Author Topic: Cannot delete desktop item (Read 720 times)

bizzoveg111 · « **on:** June 07, 2008, 06:51:37 PM »

Hi there.

I came home from work one day and there was a desktop item on my desktop.

It was named fwd-you need to order a dress.

I cannot find it in safe mode and cannot delete it. When I click on properties it says it is 0 bytes.

My daughter and husband use my computer when I am at work and they have no idea how the icon got there.

Here is the latest hijack log;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:00 AM, on 8/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpamBully 3 for Outlook Express] "C:\Program Files\Axaware\Spam Bully 3 for OE\sb3oe.exe" install
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132951782953
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133261628729
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6986 bytes

Please help
Thanks

Liz

guestolo · « **Reply #1 on:** June 07, 2008, 07:04:52 PM »

I'll need the exact path to the file and the file name
Let's try the following

Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt
Don't post Extra.txt unless we need it later

bizzoveg111 · « **Reply #2 on:** June 08, 2008, 06:11:39 AM »

[quote name=\'guestolo\' post=\'430564\' date=\'Jun 7 2008, 06:04 PM\']I'll need the exact path to the file and the file name
Let's try the following

Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt
Don't post Extra.txt unless we need it later[/quote]

Hi again.

Here's the result.....

Deckard's System Scanner v20071014.68
Run by mrs skee on 2008-06-08 21:16:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as mrs skee.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:20 PM, on 8/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\BizzoTempFiles\dss(2).exe
C:\BizzoTempFiles\dss(2).exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MRSSKE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpamBully 3 for Outlook Express] "C:\Program Files\Axaware\Spam Bully 3 for OE\sb3oe.exe" install
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132951782953
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133261628729
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7106 bytes

-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-08 09:24:23 0 d-------- C:\Program Files\Tweak Manager
2008-06-07 11:42:51 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-02 19:25:00 0 dr-h----- C:\Documents and Settings\mrs skee\Recent
2008-05-27 12:15:08 0 d--h---c- C:\$AVG8.VAULT$
2008-05-26 15:23:45 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-26 15:23:44 0 d-------- C:\Documents and Settings\mrs skee\Application Data\AVGTOOLBAR
2008-05-26 15:23:31 0 d-------- C:\Program Files\AVG
2008-05-26 15:23:30 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-22 07:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
2008-05-21 22:47:19 0 d-------- C:\Program Files\Escape the Museum
2008-05-21 22:18:10 0 d-------- C:\Program Files\Concentration
2008-05-16 07:32:37 0 d-------- C:\WINDOWS\vnDrvBas
2008-05-15 11:40:48 23552 -ra------ C:\WINDOWS\system32\PostProc.dll <Not Verified; Analog Devices, Inc.; SoundMAX coinstaller>
2008-05-15 11:40:47 765952 -ra------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2008-05-15 11:40:45 127872 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
2008-05-15 11:40:44 141312 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
2008-05-15 11:40:16 53248 -----n--- C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2008-05-15 11:40:15 1285632 -----n--- C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2008-05-15 11:40:12 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-05-15 11:40:12 45056 -----n--- C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-05-15 11:40:12 0 d-------- C:\Program Files\Analog Devices
2008-05-15 11:34:12 0 d-------- C:\Program Files\VIA
2008-05-15 11:33:19 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-14 14:23:56 0 d-------- C:\WINDOWS\system32\CatRoot2

