Infected with Trojan Vundo, pls help!!

[lavander]

hi, my pc's infected and i tried to clean it myself, but failed. hope u can help me.

here's hijackthis.log of my pc.

thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45, on 2007-12-16
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\lavander\Desktop\Windows-KB890830-V1.36.exe
C:\Users\lavander\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/defa...=sg&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell.com/content/defa...=sg&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Video - {6D64B03B-3B93-4AF2-BFC6-01264A4C7F2A} - C:\Windows\msvideo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleaner\registrycleaner.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10265 bytes

[Shaba]

Hi lavander and welcome to Safer Networking Forums

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

[lavander]

hi shaba, here are the scan results..

******************************
main.txt (part 1 of 2)
******************************

Deckard's System Scanner v20071014.68
Run by Lavander on 2007-12-18 02:33:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
17: 2007-12-16 03:58:38 UTC - RP49 - Scheduled Checkpoint
16: 2007-12-14 20:13:58 UTC - RP48 - ComboFix created restore point
15: 2007-12-14 12:28:05 UTC - RP47 - Installed RegistrySmart
14: 2007-12-13 14:01:54 UTC - RP46 - Installed Citrix Presentation Server Client
13: 2007-12-13 11:47:53 UTC - RP45 - Windows Update


-- First Restore Point --
1: 2007-12-06 08:28:38 UTC - RP30 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-18 02:35:15
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\wlanext.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\AEstSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Windows\System32\stacsv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SearchIndexer.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Lavander\Desktop\dss.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\VSSVC.exe
C:\Windows\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/defa...=sg&l=en&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleaner\RegistryCleaner.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: McAfee Application Installer Cleanup (0074221197904248) (0074221197904248mcinstcleanup) - Unknown owner - C:\Windows\TEMP\007422~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\AEstSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


--
End of file - 12940 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>

S2 0074221197904248mcinstcleanup (McAfee Application Installer Cleanup (0074221197904248)) - c:\windows\temp\007422~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-18 01:15:34 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{C088B174-B8AE-41DB-B5DF-4F6553A5FF0D}.job
2007-12-17 22:53:28 440 --a------ C:\Windows\Tasks\RegCure Program Check.job
2007-12-16 16:32:51 374 --a------ C:\Windows\Tasks\RegCure.job
2007-12-15 05:06:45 428 --a------ C:\Windows\Tasks\RegistrySmart Scheduled Scan.job
2007-12-15 01:00:00 356 --a------ C:\Windows\Tasks\McDefragTask.job
2007-12-04 07:27:26 348 --a------ C:\Windows\Tasks\McQcTask.job


cont.......

[lavander]

