PDA

View Full Version : clicks on google links go to other advert sites...and new reg change alerts @sysboot



pynfmly
2007-11-28, 05:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:58 PM, on 11/27/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Webshots\webshots.scr
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell" Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKCU\..\Run: [dmodb.tmp] C:\Windows\system32\dmodb.tmp
O4 - HKCU\..\Run: [dmpig.tmp] C:\Windows\system32\dmpig.tmp
O4 - HKCU\..\Run: [dmhlm.tmp] C:\Windows\system32\dmhlm.tmp
O4 - HKCU\..\Run: [dmfiw.tmp] C:\Windows\system32\dmfiw.tmp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [dmxwx.tmp] C:\Windows\system32\dmxwx.tmp
O4 - HKCU\..\Run: [dmjsd.tmp] C:\Windows\system32\dmjsd.tmp
O4 - HKCU\..\Run: [dmgqp.tmp] C:\Windows\system32\dmgqp.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0048801196217697) (0048801196217697mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\004880~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12138 bytes

katana
2007-12-07, 00:27
Hello pynfmly and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

You have a few files there that look like malware, but are relatively new.
Unfortunately the best tools we have don't work on Vista yet, so this may take a bit longer than normal.

Disable Teatimer
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.


Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKCU\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKCU\..\Run: [dmodb.tmp] C:\Windows\system32\dmodb.tmp
O4 - HKCU\..\Run: [dmpig.tmp] C:\Windows\system32\dmpig.tmp
O4 - HKCU\..\Run: [dmhlm.tmp] C:\Windows\system32\dmhlm.tmp
O4 - HKCU\..\Run: [dmfiw.tmp] C:\Windows\system32\dmfiw.tmp
O4 - HKCU\..\Run: [dmxwx.tmp] C:\Windows\system32\dmxwx.tmp
O4 - HKCU\..\Run: [dmjsd.tmp] C:\Windows\system32\dmjsd.tmp
O4 - HKCU\..\Run: [dmgqp.tmp] C:\Windows\system32\dmgqp.tmp
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal (http://www.virustotal.com/en/indexf.html)
Copy/paste the the following file path into the window
C:\Windows\system32\dmsrf.exe
Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
C:\Windows\system32\dmxwx.tmp

If Virustotal is too busy please try Jotti (http://virusscan.jotti.org/)

Please post a fresh HJT log along with the Virus Total results

pynfmly
2007-12-07, 04:13
Thank you so much for your help!!!
Here are the scan results:

For C:\Windows\system32\dmsrf.exe

File dmsrf.exe received on 12.07.2007 02:57:11 (CET)
Current status: finished
Result: 13/32 (40.63%)
Compact
Print results
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.12.7.0 2007.12.06 -
AntiVir 7.6.0.34 2007.12.06 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.12.06 -
Avast 4.7.1098.0 2007.12.06 -
AVG 7.5.0.503 2007.12.07 DNSChanger.H
BitDefender 7.2 2007.12.07 -
CAT-QuickHeal 9.00 2007.12.06 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.12.06 -
DrWeb 4.44.0.09170 2007.12.06 -
eSafe 7.0.15.0 2007.12.06 -
eTrust-Vet 31.3.5358 2007.12.07 -
Ewido 4.0 2007.12.06 -
FileAdvisor 1 2007.12.07 -
Fortinet 3.14.0.0 2007.12.06 W32/PackDNSChanger.A
F-Prot 4.4.2.54 2007.12.06 -
F-Secure 6.70.13030.0 2007.12.07 Trojan.Win32.DNSChanger.abk
Ikarus T3.1.1.12 2007.12.07 Trojan.Win32.DNSChanger.abk
Kaspersky 7.0.0.125 2007.12.07 Trojan.Win32.DNSChanger.abk
McAfee 5179 2007.12.06 -
Microsoft 1.3007 2007.12.07 Trojan:Win32/Alureon.gen!D
NOD32v2 2708 2007.12.07 Win32/TrojanDownloader.Zlob.BKY
Norman 5.80.02 2007.12.06 -
Panda 9.0.0.4 2007.12.06 Suspicious file
Prevx1 V2 2007.12.07 -
Rising 20.21.32.00 2007.12.06 -
Sophos 4.24.0 2007.12.07 -
Sunbelt 2.2.907.0 2007.12.07 -
Symantec 10 2007.12.07 Trojan.Packed.7
TheHacker 6.2.9.152 2007.12.07 -
VBA32 3.12.2.5 2007.12.05 -
VirusBuster 4.3.26:9 2007.12.06 Trojan.DNSChanger.QE.Gen
Webwasher-Gateway 6.6.2 2007.12.06 Trojan.Crypt.XPACK.Gen
Additional information
File size: 67622 bytes
MD5: 0e9b8ae2f9024c4b5fc0454399d886ed
SHA1: 47cd7fdeadc77a0895cf46e4de357427ca344143
PEiD: -
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.






