "C:\Program Files\Dell Games\Dell Media Center Game Console\Uninstall.exe"
--> "C:\Program Files\Dell Games\FATE\Uninstall.exe"
--> "C:\Program Files\Dell Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\Dell Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\Dell Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\Dell Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\Dell Games\SCRABBLE\Uninstall.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Install --> MsiExec.exe /I{2357B8BC-88C9-4A72-818C-050CC4EB0778}
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf
Corel Paint Shop Pro Photo XI --> MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Corel Snapfire Plus --> MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Dell Games --> "C:\Program Files\Dell Games\Uninstall.exe"
Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Documentation & Support Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
ESET Smart Security --> MsiExec.exe /I{9DE8D465-A169-4CC7-BAF7-CDD1C9E2EE56}
Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
Gmail POP Troubleshooter --> C:\Program Files\Google\Gmail POP Troubleshooter\uninstall.exe
Google Calendar Sync --> "C:\Program Files\Google\Google Calendar Sync\uninstall.exe"
GoToAssist 8.0.0.480 --> C:\Program Files\Citrix\GoToAssist\480\G2AUninstaller.exe /uninstall
HijackThis 2.0.2 --> "C:\Users\Fran\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Internet Service Offers Launcher --> MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
IsoBuster 2.0 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Juniper Networks Cache Cleaner 5.5.0 --> "C:\Users\Fran\AppData\Roaming\Juniper Networks\Cache Cleaner 5.5.0\uninstall.exe"
Juniper Networks Setup Client --> "C:\Users\Fran\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe"
MediaDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Moodflow.com Inspirational Screen Saver --> sstunst3.exe Moodflow.com Inspirational
Move Networks Media Player for Internet Explorer --> C:\Users\Fran\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MyHeritage Family Tree Builder --> C:\Program Files\MyHeritage\Bin\Uninstall.exe
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "C:\Program Files\ESET\ESET Smart Security\unins000.exe"
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Paint.NET v3.22 --> MsiExec.exe /X{96C267DA-0926-4C11-B4E7-4D3EF85130D0}
QuickSet --> MsiExec.exe /I{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}

-- Application Event Log

Event Record #/Type123276 / Warning
Event Submitted/Written: 05/18/2008 01:47:44 PM
Event ID/Source: 36 / Outlook
Event Description:
Outlook Search has encountered an error and is temporarily disabling indexing for store C:\Users\Fran\AppData\Local\Microsoft\Outlook\Outlook.pst (error=0x00000001).

Event Record #/Type123054 / Error
Event Submitted/Written: 05/18/2008 08:46:33 AM
Event ID/Source: 1002 / Application Hang
Event Description:
The program iexplore.exe version 7.0.6000.16643 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: e58
Start Time: 01c8b8e27123536f
Termination Time: 31

Event Record #/Type122993 / Warning
Event Submitted/Written: 05/18/2008 07:49:31 AM
Event ID/Source: 36 / Outlook
Event Description:
Outlook Search has encountered an error and is temporarily disabling indexing for store C:\Users\Fran\AppData\Local\Microsoft\Outlook\Outlook.pst (error=0x00000001).

Event Record #/Type122981 / Success
Event Submitted/Written: 05/18/2008 07:47:44 AM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type122980 / Success
Event Submitted/Written: 05/18/2008 07:47:43 AM
Event ID/Source: 5615 / WinMgmt
Event Description:

-- Security Event Log

No Errors/Warnings found.

-- System Event Log

Event Record #/Type114114 / Warning
Event Submitted/Written: 05/18/2008 01:14:43 PM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type114110 / Error
Event Submitted/Written: 05/18/2008 01:14:40 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
30000STacSV

Event Record #/Type114105 / Error
Event Submitted/Written: 05/18/2008 00:14:11 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{BE22D60F-ACC6-471E-B3A2-C7EF6400C176}.
The backup browser is stopping.

Event Record #/Type114093 / Warning
Event Submitted/Written: 05/18/2008 10:59:36 AM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type113957 / Warning
Event Submitted/Written: 05/18/2008 07:46:38 AM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

-- End of Deckard's System Scanner: finished at 2008-05-18 14:08:26

Also included a new HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:51 PM, on 5/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Fran\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://myvpn.ford.com/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7942 bytes

Thomas · May 2008

Petty obvious net access error issues there, and for some reason Deckards is unable to view some normal file associations, but no infection showing. I would prefer recommending an online-type scan right now, but given the access issues that is out just yet. How long have you had SpySweeper installed here before these problems began to occur?