***********************************
main.txt (part 2 of 2)
***********************************

........cont



-- Files created between 2007-11-18 and 2007-12-18 -----------------------------

2007-12-16 16:40:52 0 d-------- C:\Windows\RegistryCleaner
2007-12-16 16:40:52 0 d-------- C:\Program Files\RegistryCleaner
2007-12-16 16:35:05 10752 --a------ C:\Windows\system32\md5.dll <Not Verified; ; MD5 Maker>
2007-12-16 16:35:03 0 d-------- C:\Program Files\BPS Remover
2007-12-16 16:32:59 0 d-a------ C:\Users\All Users\TEMP
2007-12-16 16:31:07 118784 --a------ C:\Windows\system32\msstdfmt.dll <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-12-16 16:31:06 101888 --a------ C:\Windows\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-12-16 15:54:14 0 d-------- C:\Program Files\RegCure
2007-12-16 15:49:36 0 d-------- C:\Program Files\Spyware Doctor
2007-12-16 15:46:10 0 d-------- C:\Program Files\NoAdware5.0
2007-12-15 05:24:22 0 d-------- C:\HJT
2007-12-15 05:15:50 0 d-------- C:\Users\Lavander\DoctorWeb
2007-12-15 02:54:45 0 d-------- C:\Users\All Users\Grisoft
2007-12-15 01:46:27 0 d-------- C:\VundoFix Backups
2007-12-15 00:03:03 0 d-------- C:\Program Files\Enigma Software Group
2007-12-14 23:36:00 228864 --a------ C:\Windows\msvideo.dll <Not Verified; Kodack; >
2007-12-14 21:48:36 0 d-------- C:\Program Files\Combined Community Codec Pack
2007-12-14 21:36:03 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-14 20:49:18 0 d-------- C:\temp
2007-12-14 20:28:36 0 d-------- C:\Program Files\RegistrySmart
2007-12-13 23:58:36 0 d-------- C:\Program Files\DivX
2007-12-13 20:12:31 0 d-------- C:\Windows\system32\Resource
2007-12-13 20:12:22 0 d-------- C:\Program Files\Citrix
2007-12-12 06:34:56 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-12-12 06:33:14 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-12 06:33:14 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-12 06:33:04 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-12 06:33:04 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-12 06:33:04 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-12 06:33:04 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-12 06:32:28 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2007-12-11 00:00:44 0 --a------ C:\Windows\nsreg.dat
2007-12-08 08:17:17 0 d-------- C:\Program Files\Skype
2007-12-08 08:17:17 0 d-------- C:\Program Files\Common Files\Skype
2007-12-07 20:24:26 0 d-------- C:\Users\All Users\Yahoo! Companion
2007-12-07 19:32:27 0 d-------- C:\Program Files\InterVideo
2007-12-06 23:20:59 14 --a------ C:\Windows\system32\SystemInfo32.sys
2007-12-06 21:18:22 0 d-------- C:\Program Files\VideoLAN
2007-12-06 21:09:39 0 -rahs---- C:\MSDOS.SYS
2007-12-06 21:09:39 0 -rahs---- C:\IO.SYS
2007-12-06 20:54:45 0 d-------- C:\Windows\system32\vmm32
2007-12-06 19:38:54 32 --a------ C:\Users\All Users\ezsid.dat
2007-12-06 19:37:48 0 d-------- C:\Users\All Users\Google
2007-12-06 19:37:34 0 d-------- C:\Program Files\Google
2007-12-06 19:37:14 0 d-------- C:\Users\All Users\Skype
2007-12-06 16:41:39 0 d-------- C:\Program Files\MSXML 4.0
2007-12-06 16:38:28 0 d-------- C:\Users\All Users\Yahoo!
2007-12-06 16:36:57 0 d-------- C:\Program Files\Yahoo!
2007-12-06 14:29:14 0 d-------- C:\Users\Lavander\Bluetooth Software
2007-12-06 14:28:28 0 d-------- C:\Intel
2007-12-06 14:28:03 0 dr------- C:\Users\Lavander\Searches
2007-12-06 14:27:47 0 dr------- C:\Users\Lavander\Contacts
2007-12-06 14:26:45 0 d--hs---- C:\Users\Lavander\Templates
2007-12-06 14:26:45 0 d--hs---- C:\Users\Lavander\Start Menu
2007-12-06 14:26:45 0 d--hs---- C:\Users\Lavander\SendTo
2007-12-06 14:26:45 0 d--hs---- C:\Users\Lavander\Recent
2007-12-06 14:26:45 0 d--hs---- C:\Users\Lavander\PrintHood
2007-12-06 14:26:45 0 d--hs---- C:\Users\Lavander\NetHood
2007-12-06 14:26:45 0 d--hs---- C:\Users\Lavander\My Documents
2007-12-06 14:26:45 0 d--hs---- C:\Users\Lavander\Local Settings
2007-12-06 14:26:45 0 d--hs---- C:\Users\Lavander\Cookies
2007-12-06 14:26:45 0 d--hs---- C:\Users\Lavander\Application Data
2007-12-06 14:26:44 0 dr------- C:\Users\Lavander\Videos
2007-12-06 14:26:44 0 dr------- C:\Users\Lavander\Saved Games
2007-12-06 14:26:44 0 d-------- C:\Users\Lavander\Roaming
2007-12-06 14:26:44 0 dr------- C:\Users\Lavander\Pictures
2007-12-06 14:26:44 1310720 --ahs---- C:\Users\Lavander\NTUSER.DAT
2007-12-06 14:26:44 0 dr------- C:\Users\Lavander\Music
2007-12-06 14:26:44 0 dr------- C:\Users\Lavander\Links
2007-12-06 14:26:44 0 dr------- C:\Users\Lavander\Favorites
