ok, here goes.
Start bar is totally gone on my admin user, on another user you can see the start bar but no buttons appear,
can't usually copy and paste, for some reason it let me copy from a text file to this though. it must just be files.
I can't drag and drop files.
can't get avg to update, and scan says nothing wrong.
tried to just upgrade with a windows disc but it said I had a sys file missing that doing a google search for receives no results
task manager processes has half the amount of processes I usually have running and only system idle has a user name beside it (SYSTEM) the rest are blank.
anyway here's the log
Deckard's System Scanner v20071014.68
Run by Joe Dickens on 2007-12-22 19:50:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Unable to create WMI object; The operation completed successfully.
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 10.99 GiB (less than 15%) free.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-22 19:54:48
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Joe Dickens\My Documents\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7iep.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O16 - DPF: JT's Blocks () - http://download2.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150924757156
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\system32\svchost
--
End of file - 7576 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3 61883 (61883 Unit Device) - c:\windows\system32\drivers\61883.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 Avc (AVC Device) - c:\windows\system32\drivers\avc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver>
3 GMSIPCI - d:\install\gmsipci.sys (file missing)
3 MSDV (Microsoft DV Camera and VCR) - c:\windows\system32\drivers\msdv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2 npkcrypt - c:\program files\nexon\europemaplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
3 ovt519 (PS2 EyeToy SLEH-00030 Webcam) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver>
2 {09BB444F-B2E2-4009-BAF2-7B727681223E} (BuddyVM) - c:\program files\vmlaunch\buddyvm.sys <Not Verified; Interlex Inc.; BUDDY for Virtual-Mate>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
3 Dmdisgo - c:\windows\system32\esentutl.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 NBService - c:\program files\nero\nero 7\nero <Not Verified; Nero AG; Nero BackItUp>
3 RegVacService (RegVac Registry Service) - c:\program files\regvac registry cleaner\regvserv.exe <Not Verified; Super Win Software, Inc.; RegVac>
3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe
-- Device Manager: Disabled ----------------------------------------------------
Unable to create WMI object.
-- Files created between 2007-11-22 and 2007-12-22 -----------------------------
2007-12-21 17:45:28 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-16 15:29:00 0 d-------- C:\WINDOWS\pss
2007-12-11 19:25:40 0 d-------- C:\WINDOWS\CSC
2007-12-11 12:55:12 17809 --a------ C:\WINDOWS\system32\svchost
2007-12-11 12:52:19 2077696 --a------ C:\WINDOWS\system32\a.exe
2007-12-05 00:37:18 0 d-------- C:\Program Files\Azureus
2007-12-03 23:24:35 0 d-------- C:\download
2007-12-03 02:05:38 260096 ---hs---- C:\Program Files\Common Files\mscd.exe
2007-12-03 02:05:36 20480 ---hs---- C:\Program Files\Common Files\svchost.exe
2007-12-03 02:05:36 484352 ---hs---- C:\Program Files\Common Files\msdp.dll
2007-11-30 16:01:58 0 d-------- C:\Program Files\RapidHarvest
2007-11-29 18:22:15 0 d-------- C:\Program Files\001 File Joiner & Splitter Pro
2007-11-29 18:06:22 0 d-------- C:\WINDOWS\001 File Joiner & Splitter Pro
-- Find3M Report ---------------------------------------------------------------
2007-12-22 01:28:10 0 d-------- C:\Documents and Settings\Joe Dickens\Application Data\AVG7
2007-12-11 17:37:47 0 d-------- C:\Program Files\Incomplete
2007-12-11 17:37:22 0 d-------- C:\Program Files\LimeWire
2007-12-10 20:38:56 0 d-------- C:\Documents and Settings\Joe Dickens\Application Data\LimeWire
2007-12-07 08:14:50 0 d-------- C:\Documents and Settings\Joe Dickens\Application Data\uTorrent
2007-12-06 13:17:31 0 d-------- C:\Program Files\Common Files
2007-11-29 18:16:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-17 20:17:43 0 d-------- C:\Program Files\uTorrent
2007-11-11 16:52:21 0 d-------- C:\Program Files\Sony
2007-11-11 16:38:22 0 d-------- C:\Documents and Settings\Joe Dickens\Application Data\Sony
2007-11-11 16:04:52 0 d-------- C:\Program Files\Cheat Engine
2007-11-03 09:51:17 0 d-------- C:\Documents and Settings\Joe Dickens\Application Data\Winamp
2007-11-03 09:48:49 0 d-------- C:\Program Files\Common Files\NSV
2007-11-03 09:44:57 0 d-------- C:\Program Files\Winamp
2007-11-02 22:21:46 0 d-------- C:\Program Files\Game Editor
2007-11-02 22:05:19 0 d-------- C:\Program Files\GameDev
2007-11-02 22:04:44 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-10-31 08:41:27 0 d-------- C:\Documents and Settings\Joe Dickens\Application Data\mIRC