Go here and download the free version of SUPERAntiSpyware and install it.

After installation accept any prompts to allow SUPERAntiSpyware to install the latest infection definition files. Next follow the prompts to complete the installation. For now, uncheck the option to have SUPERAntiSpyware "Automatically check for program and definition updates". Providing an email address and allowing the software to send diagnostic reports to it's research center are up to you. Do NOT allow SUPERAntiSpyware to Protect your Home Page settings.

Once the installation is complete open SUPERAntiSpyware and press the Preferences button. Under the General and Startup tab, uncheck the following (leaving all other settings as is).

Start-up Options:
*Start SUPERAntiSpyware when Windows starts

Automatic Updates:
*Check for program updates when the application starts.
Start-up Scanning:
*Check for updates before scanning on startup.

Then select Close. Don't scan just yet though.

Also Go Here and download ATF cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

If you have them, also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.

On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"

===============================================

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).

Open SUPERAntiSpyware and click the Scan your Computer button. You may need to start SUPERAntiSpyware, then right click the Taskbar icon (the little bug shaped icon) and select "Scan for Spyware, Adware, Malware..." to access the scan panel. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive), check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan.

SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon).

Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here.

For now just the SUPERAntiSpyware log please.

michgal2k · May 2008

Here is the log-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/18/2008 at 10:25 PM

Application Version : 4.0.1154

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 00:22:30

Memory items scanned : 216
Memory threats detected : 0
Registry items scanned : 7805
Registry threats detected : 0
File items scanned : 21761
File threats detected : 59

Adware.Tracking Cookie
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ads.cluster01.oasis.zmh.zope[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@adopt.euroclick[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@richmedia.yahoo[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@tribalfusion[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ads.addynamix[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@atdmt[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@mediaplex[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ads.pointroll[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@apmebf[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ar.atwola[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ads.techguy[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@atwola[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@advertising[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@sales.liveperson[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@realmedia[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@sales.liveperson[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ehg-eset.hitbox[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ehg.hitbox[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@statcounter[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ehg-yamahamotors.hitbox[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@msnportal.112.2o7[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@247realmedia[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@2o7[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ad.yieldmanager[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@adbrite[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@adinterax[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@adopt.specificclick[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@adrevolver[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ads.revsci[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@anad.tacoda[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@anat.tacoda[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@burstnet[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@casalemedia[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@collective-media[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ehg-dig.hitbox[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@dominionenterprises.112.2o7[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@doubleclick[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ehg-bestwestern.hitbox[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ehg-cruiseone.hitbox[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@glb.adtechus[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@fastclick[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ford.112.2o7[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@hitbox[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@imrworldwide[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@media.adrevolver[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@media.adrevolver[3].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@oasc09.247realmedia[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@overture[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@partner2profit[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@questionmarket[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@revsci[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@specificclick[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@statse.webtrendslive[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@superpages.122.2o7[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@tacoda[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@trafficmp[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@usatoday1.112.2o7[2].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@yadro[1].txt
C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@zedo[2].txt

Sorry it took so long - I am not getting my notifications..
Also forgot to answer you rqestion - I've had spysweeper longer than this problem. Much longer. Also would any of this cause my vpn connect not to work. That just started happening too.

Thomas · May 2008

Only harmless cookies in that. I checked an installer file yesterday one scan said incorrectly was a startpage malware, so not sure you have infection issues there. You installed the newer AVG with TeaTimer enabled? It blocks changes, and/or can bring back changes made earlier, so it may be involved in some way there. I just don't recommend TeaTimer for security - too many problems with it blindly doing things to legit functions. What change, install or update did you do just before the problems started?

michgal2k · May 2008

The only change was removing McAfee (it expired) and installing AVG Free edition. I thought it was AVG free so I removed that and downloaded ESET security.
Should I go back using system restore to before I removed McAfee? Will Teatimer still be gone? I really need to be able access my company's VPN before tomorrow AM.