2007-12-06 14:26:44 0 dr------- C:\Users\Lavander\Downloads
2007-12-06 14:26:44 0 dr------- C:\Users\Lavander\Documents
2007-12-06 14:26:44 0 dr------- C:\Users\Lavander\Desktop
2007-12-06 14:26:44 0 d--h----- C:\Users\Lavander\AppData
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\Templates
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\Start Menu
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\SendTo
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\Recent
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\PrintHood
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\NetHood
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\My Documents
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\Local Settings
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\Cookies
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\Application Data
2007-12-06 14:25:48 0 d--hs---- C:\Users\All Users\Templates
2007-12-06 14:25:48 0 d--hs---- C:\Users\All Users\Start Menu
2007-12-06 14:25:48 0 d--hs---- C:\Users\All Users\Favorites
2007-12-06 14:25:48 0 d--hs---- C:\Users\All Users\Documents
2007-12-06 14:25:48 0 d--hs---- C:\Users\All Users\Desktop
2007-12-06 14:25:48 0 d--hs---- C:\Users\All Users\Application Data
2007-12-04 14:39:49 0 d-------- C:\Program Files\Synaptics
2007-12-04 14:25:53 0 d-------- C:\Windows\Users
2007-12-04 14:21:41 0 d-------- C:\doctemp
2007-12-04 14:19:35 0 d-------- C:\Windows\system32\oem
2007-12-04 14:19:35 0 d-------- C:\Drivers
2007-12-04 14:19:35 0 d-------- C:\DELL
2007-12-04 07:24:49 0 d-------- C:\Program Files\Microsoft Works
2007-12-04 07:23:38 143360 --a------ C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-12-04 07:22:32 0 d-------- C:\Program Files\McAfee.com
2007-12-04 07:22:31 0 d-------- C:\Program Files\Common Files\McAfee
2007-12-04 07:22:28 0 d-------- C:\Program Files\McAfee
2007-12-04 07:22:24 0 d-------- C:\Users\All Users\McAfee
2007-12-04 07:22:12 0 d-------- C:\Program Files\Dell Support Center
2007-12-04 07:22:12 0 d-------- C:\Program Files\Common Files\supportsoft
2007-12-04 07:22:09 0 d-------- C:\Users\All Users\SupportSoft
2007-12-04 07:21:15 0 d-------- C:\Users\All Users\Gtek
2007-12-04 07:21:15 0 d-------- C:\Program Files\DellSupport
2007-12-04 07:19:39 0 d-------- C:\Users\All Users\Dell
2007-12-04 07:19:38 0 d-------- C:\Users\All Users\CyberLink
2007-12-04 07:19:27 44544 --a------ C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-12-04 07:19:17 0 d-------- C:\Program Files\CyberLink
2007-12-04 07:17:44 0 d-------- C:\Users\All Users\Roxio
2007-12-04 07:15:15 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-12-04 07:15:13 0 d-------- C:\Users\All Users\InstallShield
2007-12-04 07:15:12 0 d-------- C:\Program Files\Roxio
2007-12-04 07:15:00 0 d-------- C:\Users\All Users\Sonic
2007-12-04 07:14:53 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-12-04 07:14:24 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-12-04 07:13:03 229376 --a------ C:\Windows\system32\BtwRSupport.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 6.0.1.3100>
2007-12-04 07:12:55 0 d-------- C:\Windows\system32\es-MX
2007-12-04 07:12:55 0 d-------- C:\Windows\system32\es-AR
2007-12-04 07:12:51 0 d-------- C:\Program Files\WIDCOMM
2007-12-04 07:12:11 0 d-------- C:\Program Files\Digital Line Detect
2007-12-04 07:11:36 0 d-------- C:\Program Files\NetWaiting
2007-12-04 07:11:16 0 d-------- C:\Program Files\Modem Diagnostic Tool
2007-12-04 07:09:52 0 d-------- C:\Program Files\Fingerprint Reader Suite
2007-12-04 07:09:02 0 d-------- C:\Program Files\Broadcom
2007-12-04 07:02:14 69632 --a------ C:\Windows\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-12-04 07:02:14 110592 --a------ C:\Windows\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-12-04 07:02:14 131072 --a------ C:\Windows\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-12-04 07:02:14 163840 --a------ C:\Windows\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-12-04 07:02:07 0 d-------- C:\Users\All Users\Logitech
2007-12-04 07:02:06 0 d-------- C:\Program Files\SetPoint
2007-12-04 07:02:05 0 d-------- C:\Program Files\Common Files\Logitech
2007-12-04 07:01:30 76 -r-hs---- C:\Windows\CT4CET.bin
2007-12-04 07:01:14 0 d-------- C:\Documents and Settings
2007-12-04 07:01:03 0 d-------- C:\Program Files\Common Files\Reallusion
2007-12-04 07:00:41 0 d-------- C:\Program Files\Common Files\Creative
2007-12-04 07:00:15 0 d-------- C:\Program Files\Creative Live! Cam
2007-12-04 06:59:56 0 d-------- C:\Program Files\Dell
