Hi there,
I posted about a few problems I am having in the Safety forum, fearing I had cought a virus:
http://www.cybertechhelp.com/forums/showthread.php?p=985967

As you can see it seems to not be a virus.
My problems are the following:
- time and time again when I open pages in IE I'm told I have to install further components and if I accept it freezes internet for an average 2 minutes.
- my adobe flash player is gone. I reinstalled it but still can't play videos on youtube, etc...
- windows media player won't open any more and before doing that, it had already stopped playing certain file extensions like m4a or avi.
- I had cubase studio 4 (music editing program) and it's VST connections disappeared out of the blue.

Any suggestion or comment is welcome, this is the first time I have these problems with Vista and it's really driving me nuts.

Thanks again:thrilled:

Hi kapitolins. That's odd, I can see the executable for Flash Player running in the log you posted. Do you remember if these problems coincided with the installation of any software?

Try a cleanboot and open IE now. See here (http://support.microsoft.com/kb/929135/) for more information. Are you still prompted to install components? If so, what components?

Hello AnnMarie,

I have cleanbooted and am now in IE. Unfortunately it still does the same thing. A window pops up telling me that the authorization of the user is needed to authorize the installation of further components. The component seems to be the following:

BDB57FF2-79B9-4205-9447-F5FE85F37312

I clicked continue and it froze as usual. Right before it "unfreezes" two small windows (same size of the one requesting component installation) flash on my screen but they do so too fast for me to see what they are :hmm:

I also tried to open a youtube page but I still get the "you need the latest version of flash". Tried to open an mp3 with Media Player and Media Player won't open.

About the software, right around the time this started to happen I had installed Cubase Studio (which however was running fine the first two days), a few plugins and 1 or 2 programs to convert audio files. All these programs have now been uninstalled as Cubase lost all its VST connections and therefore had no sound and the other programs and plugins proved to be useless with out cubase.

I'm sorry to trouble you so much and thank you for your assistance :)

Hi kapitolins. I ran a search and found that the BDB57FF2-79B9-4205-9447-F5FE85F37312 CLSID appears to be associated with Netflix Movie Viewer. Do you have this software installed?

If so, I found this (http://www.techtalkz.com/windows-media/129688-windows-media-player-11-stopped-playing-online-movies.html) topic that appears to indicate that your problems may caused by this software.

Hello again AnnMarie,

I honestly had no idea of what netflix was until 5 seconds ago..
I checked in my software and don't have anything with that name installed.
The error the person on that forum speaks of seems to be the same but in my case it happens with ie rather than media player. My mediaplayer won't open at all unless I try to access it as administrator (but even when I do that it won't open mp3s). I just discovered that a nero program called wave editor is also not working now.

It reminds of those House MD episodes when the patient's organs start shutting down one by one, lol.

should I run hjt and see if there is anything new happening or rather nt happening?

No I would like you to run another utility please. Download Deckard's System Scanner (dss.exe) from here (http://deckard.geekstogo.com/dss.exe) to your Desktop. Close all open applications and windows, doubleclick on dss.exe to run it and follow the prompts.

When the scan is complete, a text file will open. Copy and paste the contents of this log (Main.txt) in your next reply. Also post the contents of Extra.txt (it will be minimised on your taskbar). You may find that the maximum characters allowed is exceeded when you post. If so, halve the logs and make several posts.

here it is, main


Deckard's System Scanner v20071014.68
Run by Andre on 2008-04-04 14:35:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
10: 2008-04-04 08:14:59 UTC - RP272 - Windows Update
9: 2008-04-03 13:56:21 UTC - RP271 - Windows Update
8: 2008-04-03 10:47:54 UTC - RP270 - Removed Wave MP3 Editor v15.1 - Evaluation Version
7: 2008-04-03 10:04:02 UTC - RP269 - Installed Wave MP3 Editor v15.1 - Evaluation Version
6: 2008-04-02 12:35:20 UTC - RP268 - Punto di controllo pianificato


-- First Restore Point --
1: 2008-03-29 11:16:35 UTC - RP262 - Punto di controllo pianificato


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1022 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-04 14:42:01
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\Andre\Desktop\dss.exe
C:\Windows\System32\conime.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=71&bd=Pavilion&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 11169 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S4 Ktmtprcpdsti -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Scheda Microsoft 6to4
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Scheda Microsoft 6to4
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel


-- Scheduled Tasks -------------------------------------------------------------

2008-03-31 20:57:31 486 --a------ C:\Windows\Tasks\Norton AntiVirus - Scansione completa sistema - Andre.job


-- Files created between 2008-03-04 and 2008-04-04 -----------------------------

2008-04-03 13:20:45 0 d-------- C:\Users\Andre\Application Data
2008-04-03 13:20:45 0 d-------- C:\Users\Andre\Application Data\Syntrillium
2008-04-03 13:19:04 0 d-------- C:\Program Files\coolpro2
2008-04-03 12:47:06 0 d-------- C:\WMP3E_Temp
2008-04-03 11:04:09 1181022 --a------ C:\Windows\system32\TmpA106330
2008-04-03 10:38:11 0 d-------- C:\Windows\pss
2008-04-01 16:02:23 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-31 10:11:53 0 d-------- C:\direct x
2008-03-29 00:00:40 0 d-------- C:\Program Files\QuickTime
2008-03-27 21:17:43 77 --a------ C:\Windows\system32\winitn.dll
2008-03-27 21:17:42 2535424 --a------ C:\Windows\system32\agsaamj.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2008-03-27 21:17:42 90112 --a------ C:\Windows\system32\agsaami.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2008-03-27 21:17:42 610304 --a------ C:\Windows\system32\agsaamg.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFile3 Module>
2008-03-27 21:17:41 372736 --a------ C:\Windows\system32\agsaamc.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFileWMA3 Module>
2008-03-27 21:17:41 53760 --a------ C:\Windows\system\ppacklib.dll <Not Verified; ; ZLib.DLL>
2008-03-27 21:17:35 1 --a------ C:\Windows\sslzdlt.dll
2008-03-27 21:17:33 0 d-------- C:\Program Files\AML Products
2008-03-27 20:45:57 0 d-------- C:\Program Files\Speedsoft
2008-03-24 22:51:19 900015 --a------ C:\Windows\system32\TmpA274592
2008-03-24 22:36:27 1777664 --a------ C:\Windows\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-22 22:23:15 0 d-------- C:\Users\All Users\Steinberg
2008-03-22 20:53:52 0 d-------- C:\Users\All Users\QuickTime
2008-03-22 19:52:03 0 d-------- C:\Program Files\Steinberg
2008-03-17 22:11:32 21504 --a------ C:\Windows\system32\ra32dnet.dll <Not Verified; RealNetworks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2008-03-17 22:11:32 72704 --a------ C:\Windows\system32\ra3228_8.dll <Not Verified; RealNetworks, Inc.; 28.8 Audio Codec for RealAudio(tm) (32-bit) RealVideo Encoder SDK 5.0>
2008-03-17 22:11:31 487936 --a------ C:\Windows\system32\rmbe3260.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealProducer Build Engine (32-bit)>
2008-03-17 22:11:31 87040 --a------ C:\Windows\system32\ra32sipr.dll <Not Verified; RealNetworks, Inc.; RealMedia Shared Component (32-bit)>
2008-03-17 22:11:30 81920 --a------ C:\Windows\system32\ra3214_4.dll <Not Verified; RealNetworks, Inc.; 14.4 Audio Codec for RealAudio(tm) (32-bit) RealVideo Encoder SDK 5.0>
2008-03-17 22:11:30 352768 --a------ C:\Windows\system32\pngu3263.dll <Not Verified; RealNetworks, Inc.; RealPlayer (32-bit)>
2008-03-17 22:11:30 131072 --a------ C:\Windows\system32\pneng50.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealVideo Encoder Engine (32-bit)>
2008-03-17 22:11:29 130560 --a------ C:\Windows\system32\pnc3250.dll <Not Verified; RealNetworks, Inc.; Low-Level API for RealAudio(tm) Encoder (32-bit)>
2008-03-17 22:11:29 85504 --a------ C:\Windows\system32\encdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2008-03-17 22:11:29 61952 --a------ C:\Windows\system32\decdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2008-03-17 22:07:17 33792 --a------ C:\Windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
2008-03-11 20:26:51 0 d-------- C:\Program Files\vixy.net

