My HijackLog to determine virus [Windows Update not working]

In response to my original thread here http://www.windowsbbs.com/showthread.php?t=67395 here's the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:47 PM, on 07/09/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe
C:\Program Files\BT Digital Access USB\vstartx.exe
C:\Program Files\BT Digital Access USB\gisdnlog.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe "
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\aw_player52\awswaxf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26d1963d5bd8b2c80e16/netzip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189110392521
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189110375707
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol025.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4918D8-D963-49F8-BEEC-EF05A589CC6F}: NameServer = 213.120.62.97
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: BT Digital Access USB start up (Gazel Startup) - British Telecom - C:\Program Files\BT Digital Access USB\vstartx.exe
O23 - Service: ISDN connection log (GisdnLog) - British Telecom - C:\Program Files\BT Digital Access USB\gisdnlog.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8154 bytes

 

Welcome to WindowsBBS Funicula

No visible infections in your log, although there are some things that need attention.

First, your Java is outdated. Old versions of Java or explotable and should be removed, then the latest version installed. I recommend you go to Add/Remove Programs and uninstall all Java (JRE) versions, then delete everything within the C:\Program Files\Java folder. Reboot, then update your Java here

Next, did you have Panda installed at one time, and have you uninstalled it? There is a service for it on your computer that should be removed if you did. It looks like you ran an online scan with Panda, and that service may be a leftover from that too. What were the ActiveScan results?

I see running processes for both Symantec (Norton Antivirus) and Avast. It appears Symantec is mostly gone, and there are just some leftovers that need removed. Did you uninstall Symantec as well? It's not good practice to have more than one antivirus application running, so if you did not uninstall it, I recommend you do. Then we can finish cleaning up the junk it leaves behind.

You have several processes starting up when you logon that aren't necessary at startup. The extra running processes could be contributing to the virtual memory error. Would you like to persue trimming down those startups?

 

thank you noah, I installed Java. Also I searched for remaining Symantec files and tried to delete but it won't.

I had Panda on this system two years ago, our computer broker told me to get rid of it because it's rubbish, I ran the activescan around then so I can't remember the results.

And I would love to trim down the start ups, if you would help.


Can anything be done about not being able to update Windows?

 

Lets start with getting Symantec cleaned out. You can't just delete the folders. The program needs to be uninstalled via Add/Remove Programs in the Control Panel.

You generally have to uninstall the various Symantec products in the correct order, else you will get a message that it can't be removed. If that happens, just try a different Symantec entry then go back to it. Reboot when complete.

Download the Norton Removal Tool and run it to clean up any leftovers.

In the event that you can't uninstall it first, just run the removal tool.

Reboot when complete.

Then, lets use another tool that will give us a better look at things.

Note: You must be logged onto an account with administrator privileges to complete the following.

Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt and extra.txt
You may have to put the logs into two or more posts, as there is a maximum character limit per post on this forum.

 

How do I log in to my admin account? I assumed it was at the start up of Windows but theres not an option for it.

Erm am I just being dense and the account I'm using is actually the admin one?

 

It's likely that the account you're using has Admin rights. Go ahead and run the tool. It will alert you if there's a problem.

 

It starts scanning then says that "dss has encountered a problem and needs to close. "

 

Download ATF Cleaner by Atribune and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin


The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot the computer, then try running dss again.

 

When it says files to delete, it's not going to delete my folders and photos and music, emails, is it?

 

No, provided you haven't saved them to the default system temporary folders. It cleans out temporary files only. It's quite safe, else I would not have recommended using it.

 

Main txt

Ok, sorry, after I posted that question I thought to myself "jeez that was dumb "
anyways here's the log