2007-12-04 06:59:49 0 d-------- C:\Program Files\Creative
2007-12-04 06:59:20 0 d-------- C:\Program Files\Intel, Inc
2007-12-04 06:58:59 0 d-------- C:\Users\Default\Roaming
2007-12-04 06:58:41 0 d-------- C:\Users\All Users\Intel
2007-12-04 06:58:37 0 d-------- C:\Program Files\Intel
2007-12-04 06:58:23 0 d-------- C:\Windows\java
2007-12-04 06:58:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-04 06:58:22 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-04 06:58:07 0 d-------- C:\Program Files\Java
2007-12-04 06:58:07 0 d-------- C:\Program Files\Common Files\Java
2007-12-04 06:55:54 0 d--hs---- C:\Windows\Installer
2007-12-04 06:55:49 0 d-------- C:\Windows\system32\Macromed
2007-12-04 06:47:08 12 --a------ C:\Windows\bthservsdp.dat
2007-12-04 06:46:10 0 d-------- C:\Windows\SoftwareDistribution
2007-12-04 06:45:43 0 d-------- C:\Program Files\Sigmatel
2007-12-04 06:44:09 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2007-12-18 02:31:17 0 d-------- C:\Users\Lavander\AppData\Roaming\Skype
2007-12-18 01:13:44 0 d-------- C:\Users\Lavander\AppData\Roaming\skypePM
2007-12-18 01:05:18 174 --a------ C:\Users\Lavander\AppData\Roaming\wklnhst.dat
2007-12-16 15:49:36 0 d-------- C:\Users\Lavander\AppData\Roaming\PC Tools
2007-12-15 03:52:53 0 d-------- C:\Users\Lavander\AppData\Roaming\RegistrySmart
2007-12-15 02:59:09 0 d-------- C:\Users\Lavander\AppData\Roaming\Grisoft
2007-12-14 21:36:03 0 d-------- C:\Program Files\Common Files
2007-12-14 19:35:07 0 d-------- C:\Users\Lavander\AppData\Roaming\Template
2007-12-13 22:14:58 0 d-------- C:\Users\Lavander\AppData\Roaming\ICAClient
2007-12-11 00:00:41 0 d-------- C:\Users\Lavander\AppData\Roaming\Mozilla
2007-12-08 23:07:37 0 d-------- C:\Users\Lavander\AppData\Roaming\Adobe
2007-12-08 14:31:48 0 d-------- C:\Users\Lavander\AppData\Roaming\Yahoo!
2007-12-07 22:47:59 0 d-------- C:\Users\Lavander\AppData\Roaming\CyberLink
2007-12-07 20:23:06 0 d--h----- C:\Users\Lavander\AppData\Roaming\GTek
2007-12-07 20:12:56 0 d-------- C:\Users\Lavander\AppData\Roaming\PLAux
2007-12-07 20:12:31 0 d-------- C:\Users\Lavander\AppData\Roaming\OTi
2007-12-07 19:31:52 0 d-------- C:\Users\Lavander\AppData\Roaming\InstallShield
2007-12-06 22:44:31 0 d-------- C:\Users\Lavander\AppData\Roaming\Google
2007-12-06 22:02:04 0 d-------- C:\Users\Lavander\AppData\Roaming\vlc
2007-12-06 19:23:26 0 d-------- C:\Program Files\Windows Mail
2007-12-06 16:30:27 0 d-------- C:\Users\Lavander\AppData\Roaming\Macromedia
2007-12-06 16:11:58 0 d-------- C:\Users\Lavander\AppData\Roaming\Creative
2007-12-06 16:10:57 0 d-------- C:\Users\Lavander\AppData\Roaming\Reallusion
2007-12-06 16:10:56 0 d-------- C:\Users\Lavander\AppData\Roaming\tmp
2007-12-06 14:29:27 0 d-------- C:\Users\Lavander\AppData\Roaming\Roxio
2007-12-06 14:29:16 0 d-------- C:\Users\Lavander\AppData\Roaming\Logitech
2007-12-06 14:27:51 0 d-------- C:\Users\Lavander\AppData\Roaming\Identities
2007-12-04 14:32:57 0 d-------- C:\Program Files\Windows Calendar
2007-12-04 14:29:48 0 d-------- C:\Program Files\Windows Defender
2007-12-04 06:47:56 174 --ahs---- C:\Program Files\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
2007-09-19 06:15 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-04 14:29]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 15:00]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-29 13:54]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-08 02:23]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-24 20:41]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-24 20:40]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-24 20:40]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-12-04 06:58]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 16:43]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 19:15]
"@"="" []
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 22:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 16:10]
"dscactivate"="c:\dell\dsca.exe" [2007-07-31 03:40]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-10-17 04:45]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 20:35]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 20:35]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 20:36]
"RegistryCleanFixMFC"="C:\Program Files\RegistryCleaner\RegistryCleaner.exe" [2007-12-05 23:31]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-12-04 07:12:41]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 18:13:26]
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2007-12-04 07:02:13]