-- Find3M Report ---------------------------------------------------------------

2008-06-08 08:00:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-08 07:59:55 0 d-a------ C:\Program Files\Common Files
2008-06-06 08:04:48 0 d-------- C:\Program Files\LimeWire
2008-06-04 12:43:23 0 d-------- C:\Program Files\BFG
2008-06-04 12:42:40 0 d-------- C:\Program Files\Bejeweled 2 Deluxe
2008-06-02 21:25:22 0 d-------- C:\Program Files\Messenger
2008-05-21 07:56:51 0 d-------- C:\Documents and Settings\mrs skee\Application Data\iWin
2008-05-18 18:17:09 0 d-------- C:\Program Files\NickJr. Games
2008-05-05 19:18:12 0 d-------- C:\Program Files\Jewel Quest II
2008-05-04 16:49:12 668 --a------ C:\Documents and Settings\mrs skee\Application Data\vso_ts_preview.xml
2008-05-04 16:49:12 0 d-------- C:\Documents and Settings\mrs skee\Application Data\Vso
2008-05-04 10:09:53 34 --a------ C:\Documents and Settings\mrs skee\Application Data\pcouffin.log
2008-05-04 10:09:38 7887 --a------ C:\Documents and Settings\mrs skee\Application Data\pcouffin.cat
2008-05-04 10:09:37 47360 --a------ C:\Documents and Settings\mrs skee\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-04 10:09:37 1144 --a------ C:\Documents and Settings\mrs skee\Application Data\pcouffin.inf
2008-05-04 10:09:30 0 d-------- C:\Program Files\VSO
2008-04-29 12:56:25 0 d-------- C:\Program Files\Western Digital Technologies
2008-04-26 19:22:39 2036 --a------ C:\Documents and Settings\mrs skee\Application Data\NMM-MetaData.db
2008-04-25 15:37:07 0 d-------- C:\Program Files\Windows Live Toolbar
2008-04-25 15:37:03 0 d-------- C:\Program Files\Windows Live Favorites
2008-04-25 15:35:46 0 d-------- C:\Program Files\Windows Live
2008-04-25 15:21:59 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-24 14:21:41 0 d-------- C:\Program Files\Zodiac Tower
2008-04-24 14:16:14 0 --a------ C:\Program Files\temp01
2008-04-24 14:16:09 0 d-------- C:\Program Files\bfgclient
2008-04-15 11:21:21 0 d-------- C:\Program Files\Fizzball
2008-04-08 16:17:21 0 d-------- C:\Program Files\Java
2008-04-04 23:47:25 96577 --a------ C:\WINDOWS\hpqins16.dat
2008-03-24 19:59:29 21 -------c- C:\AUTOEXEC.BAT
2008-03-24 19:53:58 16 --a------ C:\WINDOWS\popcinfo.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Thanks
Liz

guestolo · « **Reply #3 on:** June 08, 2008, 10:11:14 AM »

Hi again, you cut off the bottom part of the log from dss.exe

Can you do the following
Right click the file on desktop, give me the Exact name of it please
Including it's extension
As eg...
fwd-you need to order a dress.eml

Also, navigate to this folder>>C:\Deckard\System scanner
Open it
Post the rest of the contents of Main.txt
Anything below this line

-- Registry Dump ---------------------------------------------------------------

While your at it, can you also post the Whole contents of Extra.txt

bizzoveg111 · « **Reply #4 on:** June 09, 2008, 04:28:46 AM »

Hi Again.

Sorry about that.

I did the scan again and only the main.txt window showed up. No extra.txt.

Here it is in full;

Deckard's System Scanner v20071014.68
Run by mrs skee on 2008-06-09 19:29:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as mrs skee.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:21 PM, on 9/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\BizzoTempFiles\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MRSSKE~1.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpamBully 3 for Outlook Express] "C:\Program Files\Axaware\Spam Bully 3 for OE\sb3oe.exe" install
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-839522115-362288127-725345543-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'T e l l e r s')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132951782953
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133261628729
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7669 bytes