2007-10-30 08:34:27 0 d-------- C:\Program Files\001
2007-10-29 19:13:27 27648 --ah----- C:\Documents and Settings\Joe Dickens\Application Data\rbselectfolder450.dll
2007-10-29 19:13:27 64512 --ah----- C:\Documents and Settings\Joe Dickens\Application Data\rbap450.dll
2007-10-29 19:13:27 116224 --ah----- C:\Documents and Settings\Joe Dickens\Application Data\MBSJPEGDecompressionPlugin.dll
2007-10-29 19:13:27 95744 --ah----- C:\Documents and Settings\Joe Dickens\Application Data\MBSJPEGCompressionPlugin.dll
2007-10-29 19:13:26 26112 --ah----- C:\Documents and Settings\Joe Dickens\Application Data\MBSRegistrationPlugin.dll
2007-10-29 19:13:18 0 d-------- C:\Program Files\CCGM
2007-10-29 11:07:35 0 d-------- C:\Program Files\mIRC
2007-10-29 08:55:36 0 d-------- C:\Program Files\3D-RPG Builder 2005
2007-10-29 00:54:41 0 d-------- C:\Program Files\Game_Maker7
2007-10-28 13:46:29 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-12 19:09:59 368536 --a------ C:\Documents and Settings\Joe Dickens\Application Data\GDIPFONTCACHEV1.DAT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [15/06/2005 17:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:07]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SIAPRO7"="C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BWebCam]
"C:\PROGRA~1\BIROMS~1\WebCam\BWebCam.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
"C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
sstray.exe /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
"C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
rundll32.exe ptipbmf.dll,SetWriteCacheMode
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\workflow]
D:\installs\workflow.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\2Requiem.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d459777-badc-11db-830f-000c6e4819ba}]
AutoRun\command- K:\ie.exe
explore\Command- K:\ie.exe
open\Command- K:\ie.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1A3159D1-BAE7-5C95-0006-000607020508}]
C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D51g62BC-4266-43f0-B6ED-9D76C4202C7E}]
C:\Program Files\Common Files\mscd.exe
-- End of Deckard's System Scanner: finished at 2007-12-22 19:55:11 ------------
Start bar is totally gone on my admin user, on another user you can see the start bar but no buttons appear,
can't usually copy and paste, for some reason it let me copy from a text file to this though. it must just be files.
I can't drag and drop files.
can't get avg to update, and scan says nothing wrong.
tried to just upgrade with a windows disc but it said I had a sys file missing that doing a google search for receives no results
task manager processes has half the amount of processes I usually have running and only system idle has a user name beside it (SYSTEM) the rest are blank.
anyway here's the log
Deckard's System Scanner v20071014.68
Run by Joe Dickens on 2007-12-22 19:50:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Unable to create WMI object; The operation completed successfully.
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 10.99 GiB (less than 15%) free.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-22 19:54:48
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Joe Dickens\My Documents\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7iep.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O16 - DPF: JT's Blocks () - http://download2.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150924757156
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\system32\svchost
--
End of file - 7576 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3 61883 (61883 Unit Device) - c:\windows\system32\drivers\61883.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 Avc (AVC Device) - c:\windows\system32\drivers\avc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver>
3 GMSIPCI - d:\install\gmsipci.sys (file missing)
3 MSDV (Microsoft DV Camera and VCR) - c:\windows\system32\drivers\msdv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2 npkcrypt - c:\program files\nexon\europemaplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
3 ovt519 (PS2 EyeToy SLEH-00030 Webcam) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver>
2 {09BB444F-B2E2-4009-BAF2-7B727681223E} (BuddyVM) - c:\program files\vmlaunch\buddyvm.sys <Not Verified; Interlex Inc.; BUDDY for Virtual-Mate>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
3 Dmdisgo - c:\windows\system32\esentutl.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 NBService - c:\program files\nero\nero 7\nero <Not Verified; Nero AG; Nero BackItUp>
3 RegVacService (RegVac Registry Service) - c:\program files\regvac registry cleaner\regvserv.exe <Not Verified; Super Win Software, Inc.; RegVac>
3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe
-- Device Manager: Disabled ----------------------------------------------------
Unable to create WMI object.