2nd part of main


-- Find3M Report ---------------------------------------------------------------

2008-04-04 11:13:33 0 d-------- C:\Users\Andre\AppData\Roaming\Adobe
2008-04-04 10:14:23 682422 --a------ C:\Windows\system32\perfh010.dat
2008-04-04 10:14:23 114828 --a------ C:\Windows\system32\perfc010.dat
2008-04-04 10:08:51 13025 --a------ C:\Users\Andre\AppData\Roaming\nvModes.001
2008-04-03 21:44:22 12 --a------ C:\Windows\bthservsdp.dat
2008-04-01 16:09:23 13025 --a------ C:\Users\Andre\AppData\Roaming\nvModes.dat
2008-04-01 16:01:17 0 d-------- C:\Program Files\CONEXANT
2008-03-29 00:15:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-29 00:03:21 0 d-------- C:\Users\Andre\AppData\Roaming\Apple Computer
2008-03-28 23:39:00 0 d-------- C:\Program Files\Windows Live
2008-03-28 23:32:22 0 d-------- C:\Program Files\Common Files
2008-03-28 22:19:12 0 d-------- C:\Users\Andre\AppData\Roaming\Ahead
2008-03-27 22:55:33 0 d-------- C:\Users\Andre\AppData\Roaming\Steinberg
2008-03-27 20:47:21 0 d-------- C:\Users\Andre\AppData\Roaming\Thinstall
2008-03-24 23:31:49 0 d-------- C:\Users\Andre\AppData\Roaming\VST3 Presets
2008-03-13 20:00:08 0 d-------- C:\Program Files\Windows Mail
2008-03-01 22:06:16 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 14:28:41 0 d-------- C:\Program Files\Google
2008-02-12 23:22:57 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
31/01/2008 22.21 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [17/10/2007 23.02]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [18/10/2006 10.56]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [29/04/2006 15.21]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02.29]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/09/2007 02.50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [25/12/2006 02.13]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 10.41]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [02/12/2006 17.32]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/11/2006 11.58]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [27/02/2007 11.26]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [27/02/2007 11.26]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [27/02/2007 11.26]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 16.57]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/12/2007 13.10]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [18/10/2006 10.32]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [17/02/2005 00.11]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [04/12/2006 13.39]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07.00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [31/01/2008 14.15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14.36]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27/06/2006 16.21]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [16/02/2005 17.15]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 14.35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27/06/2007 20.03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [30/01/2008 20.49.38]
Avvio veloce di Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22.05.26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d8072311-9a71-11dc-a62e-001b2404894e}]
AutoRun\command- G:\autorun\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-04 14:44:21 ------------

the extra


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: Italian

CPU 0: Intel(R) Core(TM)2 CPU T5200 @ 1.60GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 1021.44 MiB / 399.55 MiB
Pagefile Memory (total/avail): 2294.71 MiB / 1360.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1901.11 MiB

C: is Fixed (NTFS) - 106.62 GiB total, 39.99 GiB free.
D: is Fixed (NTFS) - 5.17 GiB total, 1.19 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2120BH PL ATA Device - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - File system installabile - 106.62 GiB - C:
\PARTITION1 - File system installabile - 5.17 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton AntiVirus v15.0.0.58 (Symantec Corporation)
AV: Norton AntiVirus v15.0.0.58 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton AntiVirus v15.0.0.58 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Andre\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-ANDRE
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Andre
LOCALAPPDATA=C:\Users\Andre\AppData\Local
LOGONSERVER=\\PC-ANDRE
NUMBER_OF_PROCESSORS=2
OnlineServices=Servizi in linea
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\Sys tem32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Andre\AppData\Local\Temp
TMP=C:\Users\Andre\AppData\Local\Temp
USERDOMAIN=PC-Andre
USERNAME=Andre
USERPROFILE=C:\Users\Andre
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Andre