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 19:16:55 0 d-------- C:\Documents and Settings\T e l l e r s\Application Data\Identities
2008-06-09 19:15:31 0 d-------- C:\Documents and Settings\T e l l e r s\Application Data\AVG7
2008-06-09 19:15:30 0 d--h----- C:\Documents and Settings\T e l l e r s\Templates
2008-06-09 19:15:30 0 dr------- C:\Documents and Settings\T e l l e r s\Start Menu
2008-06-09 19:15:30 0 dr-h----- C:\Documents and Settings\T e l l e r s\SendTo
2008-06-09 19:15:30 0 dr-h----- C:\Documents and Settings\T e l l e r s\Recent
2008-06-09 19:15:30 0 d--h----- C:\Documents and Settings\T e l l e r s\PrintHood
2008-06-09 19:15:30 1310720 --ah----- C:\Documents and Settings\T e l l e r s\NTUSER.DAT
2008-06-09 19:15:30 0 d--h----- C:\Documents and Settings\T e l l e r s\NetHood
2008-06-09 19:15:30 0 dr------- C:\Documents and Settings\T e l l e r s\My Documents
2008-06-09 19:15:30 0 d--h----- C:\Documents and Settings\T e l l e r s\Local Settings
2008-06-09 19:15:30 0 dr------- C:\Documents and Settings\T e l l e r s\Favorites
2008-06-09 19:15:30 0 d-------- C:\Documents and Settings\T e l l e r s\Desktop
2008-06-09 19:15:30 0 d--hs---- C:\Documents and Settings\T e l l e r s\Cookies
2008-06-09 19:15:30 0 dr-h----- C:\Documents and Settings\T e l l e r s\Application Data
2008-06-09 19:15:30 0 d---s---- C:\Documents and Settings\T e l l e r s\Application Data\Microsoft
2008-06-08 09:24:23 0 d-------- C:\Program Files\Tweak Manager
2008-06-07 11:42:51 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-02 19:25:00 0 dr-h----- C:\Documents and Settings\mrs skee\Recent
2008-05-27 12:15:08 0 d--h---c- C:\$AVG8.VAULT$
2008-05-26 15:23:45 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-26 15:23:44 0 d-------- C:\Documents and Settings\mrs skee\Application Data\AVGTOOLBAR
2008-05-26 15:23:31 0 d-------- C:\Program Files\AVG
2008-05-26 15:23:30 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-22 07:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
2008-05-21 22:47:19 0 d-------- C:\Program Files\Escape the Museum
2008-05-21 22:18:10 0 d-------- C:\Program Files\Concentration
2008-05-16 07:32:37 0 d-------- C:\WINDOWS\vnDrvBas
2008-05-15 11:40:48 23552 -ra------ C:\WINDOWS\system32\PostProc.dll <Not Verified; Analog Devices, Inc.; SoundMAX coinstaller>
2008-05-15 11:40:47 765952 -ra------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2008-05-15 11:40:45 127872 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
2008-05-15 11:40:44 141312 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
2008-05-15 11:40:16 53248 -----n--- C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2008-05-15 11:40:15 1285632 -----n--- C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2008-05-15 11:40:12 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-05-15 11:40:12 45056 -----n--- C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-05-15 11:40:12 0 d-------- C:\Program Files\Analog Devices
2008-05-15 11:34:12 0 d-------- C:\Program Files\VIA
2008-05-15 11:33:19 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-14 14:23:56 0 d-------- C:\WINDOWS\system32\CatRoot2

-- Find3M Report ---------------------------------------------------------------

2008-06-08 08:00:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-08 07:59:55 0 d-a------ C:\Program Files\Common Files
2008-06-06 08:04:48 0 d-------- C:\Program Files\LimeWire
2008-06-04 12:43:23 0 d-------- C:\Program Files\BFG
2008-06-04 12:42:40 0 d-------- C:\Program Files\Bejeweled 2 Deluxe
2008-06-02 21:25:22 0 d-------- C:\Program Files\Messenger
2008-05-21 07:56:51 0 d-------- C:\Documents and Settings\mrs skee\Application Data\iWin
2008-05-18 18:17:09 0 d-------- C:\Program Files\NickJr. Games
2008-05-05 19:18:12 0 d-------- C:\Program Files\Jewel Quest II
2008-05-04 16:49:12 668 --a------ C:\Documents and Settings\mrs skee\Application Data\vso_ts_preview.xml
2008-05-04 16:49:12 0 d-------- C:\Documents and Settings\mrs skee\Application Data\Vso
2008-05-04 10:09:53 34 --a------ C:\Documents and Settings\mrs skee\Application Data\pcouffin.log
2008-05-04 10:09:38 7887 --a------ C:\Documents and Settings\mrs skee\Application Data\pcouffin.cat
2008-05-04 10:09:37 47360 --a------ C:\Documents and Settings\mrs skee\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-04 10:09:37 1144 --a------ C:\Documents and Settings\mrs skee\Application Data\pcouffin.inf
2008-05-04 10:09:30 0 d-------- C:\Program Files\VSO
2008-04-29 12:56:25 0 d-------- C:\Program Files\Western Digital Technologies
2008-04-26 19:22:39 2036 --a------ C:\Documents and Settings\mrs skee\Application Data\NMM-MetaData.db
2008-04-25 15:37:07 0 d-------- C:\Program Files\Windows Live Toolbar
2008-04-25 15:37:03 0 d-------- C:\Program Files\Windows Live Favorites
2008-04-25 15:35:46 0 d-------- C:\Program Files\Windows Live
2008-04-25 15:21:59 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-24 14:21:41 0 d-------- C:\Program Files\Zodiac Tower
2008-04-24 14:16:14 0 --a------ C:\Program Files\temp01
2008-04-24 14:16:09 0 d-------- C:\Program Files\bfgclient
2008-04-15 11:21:21 0 d-------- C:\Program Files\Fizzball
2008-04-04 23:47:25 96577 --a------ C:\WINDOWS\hpqins16.dat
2008-03-24 19:59:29 21 -------c- C:\AUTOEXEC.BAT
2008-03-24 19:53:58 16 --a------ C:\WINDOWS\popcinfo.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [22/10/2006 11:22 AM C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 11:22 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22/10/2006 11:22 AM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [27/10/2004 03:21 PM C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20/05/2005 11:11 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/09/2005 03:35 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [26/05/2008 03:23 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:56 PM]
"SpamBully 3 for Outlook Express"="C:\Program Files\Axaware\Spam Bully 3 for OE\sb3oe.exe" [01/09/2005 07:56 PM]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" [13/04/2007 11:51 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\system32\srrstr.dll cecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mrs skee^Start Menu^Programs^Startup^Screen Saver Control.lnk]
backup=C:\WINDOWS\pss\Screen Saver Control.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBully 3 for Outlook Express]
"C:\Program Files\Axaware\Spam Bully 3 for OE\sb3oe.exe" install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"odserv"=3 (0x3)
"EPSONStatusAgent2"=2 (0x2)
"usnjsvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97b7752c-cfff-11da-a2d1-001195a0def4}]
AutoRun\command- H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9820c6bd-23d0-11dd-9161-0015f25de1f6}]
AutoRun\command- H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4ca4caa-2dca-11dd-9166-0015f25de1f6}]
AutoRun\command- H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7dd7d5c-98dd-11db-9155-806d6172696f}]
AutoRun\command- D:\installer.exe