Deckard's System Scanner v20070905.67
Run by User on 2007-09-08 19:40:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
36: 2007-09-08 17:36:19 UTC - RP327 - Deckard's System Scanner Restore Point
35: 2007-09-08 11:22:32 UTC - RP326 - Installed Java(TM) 6 Update 2
34: 2007-09-08 11:14:34 UTC - RP325 - Removed J2SE Runtime Environment 5.0 Update 6
33: 2007-09-08 11:13:42 UTC - RP324 - Removed J2SE Runtime Environment 5.0 Update 10
32: 2007-09-07 22:41:17 UTC - RP323 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-07-05 12:54:13 UTC - RP292 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:05 PM, on 08/09/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BT Digital Access USB\vstartx.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BT Digital Access USB\gisdnlog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\User\Desktop\dss.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe "
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\aw_player52\awswaxf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26d1963d5bd8b2c80e16/netzip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189110392521
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189110375707
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol025.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4918D8-D963-49F8-BEEC-EF05A589CC6F}: NameServer = 213.120.62.97
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: BT Digital Access USB start up (Gazel Startup) - British Telecom - C:\Program Files\BT Digital Access USB\vstartx.exe
O23 - Service: ISDN connection log (GisdnLog) - British Telecom - C:\Program Files\BT Digital Access USB\gisdnlog.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8139 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 Gazel (BT Digital Access USB driver) - c:\windows\system32\drivers\gisdngen.sys <Not Verified; British Telecom; ISDN adapter package>
R2 Gazel-CAPI (BT Digital Access USB CAPI 2.0 driver) - c:\windows\system32\drivers\gcapi20.sys <Not Verified; British Telecom; ISDN adapter package>
R2 Gserial (BTDA USB communication port) - c:\windows\system32\drivers\gserial.sys <Not Verified; British Telecom; ISDN adapter.>
R3 gisdnwan (ISDN WAN miniport) - c:\windows\system32\drivers\gisdnwan.sys <Not Verified; British Telecom; ISDN adapter package>

S2 PavProc (Panda Process Protection Driver) - c:\windows\system32\drivers\pavproc.sys (file missing)
S3 Amps2prt (A4Tech PS/2 Port Mouse Driver) - c:\windows\system32\drivers\amps2prt.sys (file missing)
S3 Gisdnpci (ISDN PnP driver) - c:\windows\system32\drivers\gisdnpnp.sys <Not Verified; British Telecom; BT Digital Access USB.>
S3 GT680x (Grand Tech GT680x NT) - c:\windows\system32\drivers\gt680x.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Gazel Startup (BT Digital Access USB start up) - "c:\program files\bt digital access usb\vstartx.exe" /s <Not Verified; British Telecom; ISDN-Kartenpaket>
R2 GisdnLog (ISDN connection log) - "c:\program files\bt digital access usb\gisdnlog.exe" -s <Not Verified; British Telecom; ISDN adapter package>

S2 PavPrSrv (Panda Process Protection Service) - "c:\program files\common files\panda software\pavshld\pavprsrv.exe" (file missing)
S3 Boonty Games - "c:\program files\common files\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-08 19:00:00 350 --a------ C:\WINDOWS\Tasks\At20.job
2007-09-08 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job
2007-09-08 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job
2007-09-08 16:00:00 350 --a------ C:\WINDOWS\Tasks\At17.job
2007-09-08 15:00:00 350 --a------ C:\WINDOWS\Tasks\At16.job
2007-09-08 14:00:00 350 --a------ C:\WINDOWS\Tasks\At15.job
2007-09-08 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job
2007-09-08 12:00:00 350 --a------ C:\WINDOWS\Tasks\At13.job
2007-09-08 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job
2007-09-08 01:00:00 350 --a------ C:\WINDOWS\Tasks\At2.job
2007-09-08 00:00:00 350 --a------ C:\WINDOWS\Tasks\At1.job
2007-09-07 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job
2007-09-07 22:00:00 350 --a------ C:\WINDOWS\Tasks\At23.job
2007-09-07 21:00:01 350 --a------ C:\WINDOWS\Tasks\At22.job
2007-09-07 20:00:01 350 --a------ C:\WINDOWS\Tasks\At21.job
2007-09-05 16:51:00 350 --a------ C:\WINDOWS\Tasks\At9.job
2007-09-05 16:51:00 350 --a------ C:\WINDOWS\Tasks\At8.job
2007-09-05 16:51:00 350 --a------ C:\WINDOWS\Tasks\At7.job
2007-09-05 16:51:00 350 --a------ C:\WINDOWS\Tasks\At6.job
2007-09-05 16:51:00 350 --a------ C:\WINDOWS\Tasks\At5.job
2007-09-05 16:51:00 350 --a------ C:\WINDOWS\Tasks\At4.job
2007-09-05 16:51:00 350 --a------ C:\WINDOWS\Tasks\At3.job
2007-09-05 16:51:00 350 --a------ C:\WINDOWS\Tasks\At11.job
2007-09-05 16:51:00 350 --a------ C:\WINDOWS\Tasks\At10.job