-- Files created between 2007-11-22 and 2007-12-22 -----------------------------
2007-12-21 17:45:28 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-16 15:29:00 0 d-------- C:\WINDOWS\pss
2007-12-11 19:25:40 0 d-------- C:\WINDOWS\CSC
2007-12-11 12:55:12 17809 --a------ C:\WINDOWS\system32\svchost
2007-12-11 12:52:19 2077696 --a------ C:\WINDOWS\system32\a.exe
2007-12-05 00:37:18 0 d-------- C:\Program Files\Azureus
2007-12-03 23:24:35 0 d-------- C:\download
2007-12-03 02:05:38 260096 ---hs---- C:\Program Files\Common Files\mscd.exe
2007-12-03 02:05:36 20480 ---hs---- C:\Program Files\Common Files\svchost.exe
2007-12-03 02:05:36 484352 ---hs---- C:\Program Files\Common Files\msdp.dll
2007-11-30 16:01:58 0 d-------- C:\Program Files\RapidHarvest
2007-11-29 18:22:15 0 d-------- C:\Program Files\001 File Joiner & Splitter Pro
2007-11-29 18:06:22 0 d-------- C:\WINDOWS\001 File Joiner & Splitter Pro
-- Find3M Report ---------------------------------------------------------------
2007-12-22 01:28:10 0 d-------- C:\Documents and Settings\Joe Dickens\Application Data\AVG7
2007-12-11 17:37:47 0 d-------- C:\Program Files\Incomplete
2007-12-11 17:37:22 0 d-------- C:\Program Files\LimeWire
2007-12-10 20:38:56 0 d-------- C:\Documents and Settings\Joe Dickens\Application Data\LimeWire
2007-12-07 08:14:50 0 d-------- C:\Documents and Settings\Joe Dickens\Application Data\uTorrent
2007-12-06 13:17:31 0 d-------- C:\Program Files\Common Files
2007-11-29 18:16:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-17 20:17:43 0 d-------- C:\Program Files\uTorrent
2007-11-11 16:52:21 0 d-------- C:\Program Files\Sony
2007-11-11 16:38:22 0 d-------- C:\Documents and Settings\Joe Dickens\Application Data\Sony
2007-11-11 16:04:52 0 d-------- C:\Program Files\Cheat Engine
2007-11-03 09:51:17 0 d-------- C:\Documents and Settings\Joe Dickens\Application Data\Winamp
2007-11-03 09:48:49 0 d-------- C:\Program Files\Common Files\NSV
2007-11-03 09:44:57 0 d-------- C:\Program Files\Winamp
2007-11-02 22:21:46 0 d-------- C:\Program Files\Game Editor
2007-11-02 22:05:19 0 d-------- C:\Program Files\GameDev
2007-11-02 22:04:44 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-10-31 08:41:27 0 d-------- C:\Documents and Settings\Joe Dickens\Application Data\mIRC
2007-10-30 08:34:27 0 d-------- C:\Program Files\001
2007-10-29 19:13:27 27648 --ah----- C:\Documents and Settings\Joe Dickens\Application Data\rbselectfolder450.dll
2007-10-29 19:13:27 64512 --ah----- C:\Documents and Settings\Joe Dickens\Application Data\rbap450.dll
2007-10-29 19:13:27 116224 --ah----- C:\Documents and Settings\Joe Dickens\Application Data\MBSJPEGDecompressionPlugin.dll
2007-10-29 19:13:27 95744 --ah----- C:\Documents and Settings\Joe Dickens\Application Data\MBSJPEGCompressionPlugin.dll
2007-10-29 19:13:26 26112 --ah----- C:\Documents and Settings\Joe Dickens\Application Data\MBSRegistrationPlugin.dll
2007-10-29 19:13:18 0 d-------- C:\Program Files\CCGM
2007-10-29 11:07:35 0 d-------- C:\Program Files\mIRC
2007-10-29 08:55:36 0 d-------- C:\Program Files\3D-RPG Builder 2005
2007-10-29 00:54:41 0 d-------- C:\Program Files\Game_Maker7
2007-10-28 13:46:29 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-12 19:09:59 368536 --a------ C:\Documents and Settings\Joe Dickens\Application Data\GDIPFONTCACHEV1.DAT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [15/06/2005 17:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:07]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SIAPRO7"="C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BWebCam]
"C:\PROGRA~1\BIROMS~1\WebCam\BWebCam.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
"C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
sstray.exe /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
"C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
rundll32.exe ptipbmf.dll,SetWriteCacheMode
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\workflow]
D:\installs\workflow.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\2Requiem.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d459777-badc-11db-830f-000c6e4819ba}]
AutoRun\command- K:\ie.exe
explore\Command- K:\ie.exe
open\Command- K:\ie.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1A3159D1-BAE7-5C95-0006-000607020508}]
C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D51g62BC-4266-43f0-B6ED-9D76C4202C7E}]
C:\Program Files\Common Files\mscd.exe
-- End of Deckard's System Scanner: finished at 2007-12-22 19:55:11 ------------