And for C:\Windows\system32\dmxwx.tmp

When I attempted to send the file I got a white page with the following text in top left hand corner-
0 bytes size received / Se ha recibido un archivo vacio


And my latest HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:58 PM, on 11/27/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Webshots\webshots.scr
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell" Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKCU\..\Run: [dmodb.tmp] C:\Windows\system32\dmodb.tmp
O4 - HKCU\..\Run: [dmpig.tmp] C:\Windows\system32\dmpig.tmp
O4 - HKCU\..\Run: [dmhlm.tmp] C:\Windows\system32\dmhlm.tmp
O4 - HKCU\..\Run: [dmfiw.tmp] C:\Windows\system32\dmfiw.tmp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [dmxwx.tmp] C:\Windows\system32\dmxwx.tmp
O4 - HKCU\..\Run: [dmjsd.tmp] C:\Windows\system32\dmjsd.tmp
O4 - HKCU\..\Run: [dmgqp.tmp] C:\Windows\system32\dmgqp.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0048801196217697) (0048801196217697mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\004880~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12138 bytes

katana
2007-12-07, 04:29
Disable Windows Defender
Please disable Windows Defender Real Time Protection as it may interfere with the fix. To disable Windows Defender:

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
Close Windows Defender


Disable Teatimer
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.

Disable SpySweeper
If you have Spy Sweeper version 4:
Open it, Click Options over on the left, then Program options
Uncheck load at windows startup.
Over to the left, Click shields and Uncheck all there.
Uncheck home page shield.
Uncheck automatically restore default without notification.
Reboot your computer, and verify SpySweeper is disabled.

If you have SpySweeper version 5:
Open SpySweeper, click Shield Settings on the right
(or Shields on the left, depending what screen you're on).
Click Internet Explorer and uncheck all items.
Click Windows System and uncheck all items.
Click Hosts File and uncheck all items.
Click Startup Programs and uncheck all items.
Close SpySweeper.
Reboot your computer, and verify Spy Sweeper is disabled.


Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKCU\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKCU\..\Run: [dmodb.tmp] C:\Windows\system32\dmodb.tmp
O4 - HKCU\..\Run: [dmpig.tmp] C:\Windows\system32\dmpig.tmp
O4 - HKCU\..\Run: [dmhlm.tmp] C:\Windows\system32\dmhlm.tmp
O4 - HKCU\..\Run: [dmfiw.tmp] C:\Windows\system32\dmfiw.tmp
O4 - HKCU\..\Run: [dmxwx.tmp] C:\Windows\system32\dmxwx.tmp
O4 - HKCU\..\Run: [dmjsd.tmp] C:\Windows\system32\dmjsd.tmp
O4 - HKCU\..\Run: [dmgqp.tmp] C:\Windows\system32\dmgqp.tmp
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis


OTMoveIt
Please download OTMoveIt by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe).