Still not getting notifications from Icrontic -

Thomas · May 2008

You will need to use the Edit button in that last post and remove the email address - spambots run through forums like these to harvest those when found. Hopefully you do check back in here - emailing each response is just too time consuming working the many requests and forums we all tend to do.

Slim chance it is some remnant of McAfee. Disable all security software. Uninstall SpyBot, if you haven't already, to completely take TeaTimer out of the equation. Then reboot, and run the uninstall tool shown here to complete the uninstall of that. Reboot again to reset the registry.

If that didn't provide a solution you may want to follow up on this in the Icrontic Operating Systems forum for more ideas.

michgal2k · May 2008

I have done 2 system restores - the first one caused me to lose internet conenction so I tried again. I remeoved McAfee but have not done the additional complete removal. I will. I tried to uninstall Spybot but it won;t let me! Says I am missing the uninstall dat file? Can you help? I am currently able to get to my vpn so that is a good thing. I will continue with the McAfee removal & see what happens

Update: After running the removal tool MCRP I was unable to get an internet conenction. So I restored again to before the removal. (Good thing I thought to create a restore point prior to running the tool)

Thomas · May 2008

That scenario does not really natch any known pattern of removals I have seen. I hope SpySweeper is also not involved in corrupting changes you are trying to make. It is not really disabled when you do that through it's own options, and keeps services and bootup settings intact. But although uninstalling that would surely be a good choice right now given what occurs when any changes are made there makes those questionable. SpyBot will need to be reinstalled over the existing copy to remove that, very likely.

Right click Here and select Save Target As (Firefox Save Link As) and save UnHookExec.inf to your Desktop.

Then right-click on UnHookExec.inf and select Install. You may only see a desktop flicker as the changes are made.

That's just to return some of the default registry settings Deckards indicates it is not reading correctly.

Then for now reboot after, and run the same Deckards steps again and post that new log file please.

Thomas · May 2008

That scenario does not really match any known pattern of removals I have seen. I hope SpySweeper is also not involved in corrupting changes you are trying to make. It is not really disabled when you do that through it's own options, and keeps services and bootup settings intact. But although uninstalling that would surely be a good choice right now given what occurs when any changes are made there makes those questionable. SpyBot will need to be reinstalled over the existing copy to remove that, very likely.

Right click Here and select Save Target As (Firefox Save Link As) and save UnHookExec.inf to your Desktop.

Then right-click on UnHookExec.inf and select Install. You may only see a desktop flicker as the changes are made.

That's just to return some of the default registry settings Deckards indicates it is not reading correctly.

Then for now reboot after, and run the same Deckards steps again and post that new log file please.

michgal2k · May 2008

So to make sure I understand - download Spybot again so I can uninstall it? Should I also get rid of SpySweeper? Do I need anything besides AVG Free?

Here are my logs:
Deckard's System Scanner v20071014.68
Run by Fran on 2008-05-20 14:20:38
Computer is in Normal Mode.

-- HijackThis (run as Fran.exe)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:52 PM, on 5/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Fran\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Fran\Fran.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://myvpn.ford.com/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8666 bytes

-- HijackThis Fixed Entries (C:\Users\Fran\backups\)

backup-20071022-075338-935 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
backup-20071022-080033-937 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab

-- File Associations

.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys
R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" (file missing)

-- Device Manager: Disabled

No disabled devices found.