(sorry, too long.. last part of main.txt on the next post...)

[lavander]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 2007-04-16 23:04 86528 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eea5c718-a3f5-11dc-a981-001dd9ebdfa2}]
AutoRun\command- G:\USBNB.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-12-18 02:37:33 ------------


*************end of main.txt*************


*************************************
extra.txt
*************************************
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 2037.57 MiB / 1011.96 MiB
Pagefile Memory (total/avail): 4294.42 MiB / 2745.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1896.62 MiB

C: is Fixed (NTFS) - 136.47 GiB total, 105.13 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 6.02 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1637GSX - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 78.41 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 136.47 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Spyware Doctor v5.1.0.273 (PC Tools)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Lavander\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=Lavander-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Lavander
LOCALAPPDATA=C:\Users\Lavander\AppData\Local
LOGONSERVER=\\Lavander-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Lavander\AppData\Local\Temp
TMP=C:\Users\Lavander\AppData\Local\Temp
USERDOMAIN=Lavander-PC
USERNAME=Lavander
USERPROFILE=C:\Users\Lavander
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Lavander


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BPS Remover 9.4.0.3 --> "C:\Program Files\BPS Remover\unins000.exe"
Broadcom Management Programs --> MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Citrix Presentation Server Client - Web Only --> MsiExec.exe /X{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}
Combined Community Codec Pack 2007-07-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Dell Getting Started Guide --> MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Support Center --> MsiExec.exe /X{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
Dell Touchpad --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fingerprint Reader Suite 5.6 --> MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Intel(R) PROSet/Wireless Software --> C:\Windows\Installer\iProInst.exe
InterVideo WinDVD Advisor --> C:\Program Files\InstallShield Installation Information\{21071A7C-A96F-46E4-9057-39636ED56446}\setup.exe -runfromtemp -l0x0009 -removeonly
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
KhalSetup --> MsiExec.exe /I{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}
Laptop Integrated Webcam Driver (1.03.02.0719) --> C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator --> C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0 --> C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
mCore --> MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
MetaFrame Presentation Server Web Client for Win32 --> C:\Windows\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Diagnostics Tool --> MsiExec.exe /I{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}
Mozilla Firefox (2.0.0.11) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NoAdware v5.0 --> "C:\Program Files\NoAdware5.0\unins000.exe"
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
QuickSet --> MsiExec.exe /I{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}
RegCure 1.3.0.2 --> C:\Program Files\RegCure\uninst.exe
RegistryCleaner --> "C:\Windows\RegistryCleaner\uninstall.exe" "/U:C:\Program Files\RegistryCleaner\Uninstall\uninstall.xml"
RegistrySmart --> MsiExec.exe /X{9A893DC3-F04C-474F-866C-B2F44C9743EC}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software 6.0.1.3100 --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Mobile Device Center Driver Update --> MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1457 / Success
Event Submitted/Written: 12/17/2007 10:52:52 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type1455 / Success
Event Submitted/Written: 12/17/2007 10:52:51 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type1452 / Success
Event Submitted/Written: 12/17/2007 10:52:47 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type1437 / Error
Event Submitted/Written: 12/17/2007 00:28:18 AM
Event ID/Source: 1002 / Application Hang
Event Description:
The program Explorer.EXE version 6.0.6000.16549 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: eec
Start Time: 01c83fcbca5c582c
Termination Time: 78

Event Record #/Type1424 / Success
Event Submitted/Written: 12/16/2007 06:09:46 PM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6354 / Warning
Event Submitted/Written: 12/18/2007 01:34:25 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CBF66886E. The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type6353 / Warning
Event Submitted/Written: 12/18/2007 01:34:25 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CBF66886E. The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type6339 / Error
Event Submitted/Written: 12/18/2007 01:33:55 AM
Event ID/Source: 17 / BTHUSB
Event Description:
The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Event Record #/Type6337 / Error
Event Submitted/Written: 12/18/2007 01:33:53 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
30000STacSV

Event Record #/Type6332 / Error
Event Submitted/Written: 12/17/2007 11:40:55 PM
Event ID/Source: 8003 / bowser
Event Description:
The master browser has received a server announcement from the computer RDG
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0A17371-6434-4F59-A6C3-D8B2E96AAACD}.
The master browser is stopping or an election is being forced.



-- End of Deckard's System Scanner: finished at 2007-12-18 02:37:33 ------------

[Shaba]

Hi

Download OTMoveIt by OldTimer to your Desktop.

• Double click OTMoveIt.exe to launch it.
• Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.

C:\Windows\msvideo.dll

• Click the Move It button.
• The list will be processed and the results will appear in the right hand pane.
• If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
• When finished click Exit to exit the programme.
• A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Post contents of that file here, please

[lavander]

Hi,

i followed ur instructions and created 12182007_230442.log. pls see contents of the log.

******************************************

LoadLibrary failed for C:\Windows\msvideo.dll
C:\Windows\msvideo.dll NOT unregistered.
File move failed. C:\Windows\msvideo.dll scheduled to be moved on reboot.

Created on 12-18-2007 23:04:42

******************************************


i also try loading internet explorer and i don't get those pop-ups anymore.

does this mean, my pc's clean?!

[Shaba]

Hi

Please re-run dss and post back its log (main.txt only), please

[lavander]

hello,

main.txt as requested!


****************************

Deckard's System Scanner v20071014.68
Run by lavander on 2007-12-19 23:10:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as lavander.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11, on 2007-12-19
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\lavander\Desktop\dss.exe
C:\Users\lavander\Desktop\lavander.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/defa...=sg&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleaner\RegistryCleaner.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0144691198076990) (0144691198076990mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\014469~1.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10240 bytes



cont....