-- Files created between 2007-08-08 and 2007-09-08 -----------------------------

2007-09-08 12:22:59 0 d-------- C:\Program Files\Java
2007-09-08 12:22:39 0 d-------- C:\Program Files\Common Files\Java
2007-09-07 21:34:17 0 d-------- C:\Program Files\Trend Micro
2007-09-05 16:50:59 23616 --a------ C:\WINDOWS\System32\Ty0LBL0v.exe
2007-08-10 19:20:48 0 d-------- C:\Documents and Settings\User\Application Data\Gamelab
2007-08-10 19:20:04 0 d-------- C:\Program Files\Games


-- Find3M Report ---------------------------------------------------------------

2007-09-08 18:30:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-08 12:22:39 0 d-------- C:\Program Files\Common Files
2007-09-07 16:25:23 0 d-------- C:\Documents and Settings\User\Application Data\.bittorrent
2007-09-07 00:48:34 0 d-------- C:\Documents and Settings\User\Application Data\AVG7
2007-09-06 21:21:31 0 d-------- C:\Program Files\DivX
2007-08-19 21:54:11 0 d-------- C:\Documents and Settings\User\Application Data\AdobeUM
2007-08-05 19:10:34 0 d-------- C:\Documents and Settings\User\Application Data\Shockwave
2007-08-05 14:00:58 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-02 18:55:57 0 d-------- C:\Documents and Settings\User\Application Data\Sandlot Games
2007-07-30 20:03:08 0 d-------- C:\Program Files\Alwil Software
2007-07-30 19:39:05 0 d-------- C:\Program Files\TrojanHunter 4.7
2007-07-28 17:39:14 0 d-------- C:\Program Files\Roller Rush
2007-07-28 16:46:13 0 d-------- C:\Program Files\ReflexiveArcade
2007-07-27 20:37:30 0 d-------- C:\Program Files\BoontyGames
2007-07-27 19:31:41 0 d-------- C:\Documents and Settings\User\Application Data\PlayFirst
2007-07-27 19:31:16 0 d-------- C:\Program Files\Common Files\BOONTY Shared
2007-07-27 19:30:11 0 d-------- C:\Program Files\Boonty
2007-07-26 03:53:34 3596288 --a------ C:\WINDOWS\System32\qt-dx331.dll
2007-07-26 03:50:34 196608 --a------ C:\WINDOWS\System32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-26 03:50:34 81920 --a------ C:\WINDOWS\System32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-26 03:50:22 802816 --a------ C:\WINDOWS\System32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-26 03:50:22 823296 --a------ C:\WINDOWS\System32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-26 03:50:22 823296 --a------ C:\WINDOWS\System32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-26 03:50:22 740442 --a------ C:\WINDOWS\System32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-26 03:49:28 12288 --a------ C:\WINDOWS\System32\DivXWMPExtType.dll
2007-07-23 17:24:11 0 d-------- C:\Documents and Settings\User\Application Data\MysteryStudio
2007-07-16 09:23:22 0 d-------- C:\Program Files\Norton AntiVirus
2007-07-14 15:22:57 0 d-------- C:\Program Files\Google
2007-07-09 14:49:03 0 d-------- C:\Program Files\BT Broadband
2007-07-09 14:48:58 0 d-------- C:\Program Files\Motive
2007-07-09 14:48:37 0 d-------- C:\Program Files\Common Files\Motive
2007-07-08 12:21:18 0 d-------- C:\Program Files\Windows Live Safety Center


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [06/10/2003 02:16 PM]
"nwiz "= "nwiz.exe" [06/10/2003 02:16 PM C:\WINDOWS\system32\nwiz.exe]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [13/01/2005 03:46 PM]
"msnappau "= "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe" [22/07/2004 10:53 PM]
"KernelFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -k" []
"DSLAGENTEXE "= "C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe" []
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [18/10/2005 12:58 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [21/11/2005 01:18 AM]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [27/07/2007 11:03 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [27/04/2005 01:04 PM]
"ProxyWay "= "C:\Program Files\ProxyWay\proxyway.exe" []
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 04:45 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator "=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 PM]
Ulead Photo Express Calendar Checker For My Custom Edition.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe [09/05/2005 9:41:03 PM]