-- Files created between 2008-04-20 and 2008-05-20

2008-05-19 23:16:23 0 d

C:\Windows\system32\drivers\Avg
2008-05-19 23:16:10 0 d

C:\Program Files\AVG
2008-05-19 13:10:24 0 d

C:\Program Files\Common Files\Adobe(89)
2008-05-18 21:51:51 0 d

C:\Users\All Users\SUPERAntiSpyware.com
2008-05-18 21:51:23 0 d

C:\Program Files\SUPERAntiSpyware
2008-05-16 09:59:24 0 d

C:\Users\All Users\ESET
2008-05-16 09:58:15 0 d

C:\Users\All Users\Avg8
2008-05-14 14:56:24 0 d--h

C:\$AVG8.VAULT$
2008-05-13 10:55:19 0 d

C:\Users\All Users\Citrix
2008-05-13 10:54:22 0 d

C:\Program Files\Citrix

-- Find3M Report

2008-05-20 14:08:59 0 d

C:\Program Files\AIM6
2008-05-20 06:39:04 0 d

C:\Program Files\Windows Mail
2008-05-19 23:24:39 0 d

C:\Program Files\Common Files
2008-05-19 22:11:54 0 d

C:\Program Files\Digital Line Detect
2008-05-19 22:11:54 0 d

C:\Program Files\DellSupport
2008-05-19 22:11:54 0 d

C:\Program Files\Common Files\Adobe
2008-05-19 22:11:33 0 d

C:\Program Files\Google
2008-05-19 22:11:32 0 d

C:\Users\Fran\AppData\Roaming\U3
2008-05-19 22:11:32 0 d

C:\Users\Fran\AppData\Roaming\Move Networks
2008-05-19 22:11:32 0 d

C:\Program Files\MyHeritage
2008-05-19 22:11:31 0 d

C:\Program Files\Support.com
2008-05-19 22:11:31 0 d

C:\Program Files\Paint.NET
2008-05-19 22:11:30 0 d

C:\Program Files\Common Files\AOL
2008-05-19 22:11:29 0 d

C:\Program Files\Smart Projects
2008-05-19 22:11:28 0 d

C:\Program Files\Microsoft.NET
2008-05-19 22:11:28 0 d

C:\Program Files\Microsoft Visual Studio 8
2008-05-19 22:11:28 0 d

C:\Program Files\CyberLink
2008-05-19 22:11:26 0 d

C:\Program Files\Dell Games
2008-05-19 22:11:25 0 d

C:\Program Files\Roxio
2008-05-19 22:11:25 0 d

C:\Program Files\Common Files\InstallShield
2008-05-19 22:11:24 0 d

C:\Program Files\Common Files\Roxio Shared
2008-05-19 22:11:24 0 d

C:\Program Files\Common Files\Corel
2008-05-19 22:11:23 0 d

C:\Program Files\SigmaTel
2008-05-19 22:11:23 0 d

C:\Program Files\NetWaiting
2008-05-19 22:11:23 0 d--h

C:\Program Files\InstallShield Installation Information
2008-05-19 22:11:23 0 d

C:\Program Files\Common Files\Java
2008-05-19 22:11:22 0 d

C:\Program Files\CONEXANT
2008-05-19 22:11:21 0 d

C:\Program Files\Yahoo!
2008-05-19 22:11:21 0 d

C:\Program Files\illiminable
2008-05-19 22:11:21 0 d

C:\Program Files\AOL Install
2008-05-19 22:11:20 0 d

C:\Program Files\Microsoft Works
2008-05-19 22:11:20 0 d

C:\Program Files\EarthLink Setup
2008-05-19 22:11:19 0 d

C:\Users\Fran\AppData\Roaming\Identities
2008-05-19 22:11:19 0 d

C:\Program Files\NetZeroInstallers
2008-05-19 22:11:19 0 d

C:\Program Files\Modem Diagnostic Tool
2008-05-19 22:11:19 0 d

C:\Program Files\Corel
2008-05-19 22:10:56 0 d

C:\Program Files\Windows Sidebar
2008-05-19 22:10:55 0 d

C:\Program Files\Windows Photo Gallery
2008-05-19 22:10:55 0 d

C:\Program Files\Windows NT
2008-05-19 22:10:55 0 d

C:\Program Files\Windows Journal
2008-05-19 22:10:55 0 d

C:\Program Files\Windows Defender
2008-05-19 22:10:55 0 d

C:\Program Files\Windows Collaboration
2008-05-19 22:10:55 0 d

C:\Program Files\Windows Calendar
2008-05-19 22:10:55 0 d

C:\Program Files\Reference Assemblies
2008-05-19 22:10:55 0 d

C:\Program Files\MSBuild
2008-05-19 22:10:55 0 d

C:\Program Files\Movie Maker
2008-05-19 22:10:55 0 d

C:\Program Files\Microsoft Games
2008-05-19 22:10:55 0 d

C:\Program Files\Common Files\SpeechEngines
2008-05-18 21:51:23 0 d

C:\Users\Fran\AppData\Roaming\SUPERAntiSpyware.com
2008-05-16 10:01:20 0 d

C:\Users\Fran\AppData\Roaming\ESET
2008-04-24 22:22:18 0 d

C:\Program Files\Java
2008-04-12 21:41:11 164 --a

C:\install.dat

-- Registry Dump

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/24/2007 11:00 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/17/2006 07:52 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [11/15/2006 02:08 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [11/15/2006 02:07 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [11/15/2006 02:07 PM]
"SigmatelSysTrayApp"="sttray.exe" [02/08/2007 01:11 AM C:\Windows\sttray.exe]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 12:37 PM]
"@=" []
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [10/13/2006 12:31 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 08:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/19/2008 11:16 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 10:27 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [11/12/2006 03:19 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"Aim6"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 5:45:42 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/15/2007 9:20:19 PM]