*Newly Created Service* - SWPRV
*Newly Created Service* - VSS

-- End of Deckard's System Scanner: finished at 2008-06-09 19:30:49 ------------

I right clicked the file and there is no extension evident. I went to properties and this was in the General heading;

Fwd_ You better order a dress.
Type of file: File

Thanks

Liz

guestolo · « **Reply #5 on:** June 09, 2008, 08:36:45 AM »

Try this and see if it works

Download [color=\"blue\"]OTMoveIt2.exe[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the entries below in [color=\"#0000FF\"]blue[/color] to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

[color=\"#0000FF\"][kill explorer]
C:\Documents and Settings\mrs skee\Desktop\Fwd_ You better order a dress.
[start explorer][/color]

======================================================
Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log

If the file is now gone, let me know
If it isn't, can you post that log from OTMoveIT2 please

bizzoveg111 · « **Reply #6 on:** June 10, 2008, 04:02:19 AM »

Hi there.

Did it all but alas, the file is STILL there.

Here's the result from OTMoveIt;
Explorer killed successfully
File/Folder C:\Documents and Settings\mrs skee\Desktop\Fwd_ You better order a dress. not found.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06102008_190744

Its a mystery....

Liz

======================================================

Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log

If the file is now gone, let me know
If it isn't, can you post that log from OTMoveIT2 please
[/quote]

guestolo · « **Reply #7 on:** June 10, 2008, 05:33:41 AM »

OTMoveit didn't see it, or I don't have the exact file

Try this
Download and install Unlocker from > [color=\"#FF0000\"]HERE[/color] <

When installing, I suggest you untick only the Ebay shortcuts

After you have it installed, right click on the file on desktop that won't delete and choose Unlocker from the menu bar
Choose Delete from the drop down menu bar
Follow the prompts to remove the file

See if that helps

bizzoveg111 · « **Reply #8 on:** June 10, 2008, 05:21:05 PM »

Hi there.

YAY!!!

It worked! The file is gone.

Thank you SO much.

Such a a little thing that caused such a big problem......

Anyway, you have a lovely day.

How do I close this thread?

Liz

guestolo · « **Reply #9 on:** June 10, 2008, 05:26:51 PM »

Take note, Unlocker will run on startup, you can right click it's icon by the clock and uncheck Autostart
If you have no need for it anymore, simply uninstall it from Add and Remove Programs
or you can hold onto it, that's your option

I would delete OTMoveit2.exe from desktop and the folder it created
C:\_OTMoveit

Edit> Also, go ahead and delete dss.exe from desktop and the folder it would of created
C:\Deckard

I'll lock this topic for you as it appears the problem is resolved

You have a nice day also Liz
Take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: Cannot delete desktop item (Read 720 times)

bizzoveg111

Cannot delete desktop item

guestolo

Cannot delete desktop item

bizzoveg111

Cannot delete desktop item

guestolo

Cannot delete desktop item

bizzoveg111

Cannot delete desktop item

guestolo

Cannot delete desktop item

bizzoveg111

Cannot delete desktop item

guestolo

Cannot delete desktop item

bizzoveg111

Cannot delete desktop item

guestolo

Cannot delete desktop item