-- End of Deckard's System Scanner: finished at 2007-09-08 19:44:29 ------------

 

Extra txt

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 255.48 MiB / 78.21 MiB
Pagefile Memory (total/avail): 618.79 MiB / 428.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1981.2 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 38.33 GiB total, 9.75 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC35L040AVVN07-0 - 38.34 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 38.33 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC1
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\PC1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\System32;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=PC1
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

User (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D World Atlas --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Xamba Software\3DWA\Uninst.isu "
4U WMA MP3 Converter 5.3.0 --> "C:\Program Files\4U Computing\WMA MP3 Converter\unins000.exe "
ACDSee --> C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 4.0, 5.0 --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll "
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Advanced Networking Pack for Windows XP --> C:\WINDOWS\$NtUninstallKB817778$\spuninst\spuninst.exe
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVIcodec (remove only) --> "C:\Program Files\AVIcodec\uninst.exe "
Barbie (R) Mysteries The Holiday Adventure --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Barbie(R)\Barbie (R) Mysteries The Holiday Adventure\DB2Uninst.isu "
BitTorrent 4.2.1 --> "C:\Program Files\BitTorrent\uninstall.exe "
BT Digital Access USB Package --> C:\PROGRA~1\BTDIGI~1\gconfig.exe -x
BT Voyager 205 ADSL Router --> C:\Program Files\BT Voyager 205 ADSL Router\Adsl\uninstall.exe
Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe
DATA BECKER Your Handwriting II --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\DATA BECKER\Your Handwriting II\Uninst.isu "
DirectX 9 Hotfix - KB839643 --> C:\WINDOWS\$NtUninstallKB839643-DirectX9$\spuninst\spuninst.exe
Disney's Princess Fashion Boutique --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\DISNEY~1\DeIsL1.isu
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Encyclopædia Britannica Deluxe Edition --> "C:\Program Files\Britannica 2003\Deluxe Edition CD\Uninstaller.exe "
FLAC Installer 1.1.2a (remove only) --> C:\Program Files\FLAC\uninstall.exe
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe "
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 990c series (Remove only) --> C:\Program Files\hp deskjet 990c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=990c -huninstall
HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
HP Precisionscan Pro 3.1 --> MsiExec.exe /I{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}
HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l9
Internet Explorer Q867801 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q867801.inf
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft GIF Animator --> C:\Program Files\Microsoft GIF Animator\setup\GifACME.exe
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
mkw Audio Compression Toolkit --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\Uninst.isu "
Monkey's Audio --> "C:\Program Files\Monkey's Audio\unins000.exe "
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
oggcodecs 0.69.8924 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
Outlook Express Q823353 --> C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf
Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
PCL-W310 --> C:\Program Files\PCL-W310\uninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RapidLeecher --> "C:\Program Files\RapidLeecher\Uninstall.exe "
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sierra Print Artist --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\PA4\Uninst.isu -c "C:\SIERRA\PA4\PASTP.DLL "
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SiS Audio Driver --> C:\Progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
The Sims Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009
The Sims House Party --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D268154-7A31-40F2-9779-7A250914BB39}\setup.exe" -l0009
The Times Revision Guides --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\The Times\Revision Guides\Uninst.isu "
Trellix Web Express Site Building --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D666E437-158C-43D0-AC69-F67F6C5EC2B8}\Setup.exe" UNINSTALL
Ulead Photo Express 4.0 My Custom Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21BCE515-D5A3-11D4-8E33-0010B53EC668}\setup.exe"
VideoLive Mail 4.0 --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\CyberLink\VideoLiveMail\Uninst.isu "
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe "
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll ",UninstallFunction WLSC_SCANNER_PRODUCT
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type20314 / Error
Event Submitted/Written: 09/08/2007 07:07:49 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.4.9, faulting module dss.dll, version 0.0.0.0, fault address 0x000020c8.

Event Record #/Type20313 / Error
Event Submitted/Written: 09/08/2007 07:00:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.4.9, faulting module dss.dll, version 0.0.0.0, fault address 0x000020c8.