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
ABC Amber LIT Converter --> C:\PROGRA~1\ABCAMB~1\UNWISE.EXE C:\PROGRA~1\ABCAMB~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugi n.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.8 - Italiano --> MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A70800000002}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASL_HS_Installer32 --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
Assistente per l'accesso a Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
Cool Edit Pro 2.1 --> C:\Program Files\coolpro2\cep2unin.exe
ffdshow [rev 1524] [2007-10-09] --> "C:\Program Files\ffdshow\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
HP Quick Launch Buttons 6.10 B9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x10 uninst
HP QuickPlay 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guide 0048 --> MsiExec.exe /I{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}
HP Wireless Assistant --> MsiExec.exe /I{355FADAF-55C4-4E08-88D4-A86C4CA6930C}
Installazione Guidata Alice ADSL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{085223DC-61EC-42A9-944B-B1A472DAB21A}\setup.exe" -l0x10 -uninst
Intel(R) Network Connections Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{62D5B0B1-9E1D-4d66-A593-D68F3FED7709}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 7 Premium --> MsiExec.exe /X{847CAE64-4CD2-4B2D-AF00-978FF5431040}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia Software Updater --> MsiExec.exe /X{FE5D756F-71E1-47C4-972A-D6775344B40B}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_0_0_58\Setup.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Real Alternative 1.52 --> "C:\Program Files\Real Alternative\unins000.exe"
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TVUPlayer 2.3.4.1 --> C:\Program Files\TVUPlayer\uninst.exe
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
VirtualCloneDrive --> "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
vixy converter uninstall --> "C:\Program Files\vixy.net\unins000.exe"
Windows Live installer --> MsiExec.exe /X{CD199CDB-00AE-42BB-B6E9-64C69D8730EF}
Windows Live Messenger --> MsiExec.exe /X{518B3E76-4C05-4F30-A802-D87FB2086B67}
WinRAR gestione archivi --> C:\Program Files\WinRAR\uninstall.exe

2nd part of extra


-- Application Event Log -------------------------------------------------------

Event Record #/Type16648 / Success
Event Submitted/Written: 04/04/2008 10:10:07 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type16642 / Success
Event Submitted/Written: 04/04/2008 10:08:36 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type16639 / Success
Event Submitted/Written: 04/04/2008 10:08:34 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type16633 / Success
Event Submitted/Written: 04/04/2008 10:08:29 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Il Servizio gestione licenze software è stato avviato.

Event Record #/Type16613 / Warning
Event Submitted/Written: 04/03/2008 09:44:10 PM
Event ID/Source: 1530 / profsvc
Event Description:
Il file del Registro di sistema è ancora in uso da altri servizi o applicazioni. Il file verrà scaricato ora. Dopo lo scaricamento i servizi o le applicazioni che stanno utilizzando il file del Registro di sistema potrebbero non funzionare correttamente.

DETTAGLI -
1 user registry handles leaked from \Registry\User\S-1-5-21-671348432-1182481289-993147930-1000_Classes:
Process 5124 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-671348432-1182481289-993147930-1000_CLASSES



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type148955 / Error
Event Submitted/Written: 04/04/2008 02:38:50 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Il computer ha perso il lease dell'indirizzo IP 79.12.204.141 della scheda di rete con indirizzo di 001B2404894E.

Event Record #/Type148954 / Warning
Event Submitted/Written: 04/04/2008 02:38:48 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Server DHCP: impossibile rinnovare l'indirizzo del computer per la scheda di rete con indirizzo 001B2404894E. Si è verificato l'errore seguente:
%%121. Il computer tenterà di ottenere un indirizzo direttamente dal server DHCP degli indirizzi di rete.

Event Record #/Type148377 / Warning
Event Submitted/Written: 04/03/2008 09:44:29 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:


Event Record #/Type147822 / Warning
Event Submitted/Written: 04/03/2008 04:02:03 PM
Event ID/Source: 2021 / srv
Event Description:
Il server non è stato in grado di allocare un elemento di lavoro 1 volte negli ultimi 60 secondi.

Event Record #/Type147548 / Warning
Event Submitted/Written: 04/03/2008 01:55:03 PM
Event ID/Source: 2021 / srv
Event Description:
Il server non è stato in grado di allocare un elemento di lavoro 1 volte negli ultimi 60 secondi.



-- End of Deckard's System Scanner: finished at 2008-04-04 14:44:21 ------------

That log shows a record of a service that appears to be disabled but is very possibly is a malware service.

I would like to see another type of log please. Download gmer.zip from here (http://www.majorgeeks.com/GMER_d5198.html) to your Desktop. Once downloaded, doubleclick on gmer.zip and unzip the file to its own folder

When you have done this, close all running programs including those in your notification area (bottom righthand corner of your screen) and doubleclick on Gmer.exe to run it. Click on the Rootkit tab and look at the righthand side (under Files) and uncheck all drives with the exception of your C drive and then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Save the file and copy the information and post it here please.