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [3/20/2008 10:26:50 PM]
QuickSet.lnk - C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [4/15/2007 9:17:13 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05317a90-f20b-11db-9dda-0019b96748fe}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3471b118-b3f1-11dc-879e-0019b96748fe}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-05-20 14:23:09

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

-- System Information

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 2037.82 MiB / 1190.93 MiB
Pagefile Memory (total/avail): 4294.45 MiB / 3281.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.46 MiB

C: is Fixed (NTFS) - 99.74 GiB total, 65.88 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.93 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200BEVS-75RST0 ATA Device - 111.79 GiB - 4 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 99.74 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2048 MiB

-- Security Center

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AS: AVG Anti-Virus Free v8.0 (AVG Technologies) Disabled
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated
AS: Spy Sweeper v5.5.7.124 (Webroot Software Inc)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Fran\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FRAN-LAPTOP
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Fran
LOCALAPPDATA=C:\Users\Fran\AppData\Local
LOGONSERVER=\\FRAN-LAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Fran\AppData\Local\Temp
TMP=C:\Users\Fran\AppData\Local\Temp
USERDOMAIN=FRAN-LAPTOP
USERNAME=Fran
USERPROFILE=C:\Users\Fran
windir=C:\Windows

-- User Profiles

Fran

-- Add/Remove Programs

--> "C:\Program Files\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\Dell Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\Dell Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\Dell Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\Dell Games\Dell Game Console\Uninstall.exe"
--> "C:\Program Files\Dell Games\Dell Media Center Game Console\Uninstall.exe"
--> "C:\Program Files\Dell Games\FATE\Uninstall.exe"
--> "C:\Program Files\Dell Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\Dell Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\Dell Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\Dell Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\Dell Games\SCRABBLE\Uninstall.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Install --> MsiExec.exe /I{2357B8BC-88C9-4A72-818C-050CC4EB0778}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf
Corel Paint Shop Pro Photo XI --> MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Corel Snapfire Plus --> MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Dell Games --> "C:\Program Files\Dell Games\Uninstall.exe"
Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Documentation & Support Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
Gmail POP Troubleshooter --> C:\Program Files\Google\Gmail POP Troubleshooter\uninstall.exe
Google Calendar Sync --> "C:\Program Files\Google\Google Calendar Sync\uninstall.exe"
HijackThis 2.0.2 --> "C:\Users\Fran\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Internet Service Offers Launcher --> MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
IsoBuster 2.0 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Juniper Networks Cache Cleaner 5.5.0 --> "C:\Users\Fran\AppData\Roaming\Juniper Networks\Cache Cleaner 5.5.0\uninstall.exe"
Juniper Networks Setup Client --> "C:\Users\Fran\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe"
MediaDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Moodflow.com Inspirational Screen Saver --> sstunst3.exe Moodflow.com Inspirational
Move Networks Media Player for Internet Explorer --> C:\Users\Fran\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MyHeritage Family Tree Builder --> C:\Program Files\MyHeritage\Bin\Uninstall.exe
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Paint.NET v3.22 --> MsiExec.exe /X{96C267DA-0926-4C11-B4E7-4D3EF85130D0}
QuickSet --> MsiExec.exe /I{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}

-- Application Event Log

Event Record #/Type125604 / Success
Event Submitted/Written: 05/20/2008 02:14:21 PM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type125603 / Success
Event Submitted/Written: 05/20/2008 02:14:19 PM
Event ID/Source: 5615 / WinMgmt
Event Description:

Event Record #/Type125600 / Success
Event Submitted/Written: 05/20/2008 02:13:52 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type125525 / Error
Event Submitted/Written: 05/20/2008 01:11:19 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program iexplore.exe version 7.0.6000.16643 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 10d0
Start Time: 01c8ba9c262b907c
Termination Time: 29

Event Record #/Type125502 / Error
Event Submitted/Written: 05/20/2008 00:49:58 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program iexplore.exe version 7.0.6000.16643 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 5c0
Start Time: 01c8ba97059e423c
Termination Time: 91

-- Security Event Log

No Errors/Warnings found.

-- System Event Log

Event Record #/Type117006 / Warning
Event Submitted/Written: 05/20/2008 02:17:42 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type117005 / Warning
Event Submitted/Written: 05/20/2008 02:17:42 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type116907 / Warning
Event Submitted/Written: 05/20/2008 02:13:17 PM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type116904 / Warning
Event Submitted/Written: 05/20/2008 02:13:13 PM
Event ID/Source: 5014 / NETw4v32
Event Description:
Intel(R) Wireless WiFi Link 4965AGN : The driver cannot function because the network adapter is disabled.

Event Record #/Type116900 / Warning
Event Submitted/Written: 05/20/2008 02:12:30 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:

-- End of Deckard's System Scanner: finished at 2008-05-20 14:23:09

update:
I unistalled Spybot after downloading it again. WHEW. Not sure if I mentioned that I have a problem getting to AOL Mail through the web. Any idea what is causing that? I posted to AVG forum & they said it can't be them. What about the fact that the MCRP for McAfee causes me problems. Should I be concerned or just not worry about it? ShouldI post that ina different area of Icrontic?

I have cleaned the registry of everything McAfee with the help of McAfee. I DO have an internet connected after reboot so that is good. I still cannot get to web-based email trhough AOL.Com. Any ideas?

Thomas · May 2008

You are making your own changes and working through different repairs with other different people and locations. Be sure to let each know what the others suggest, and what changes you make due to that. But yes, I really won't be able to be one part of that multi-suggestion/repair process. Maybe if you did post a new request in the Icrontic Operating Systems forum, the folks there can join in on suggestions and repairs like those you are doing.

michgal2k · May 2008

I'm a bit confused here. I am only doing what you have suggested!! You mentioned using the MCRP to totally remove McAfee - when it didn;t work, I went directly to McAfee ONLY to remove what you suggested! As for removing Spybot - again your suggestion. So I am not sure where this "scolding" is coming from or the fact that I am going to others for help. What have I done wrong?
Please let me know if you see any problems with my last DSS post & if you see any other issues. Also you mentioned something earlier about SpySweeper - in your opinion - do I keep it or dump it? All these tools (Spybot & SpySweeper) are tools to help eliminate viruses and that is what this thread is about - isn;t it.
I'm sorry if you misinterpreted my postings. I have always had wonderful luck and repoire with the people here at Icrontic and hold them in the highest esteem.

Thomas · May 2008

The word choices are not meant for indicating anything like scolding. But you are posting for suggestions in an AVG forum, and then McAfee help with McAfee support. There really is a large difference between running a removal tool I suggest, and do specific changes suggested by McAfee support. I don't know which specific changes were made, so would not know if I would agree with them or how they might change other things. It really is just that in this one forum of Icrontic the repair processes are done as per the trained person's suggested changes. Nothing wrong with you getting info from others and making changes based on that - just doesn't fit in with the guided repairs I know to do here. Make specific changes, post diagnostics for review, then change again etc. Getting advice from different sources, then weighing that, and making your own choices on changes, are what most of the other Icrontic forum models work with. A good way of doing self repairs for sure, and matches what you are doing now.

But no, the forum for ideas on changes and issues related to anti-infection softwares is the Networking and Security forum. I only suggested the Operating Systems forum because I forgot we have that Security forum here.

So for more input from more people than just me (there are advice posting restrictions in this forum, due to past problems), and then you making changes based on those, posting there would be a good idea now.

I think I have a problem

Comments