[lavander]

...cont


-- Files created between 2007-11-19 and 2007-12-19 -----------------------------

2007-12-16 16:40:52 0 d-------- C:\Windows\RegistryCleaner
2007-12-16 16:32:59 0 d-a------ C:\Users\All Users\TEMP
2007-12-16 16:31:07 118784 --a------ C:\Windows\system32\msstdfmt.dll <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-12-16 16:31:06 101888 --a------ C:\Windows\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-12-16 15:46:10 0 d-------- C:\Program Files\NoAdware5.0
2007-12-15 05:24:22 0 d-------- C:\HJT
2007-12-15 05:15:50 0 d-------- C:\Users\lavander\DoctorWeb
2007-12-15 02:54:45 0 d-------- C:\Users\All Users\Grisoft
2007-12-15 00:03:03 0 d-------- C:\Program Files\Enigma Software Group
2007-12-14 21:48:36 0 d-------- C:\Program Files\Combined Community Codec Pack
2007-12-14 21:36:03 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-14 20:49:18 0 d-------- C:\temp
2007-12-14 20:28:36 0 d-------- C:\Program Files\RegistrySmart
2007-12-13 23:58:36 0 d-------- C:\Program Files\DivX
2007-12-13 20:12:31 0 d-------- C:\Windows\system32\Resource
2007-12-13 20:12:22 0 d-------- C:\Program Files\Citrix
2007-12-12 06:34:56 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-12-12 06:33:14 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-12 06:33:14 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-12 06:33:04 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-12 06:33:04 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-12 06:33:04 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-12 06:33:04 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-12 06:32:28 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2007-12-11 00:00:44 0 --a------ C:\Windows\nsreg.dat
2007-12-08 08:17:17 0 d-------- C:\Program Files\Skype
2007-12-08 08:17:17 0 d-------- C:\Program Files\Common Files\Skype
2007-12-07 20:24:26 0 d-------- C:\Users\All Users\Yahoo! Companion
2007-12-07 19:32:27 0 d-------- C:\Program Files\InterVideo
2007-12-06 23:20:59 14 --a------ C:\Windows\system32\SystemInfo32.sys
2007-12-06 21:18:22 0 d-------- C:\Program Files\VideoLAN
2007-12-06 21:09:39 0 -rahs---- C:\MSDOS.SYS
2007-12-06 21:09:39 0 -rahs---- C:\IO.SYS
2007-12-06 20:54:45 0 d-------- C:\Windows\system32\vmm32
2007-12-06 19:38:54 32 --a------ C:\Users\All Users\ezsid.dat
2007-12-06 19:37:48 0 d-------- C:\Users\All Users\Google
2007-12-06 19:37:34 0 d-------- C:\Program Files\Google
2007-12-06 19:37:14 0 d-------- C:\Users\All Users\Skype
2007-12-06 16:41:39 0 d-------- C:\Program Files\MSXML 4.0
2007-12-06 16:38:28 0 d-------- C:\Users\All Users\Yahoo!
2007-12-06 16:36:57 0 d-------- C:\Program Files\Yahoo!
2007-12-06 14:29:14 0 d-------- C:\Users\lavander\Bluetooth Software
2007-12-06 14:28:28 0 d-------- C:\Intel
2007-12-06 14:28:03 0 dr------- C:\Users\lavander\Searches
2007-12-06 14:27:47 0 dr------- C:\Users\lavander\Contacts
2007-12-06 14:26:45 0 d--hs---- C:\Users\lavander\Templates
2007-12-06 14:26:45 0 d--hs---- C:\Users\lavander\Start Menu
2007-12-06 14:26:45 0 d--hs---- C:\Users\lavander\SendTo
2007-12-06 14:26:45 0 d--hs---- C:\Users\lavander\Recent
2007-12-06 14:26:45 0 d--hs---- C:\Users\lavander\PrintHood
2007-12-06 14:26:45 0 d--hs---- C:\Users\lavander\NetHood
2007-12-06 14:26:45 0 d--hs---- C:\Users\lavander\My Documents
2007-12-06 14:26:45 0 d--hs---- C:\Users\lavander\Local Settings
2007-12-06 14:26:45 0 d--hs---- C:\Users\lavander\Cookies
2007-12-06 14:26:45 0 d--hs---- C:\Users\lavander\Application Data
2007-12-06 14:26:44 0 dr------- C:\Users\lavander\Videos
2007-12-06 14:26:44 0 dr------- C:\Users\lavander\Saved Games
2007-12-06 14:26:44 0 d-------- C:\Users\lavander\Roaming
2007-12-06 14:26:44 0 dr------- C:\Users\lavander\Pictures
2007-12-06 14:26:44 1310720 --ahs---- C:\Users\lavander\NTUSER.DAT
2007-12-06 14:26:44 0 dr------- C:\Users\lavander\Music
2007-12-06 14:26:44 0 dr------- C:\Users\lavander\Links
2007-12-06 14:26:44 0 dr------- C:\Users\lavander\Favorites
2007-12-06 14:26:44 0 dr------- C:\Users\lavander\Downloads
2007-12-06 14:26:44 0 dr------- C:\Users\lavander\Documents
2007-12-06 14:26:44 0 dr------- C:\Users\lavander\Desktop
2007-12-06 14:26:44 0 d--h----- C:\Users\lavander\AppData
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\Templates
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\Start Menu
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\SendTo