Event Record #/Type20312 / Error
Event Submitted/Written: 09/08/2007 06:46:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.4.9, faulting module dss.dll, version 0.0.0.0, fault address 0x000020c8.

Event Record #/Type20311 / Warning
Event Submitted/Written: 09/08/2007 06:31:23 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type20307 / Warning
Event Submitted/Written: 09/08/2007 01:48:53 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type76916 / Error
Event Submitted/Written: 09/08/2007 07:41:00 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ShldDrv

Event Record #/Type76914 / Error
Event Submitted/Written: 09/08/2007 07:41:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Panda Process Protection Service service failed to start due to the following error:
%%3

Event Record #/Type76913 / Error
Event Submitted/Written: 09/08/2007 07:41:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Panda Process Protection Driver service failed to start due to the following error:
%%2

Event Record #/Type76907 / Error
Event Submitted/Written: 09/08/2007 07:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
The At20.job command failed to start due to the following error:
%%2147942405

Event Record #/Type76891 / Error
Event Submitted/Written: 09/08/2007 06:34:11 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ShldDrv



-- End of Deckard's System Scanner: finished at 2007-09-08 19:44:29 ------------

 

No problem ........ it never hurts to ask first

Scan again with HijackThis, lace a check next to the following entries, then click Fix Checked.

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe "
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab

Close HijackThis.


Highlight and copy the bolded command below. Click Start>Run then paste the command in and hit enter.

sc stop PavPrSrv

Now do each of these, one at a time.

sc delete PavPrSrv
sc stop Symantec Core LC
sc delete Symantec Core LC


Open C:\WINDOWS\Tasks and delete all of the AT_.job files. (looks like about 20 of them)

Delete the following folders.

C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Norton AntiVirus

Reboot.


Now go to jotti, click Browse and navigate to then select the following file.

C:\WINDOWS\System32\Ty0LBL0v.exe

Once selected, click Submit. Wait for the analysis to complete, then copy the results an post them back here, alond with another fresh HijackThis log.

 

jotti results

Scanner results
Scan taken on 08 Sep 2007 19:37:37 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.ULPM.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found GenPack:Trojan.Agent.ABQZ
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.DownLoader.32552
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found a variant of Win32/Agent.ARK
Norman Virus Control Found nothing
Panda Antivirus Found Trj/Agent.GKG
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/HckPk-A
VirusBuster Found nothing
VBA32 Found nothing

 

Hijack Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:39 PM, on 08/09/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BT Digital Access USB\vstartx.exe
C:\Program Files\BT Digital Access USB\gisdnlog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\aw_player52\awswaxf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26d1963d5bd8b2c80e16/netzip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189110392521
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189110375707
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol025.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4918D8-D963-49F8-BEEC-EF05A589CC6F}: NameServer = 213.120.62.97
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: BT Digital Access USB start up (Gazel Startup) - British Telecom - C:\Program Files\BT Digital Access USB\vstartx.exe
O23 - Service: ISDN connection log (GisdnLog) - British Telecom - C:\Program Files\BT Digital Access USB\gisdnlog.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7000 bytes

 

Delete the following file.

C:\WINDOWS\System32\Ty0LBL0v.exe

I'm assuming you were unable to delete the Symantec Shared folder because I still see the process running from there. Lets try another method.

Click Start>Run and type services.msc then hit enter. Scroll down the list of services to Symantec Core LC. Double click the entry and select Stop. When it has stopped, set the Startup type to disabled, click Apply then OK. Close the Services applet.

Click Start>Run and paste in the following command, then hit enter.

sc delete Symantec Core LC

Open the services applet again and let me know if the Symantec service is still listed.

 

I have deleted the file.

And yes the Symantec service is still listed.

 

Probably a permissions problem on the Symantec registry key. Rather than trying to walk you through that, as long as the service is stopped and disabled, we'll leave it alone. You should be able to delete the C:\Program Files\Common Files\Symantec Shared folder with the service stopped now.

Please go to Windows Update now and see if you can update.

 

I was able to delete the folder, just went to windows update to install and i got the same message as before

The following updates were not installed
Microsoft Windows Installer 3.1
Update for Windows XP (KB898461)

 

Please go back to the Services applet and make sure the following services are set to automatic and running (started).

Automatic Updates
Background Intelligent Transfer Service

Try again if one of those was not running.