Warning! Please do not select the "Show all" checkbox during the scan

God morning AnnMarie,

here is the log


GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-05 09:51:05
Windows 6.0.6000


---- System - GMER 1.0.14 ----

SSDT 8B55CCA8 ZwAlertResumeThread
SSDT 8B55CD88 ZwAlertThread
SSDT 8B57D328 ZwAllocateVirtualMemory
SSDT 8B58E7A0 ZwAlpcConnectPort
SSDT 8B55C9F8 ZwCreateMutant
SSDT 8A74D720 ZwCreateThread
SSDT 8B55C678 ZwDebugActiveProcess
SSDT 8B55F228 ZwFreeVirtualMemory
SSDT 8B55CAE8 ZwImpersonateAnonymousToken
SSDT 8B55CBC8 ZwImpersonateThread
SSDT 8B55F148 ZwMapViewOfSection
SSDT 8B55C918 ZwOpenEvent
SSDT 8A74D6A8 ZwOpenProcessToken
SSDT 8B55C758 ZwOpenSection
SSDT 8B57D768 ZwOpenThreadToken
SSDT 8B48AF98 ZwResumeThread
SSDT 8B57D688 ZwSetContextThread
SSDT 8B57D858 ZwSetInformationProcess
SSDT 8B57D598 ZwSetInformationThread
SSDT 8B55C838 ZwSuspendProcess
SSDT 8B55CED0 ZwSuspendThread
SSDT 8B494810 ZwTerminateProcess
SSDT 8B55CF90 ZwTerminateThread
SSDT 8B57D928 ZwUnmapViewOfSection
SSDT 8B55F2F8 ZwWriteVirtualMemory

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74F0FE0C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74EDC53D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74ECA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74ECCBEF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74EC8AAA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74EDDAB8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74EC7D8D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74EC7CF4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74EC6A4E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74F5BE7C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74EE8A5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74EC90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74ED2248] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74ED2273] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74ED7724] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74ED7546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74F0861D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e712 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dinamico/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Par ameters\Keys\0016417e6c9a
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramet ers\Keys\0016417e6c9a

---- EOF - GMER 1.0.14 ----

That log looks ok.

I would like to remove all references to that service I saw but to be on the safe side, please set a Restore Point before following my instructions.

Go to Start Search and type

cmd

Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as Administrator. Now type the below commands and hit "Enter" after each line

sc stop Ktmtprcpdsti (you may get a message saying the service is not running. That's fine, type the below command next)

sc delete Ktmtprcpdsti

Type Exit to close. Please run Deckards again and post a new log.

If Windows Media Player still will not open, go here (http://zachd.com/pss/WMPVistaReset-x86.zip) and download and run zachd's [MSFT] WMP patch. Reboot afterwards and let us know if this helped.

here is the main, didn't get an extra this time around

Deckard's System Scanner v20071014.68
Run by Andre on 2008-04-06 12:31:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 1022 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-06 12:32:01
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\System32\conime.exe
C:\Users\Andre\Desktop\dss.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=71&bd=Pavilion&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 11276 bytes