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\Recent
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\PrintHood
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\NetHood
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\My Documents
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\Local Settings
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\Cookies
2007-12-06 14:25:48 0 d--hs---- C:\Users\Default\Application Data
2007-12-06 14:25:48 0 d--hs---- C:\Users\All Users\Templates
2007-12-06 14:25:48 0 d--hs---- C:\Users\All Users\Start Menu
2007-12-06 14:25:48 0 d--hs---- C:\Users\All Users\Favorites
2007-12-06 14:25:48 0 d--hs---- C:\Users\All Users\Documents
2007-12-06 14:25:48 0 d--hs---- C:\Users\All Users\Desktop
2007-12-06 14:25:48 0 d--hs---- C:\Users\All Users\Application Data
2007-12-04 14:39:49 0 d-------- C:\Program Files\Synaptics
2007-12-04 14:25:53 0 d-------- C:\Windows\Users
2007-12-04 14:21:41 0 d-------- C:\doctemp
2007-12-04 14:19:35 0 d-------- C:\Windows\system32\oem
2007-12-04 14:19:35 0 d-------- C:\Drivers
2007-12-04 14:19:35 0 d-------- C:\DELL
2007-12-04 07:24:49 0 d-------- C:\Program Files\Microsoft Works
2007-12-04 07:23:38 143360 --a------ C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-12-04 07:22:32 0 d-------- C:\Program Files\McAfee.com
2007-12-04 07:22:31 0 d-------- C:\Program Files\Common Files\McAfee
2007-12-04 07:22:28 0 d-------- C:\Program Files\McAfee
2007-12-04 07:22:24 0 d-------- C:\Users\All Users\McAfee
2007-12-04 07:22:12 0 d-------- C:\Program Files\Dell Support Center
2007-12-04 07:22:12 0 d-------- C:\Program Files\Common Files\supportsoft
2007-12-04 07:22:09 0 d-------- C:\Users\All Users\SupportSoft
2007-12-04 07:21:15 0 d-------- C:\Users\All Users\Gtek
2007-12-04 07:21:15 0 d-------- C:\Program Files\DellSupport
2007-12-04 07:19:39 0 d-------- C:\Users\All Users\Dell
2007-12-04 07:19:38 0 d-------- C:\Users\All Users\CyberLink
2007-12-04 07:19:27 44544 --a------ C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-12-04 07:19:17 0 d-------- C:\Program Files\CyberLink
2007-12-04 07:17:44 0 d-------- C:\Users\All Users\Roxio
2007-12-04 07:15:15 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-12-04 07:15:13 0 d-------- C:\Users\All Users\InstallShield
2007-12-04 07:15:12 0 d-------- C:\Program Files\Roxio
2007-12-04 07:15:00 0 d-------- C:\Users\All Users\Sonic
2007-12-04 07:14:53 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-12-04 07:14:24 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-12-04 07:13:03 229376 --a------ C:\Windows\system32\BtwRSupport.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 6.0.1.3100>
2007-12-04 07:12:55 0 d-------- C:\Windows\system32\es-MX
2007-12-04 07:12:55 0 d-------- C:\Windows\system32\es-AR
2007-12-04 07:12:51 0 d-------- C:\Program Files\WIDCOMM
2007-12-04 07:12:11 0 d-------- C:\Program Files\Digital Line Detect
2007-12-04 07:11:36 0 d-------- C:\Program Files\NetWaiting
2007-12-04 07:11:16 0 d-------- C:\Program Files\Modem Diagnostic Tool
2007-12-04 07:09:52 0 d-------- C:\Program Files\Fingerprint Reader Suite
2007-12-04 07:09:02 0 d-------- C:\Program Files\Broadcom
2007-12-04 07:02:14 69632 --a------ C:\Windows\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-12-04 07:02:14 110592 --a------ C:\Windows\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-12-04 07:02:14 131072 --a------ C:\Windows\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-12-04 07:02:14 163840 --a------ C:\Windows\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-12-04 07:02:07 0 d-------- C:\Users\All Users\Logitech
2007-12-04 07:02:06 0 d-------- C:\Program Files\SetPoint
2007-12-04 07:02:05 0 d-------- C:\Program Files\Common Files\Logitech
2007-12-04 07:01:30 76 -r-hs---- C:\Windows\CT4CET.bin
2007-12-04 07:01:14 0 d-------- C:\Documents and Settings
2007-12-04 07:01:03 0 d-------- C:\Program Files\Common Files\Reallusion
2007-12-04 07:00:41 0 d-------- C:\Program Files\Common Files\Creative
2007-12-04 07:00:15 0 d-------- C:\Program Files\Creative Live! Cam
2007-12-04 06:59:56 0 d-------- C:\Program Files\Dell
2007-12-04 06:59:49 0 d-------- C:\Program Files\Creative
2007-12-04 06:59:20 0 d-------- C:\Program Files\Intel, Inc
2007-12-04 06:58:59 0 d-------- C:\Users\Default\Roaming
2007-12-04 06:58:41 0 d-------- C:\Users\All Users\Intel