-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-03 13:20:45 0 d-------- C:\Users\Andre\Application Data
2008-04-03 13:20:45 0 d-------- C:\Users\Andre\Application Data\Syntrillium
2008-04-03 13:19:04 0 d-------- C:\Program Files\coolpro2
2008-04-03 12:47:06 0 d-------- C:\WMP3E_Temp
2008-04-03 11:04:09 1181022 --a------ C:\Windows\system32\TmpA106330
2008-04-03 10:38:11 0 d-------- C:\Windows\pss
2008-04-01 16:02:23 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-31 10:11:53 0 d-------- C:\direct x
2008-03-29 00:00:40 0 d-------- C:\Program Files\QuickTime
2008-03-27 21:17:43 77 --a------ C:\Windows\system32\winitn.dll
2008-03-27 21:17:42 2535424 --a------ C:\Windows\system32\agsaamj.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2008-03-27 21:17:42 90112 --a------ C:\Windows\system32\agsaami.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2008-03-27 21:17:42 610304 --a------ C:\Windows\system32\agsaamg.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFile3 Module>
2008-03-27 21:17:41 372736 --a------ C:\Windows\system32\agsaamc.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFileWMA3 Module>
2008-03-27 21:17:41 53760 --a------ C:\Windows\system\ppacklib.dll <Not Verified; ; ZLib.DLL>
2008-03-27 21:17:35 1 --a------ C:\Windows\sslzdlt.dll
2008-03-27 21:17:33 0 d-------- C:\Program Files\AML Products
2008-03-27 20:45:57 0 d-------- C:\Program Files\Speedsoft
2008-03-24 22:51:19 900015 --a------ C:\Windows\system32\TmpA274592
2008-03-24 22:36:27 1777664 --a------ C:\Windows\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-22 22:23:15 0 d-------- C:\Users\All Users\Steinberg
2008-03-22 20:53:52 0 d-------- C:\Users\All Users\QuickTime
2008-03-22 19:52:03 0 d-------- C:\Program Files\Steinberg
2008-03-17 22:11:32 21504 --a------ C:\Windows\system32\ra32dnet.dll <Not Verified; RealNetworks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2008-03-17 22:11:32 72704 --a------ C:\Windows\system32\ra3228_8.dll <Not Verified; RealNetworks, Inc.; 28.8 Audio Codec for RealAudio(tm) (32-bit) RealVideo Encoder SDK 5.0>
2008-03-17 22:11:31 487936 --a------ C:\Windows\system32\rmbe3260.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealProducer Build Engine (32-bit)>
2008-03-17 22:11:31 87040 --a------ C:\Windows\system32\ra32sipr.dll <Not Verified; RealNetworks, Inc.; RealMedia Shared Component (32-bit)>
2008-03-17 22:11:30 81920 --a------ C:\Windows\system32\ra3214_4.dll <Not Verified; RealNetworks, Inc.; 14.4 Audio Codec for RealAudio(tm) (32-bit) RealVideo Encoder SDK 5.0>
2008-03-17 22:11:30 352768 --a------ C:\Windows\system32\pngu3263.dll <Not Verified; RealNetworks, Inc.; RealPlayer (32-bit)>
2008-03-17 22:11:30 131072 --a------ C:\Windows\system32\pneng50.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealVideo Encoder Engine (32-bit)>
2008-03-17 22:11:29 130560 --a------ C:\Windows\system32\pnc3250.dll <Not Verified; RealNetworks, Inc.; Low-Level API for RealAudio(tm) Encoder (32-bit)>
2008-03-17 22:11:29 85504 --a------ C:\Windows\system32\encdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2008-03-17 22:11:29 61952 --a------ C:\Windows\system32\decdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2008-03-17 22:07:17 33792 --a------ C:\Windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
2008-03-11 20:26:51 0 d-------- C:\Program Files\vixy.net


-- Find3M Report ---------------------------------------------------------------

2008-04-06 12:21:46 682422 --a------ C:\Windows\system32\perfh010.dat
2008-04-06 12:21:45 114828 --a------ C:\Windows\system32\perfc010.dat
2008-04-06 12:16:25 13025 --a------ C:\Users\Andre\AppData\Roaming\nvModes.001
2008-04-05 21:17:33 12 --a------ C:\Windows\bthservsdp.dat
2008-04-04 11:13:33 0 d-------- C:\Users\Andre\AppData\Roaming\Adobe
2008-04-01 16:09:23 13025 --a------ C:\Users\Andre\AppData\Roaming\nvModes.dat
2008-04-01 16:01:17 0 d-------- C:\Program Files\CONEXANT
2008-03-29 00:15:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-29 00:03:21 0 d-------- C:\Users\Andre\AppData\Roaming\Apple Computer
2008-03-28 23:39:00 0 d-------- C:\Program Files\Windows Live
2008-03-28 23:32:22 0 d-------- C:\Program Files\Common Files
2008-03-28 22:19:12 0 d-------- C:\Users\Andre\AppData\Roaming\Ahead
2008-03-27 22:55:33 0 d-------- C:\Users\Andre\AppData\Roaming\Steinberg
2008-03-27 20:47:21 0 d-------- C:\Users\Andre\AppData\Roaming\Thinstall
2008-03-24 23:31:49 0 d-------- C:\Users\Andre\AppData\Roaming\VST3 Presets
2008-03-13 20:00:08 0 d-------- C:\Program Files\Windows Mail
2008-03-01 22:06:16 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 14:28:41 0 d-------- C:\Program Files\Google
2008-02-12 23:22:57 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
31/01/2008 22.21 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [17/10/2007 23.02]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [18/10/2006 10.56]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [29/04/2006 15.21]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02.29]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/09/2007 02.50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [25/12/2006 02.13]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 10.41]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [02/12/2006 17.32]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/11/2006 11.58]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [27/02/2007 11.26]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [27/02/2007 11.26]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [27/02/2007 11.26]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 16.57]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/12/2007 13.10]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [18/10/2006 10.32]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [17/02/2005 00.11]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [04/12/2006 13.39]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07.00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [31/01/2008 14.15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14.36]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27/06/2006 16.21]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [16/02/2005 17.15]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 14.35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27/06/2007 20.03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [30/01/2008 20.49.38]
Avvio veloce di Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22.05.26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d8072311-9a71-11dc-a62e-001b2404894e}]
AutoRun\command- G:\autorun\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-06 12:33:08 ------------

unfortunately the WMP patch didn't help, I tried to open a few mp3s and nothing happened :(

Ok, I have found that the BDB57FF2-79B9-4205-9447-F5FE85F37312 is the clsid for Internet Explorers add-on installer and not Netflix at all so there is nothing nefarious there.

Try running IE as an administrator and see if the components install now. To do this, rightclick in the Icon and choose "Run as Administrator". I am not sure what the problem is with WMP but you could try running it as Administrator too.

Running IE as an admin seems to work, I'm not asked to install further components, youtube is working fine and so on. To run IE as admin I searched for it, as I did for the cmd yesterday. When I did so, among the results, there was an internet explorer with no additional component (no Active X controls or browser extensions). Is this the version, that for some reason, I was using for the last two weeks up until now?
Now that I got IE working ok do I have to always access as admin or is there a way I can skip this step or make it always open as if I'm running it as admin?

I tried to open WMP in admin mode as well and tried to open an mp3. I got an error that says impossible to access the device, path or specified file. It is possible that you do not have the necessary authorizations. :(

I found this (http://support.microsoft.com/kb/935957/en-us) article this afternoon and remembered that you mentioned that a Nero file was not working. It's entirely possible that Nero is the cause of all your problems. Nero 7 has compatibility problems with Vista. You really need to upgrade to Nero 8.

Try uninstalling Nero, reboot and let me know if WMP will run now. Also run IE as per usual and let me know if you are asked to install further components.

I opened IE not as admin and it seems to not ask for further components at the moment but youtube videos won't show and some images won't load.
I uninstalled Nero and tried to run WMP but had no luck. Should I install the fix in the article you posted?

Yes but set a restore point first.

I'm beginning to wonder if your profile is corrupted. Try creating a new account, logon to it and tell me if you have the same problems.

I tried to install the fix but I am told something like I didn't have high enough priviledges (sorry I'm traslating what it says from Italian). I downloaded the fix to my desktop and tried to run it as admin but I'm told I don't have enough memory to run it. I have 45 gb of free space on C: ........
I'm going to try to create the new account now and will post what happens

So here I am from my new account. WMP is working fine as well as IE.
What should I do now? Delete the old account? Or is there a way to "fix" it?
AnnMarie I can't tell you how grateful I am for all your help!!

That's good news kapitolins and you are very welcome. :) Too much was going wrong and I guessed there was a good chance your profile was corrupted. See here (http://windowshelp.microsoft.com/Windows/en-US/Help/769495bf-035c-4764-a538-c9b05c22001e1033.mspx) for more help in repairing corrupted profiles.

So bascially I'm copying all the files from the corrupted account to the new one, right?
Do I delete the corrupted account? The new account is set as standard user while the old one is Administrator, is that a problem?
Thanks again :)

Hi kapitolins. You need to create another account with Admin permissions and then follow the instructions in the link I posted. Once you are confident that the new account is working to your satisfaction and all your files are present, you can go ahead and delete the corrupt account.

Perfect. all went well, new account is 100% working and the old one is gone.
Many thanks again for all your help, you are a star :)

That's good news kapitolins and you are very welcome. :)