2007-12-04 06:58:37 0 d-------- C:\Program Files\Intel
2007-12-04 06:58:23 0 d-------- C:\Windows\java
2007-12-04 06:58:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-04 06:58:22 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-04 06:58:07 0 d-------- C:\Program Files\Java
2007-12-04 06:58:07 0 d-------- C:\Program Files\Common Files\Java
2007-12-04 06:55:54 0 d--hs---- C:\Windows\Installer
2007-12-04 06:55:49 0 d-------- C:\Windows\system32\Macromed
2007-12-04 06:47:08 12 --a------ C:\Windows\bthservsdp.dat
2007-12-04 06:46:10 0 d-------- C:\Windows\SoftwareDistribution
2007-12-04 06:45:43 0 d-------- C:\Program Files\Sigmatel
2007-12-04 06:44:09 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2007-12-19 23:03:43 0 d-------- C:\Users\lavander\AppData\Roaming\Skype
2007-12-19 23:02:18 0 d-------- C:\Users\lavander\AppData\Roaming\skypePM
2007-12-18 01:05:18 174 --a------ C:\Users\lavander\AppData\Roaming\wklnhst.dat
2007-12-15 03:52:53 0 d-------- C:\Users\lavander\AppData\Roaming\RegistrySmart
2007-12-14 21:36:03 0 d-------- C:\Program Files\Common Files
2007-12-14 19:35:07 0 d-------- C:\Users\lavander\AppData\Roaming\Template
2007-12-13 22:14:58 0 d-------- C:\Users\lavander\AppData\Roaming\ICAClient
2007-12-11 00:00:41 0 d-------- C:\Users\lavander\AppData\Roaming\Mozilla
2007-12-08 23:07:37 0 d-------- C:\Users\lavander\AppData\Roaming\Adobe
2007-12-08 14:31:48 0 d-------- C:\Users\lavander\AppData\Roaming\Yahoo!
2007-12-07 22:47:59 0 d-------- C:\Users\lavander\AppData\Roaming\CyberLink
2007-12-07 20:23:06 0 d--h----- C:\Users\lavander\AppData\Roaming\GTek
2007-12-07 20:12:56 0 d-------- C:\Users\lavander\AppData\Roaming\PLAux
2007-12-07 20:12:31 0 d-------- C:\Users\lavander\AppData\Roaming\OTi
2007-12-07 19:31:52 0 d-------- C:\Users\lavander\AppData\Roaming\InstallShield
2007-12-06 22:44:31 0 d-------- C:\Users\lavander\AppData\Roaming\Google
2007-12-06 22:02:04 0 d-------- C:\Users\lavander\AppData\Roaming\vlc
2007-12-06 19:23:26 0 d-------- C:\Program Files\Windows Mail
2007-12-06 16:30:27 0 d-------- C:\Users\lavander\AppData\Roaming\Macromedia
2007-12-06 16:11:58 0 d-------- C:\Users\lavander\AppData\Roaming\Creative
2007-12-06 16:10:57 0 d-------- C:\Users\lavander\AppData\Roaming\Reallusion
2007-12-06 16:10:56 0 d-------- C:\Users\lavander\AppData\Roaming\tmp
2007-12-06 14:29:27 0 d-------- C:\Users\lavander\AppData\Roaming\Roxio
2007-12-06 14:29:16 0 d-------- C:\Users\lavander\AppData\Roaming\Logitech
2007-12-06 14:27:51 0 d-------- C:\Users\lavander\AppData\Roaming\Identities
2007-12-04 14:32:57 0 d-------- C:\Program Files\Windows Calendar
2007-12-04 14:29:48 0 d-------- C:\Program Files\Windows Defender
2007-12-04 06:47:56 174 --ahs---- C:\Program Files\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
2007-09-19 06:15 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-04 14:29]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 15:00]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-29 13:54]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-08 02:23]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-24 20:41]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-24 20:40]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-24 20:40]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-12-04 06:58]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 16:43]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 19:15]
"@"="" []
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 22:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 16:10]
"dscactivate"="c:\dell\dsca.exe" [2007-07-31 03:40]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-10-17 04:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 20:35]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 20:35]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 20:36]
"RegistryCleanFixMFC"="C:\Program Files\RegistryCleaner\RegistryCleaner.exe" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-12-04 07:12:41]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 18:13:26]
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2007-12-04 07:02:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 2007-04-16 23:04 86528 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eea5c718-a3f5-11dc-a981-001dd9ebdfa2}]
AutoRun\command- G:\USBNB.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-12-19 23:12:19 ------------