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Windows\system32\dmsrf.exe
C:\Windows\system32\dmsrf.exe
C:\Windows\system32\dmodb.tmp
C:\Windows\system32\dmpig.tmp
C:\Windows\system32\dmhlm.tmp
C:\Windows\system32\dmfiw.tmp
C:\Windows\system32\dmxwx.tmp
C:\Windows\system32\dmjsd.tmp
C:\Windows\system32\dmgqp.tmp

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt
Copy and paste the contents of the results box as a reply to this topic

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\\_OTMoveIt\\MovedFiles\\********_******.log
(where "********_******" is the "date_time")

please post a fresh HJT log along with the OTMoveIt report in your reply

pynfmly
2007-12-07, 08:17
OT Moveit info:

File move failed. C:\Windows\system32\dmsrf.exe scheduled to be moved on reboot.
File move failed. C:\Windows\system32\dmsrf.exe scheduled to be moved on reboot.
C:\Windows\system32\dmodb.tmp moved successfully.
C:\Windows\system32\dmpig.tmp moved successfully.
C:\Windows\system32\dmhlm.tmp moved successfully.
C:\Windows\system32\dmfiw.tmp moved successfully.
C:\Windows\system32\dmxwx.tmp moved successfully.
C:\Windows\system32\dmjsd.tmp moved successfully.
C:\Windows\system32\dmgqp.tmp moved successfully.

Created on 12/07/2007 00:08:52



HJT Info:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:58 PM, on 11/27/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Webshots\webshots.scr
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell" Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKCU\..\Run: [dmodb.tmp] C:\Windows\system32\dmodb.tmp
O4 - HKCU\..\Run: [dmpig.tmp] C:\Windows\system32\dmpig.tmp
O4 - HKCU\..\Run: [dmhlm.tmp] C:\Windows\system32\dmhlm.tmp
O4 - HKCU\..\Run: [dmfiw.tmp] C:\Windows\system32\dmfiw.tmp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [dmxwx.tmp] C:\Windows\system32\dmxwx.tmp
O4 - HKCU\..\Run: [dmjsd.tmp] C:\Windows\system32\dmjsd.tmp
O4 - HKCU\..\Run: [dmgqp.tmp] C:\Windows\system32\dmgqp.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0048801196217697) (0048801196217697mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\004880~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12138 bytes

katana
2007-12-07, 14:21
That is the old HJT, Please can you post a new one

pynfmly
2007-12-09, 00:34
hhmm...that's odd. i thought for sure I ran a new one...let's try this log
----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:58 PM, on 11/27/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Webshots\webshots.scr
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell" Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKCU\..\Run: [dmodb.tmp] C:\Windows\system32\dmodb.tmp
O4 - HKCU\..\Run: [dmpig.tmp] C:\Windows\system32\dmpig.tmp
O4 - HKCU\..\Run: [dmhlm.tmp] C:\Windows\system32\dmhlm.tmp
O4 - HKCU\..\Run: [dmfiw.tmp] C:\Windows\system32\dmfiw.tmp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [dmxwx.tmp] C:\Windows\system32\dmxwx.tmp
O4 - HKCU\..\Run: [dmjsd.tmp] C:\Windows\system32\dmjsd.tmp
O4 - HKCU\..\Run: [dmgqp.tmp] C:\Windows\system32\dmgqp.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0048801196217697) (0048801196217697mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\004880~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12138 bytes

katana
2007-12-09, 01:39
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:58 PM, on 11/27/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:58 PM, on 11/27/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:58 PM, on 11/27/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Nope :p:

Let's try this instead

Deckard's System Scanner
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

pynfmly
2007-12-09, 21:33
due to post length restriction the 2 logs will be in 3 separate posts...the MAIN is in black font and the extra will be in RED font...

MAIN

Deckard's System Scanner v20071014.68
Run by skrunch on 2007-12-09 09:31:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
11: 2007-12-09 13:28:41 UTC - RP54 - Device Driver Package Install: VSO Software
10: 2007-12-08 23:56:13 UTC - RP53 - Installed Nero 8 Trial. Available with Windows Installer version 1.2 and later.
9: 2007-12-08 23:55:16 UTC - RP52 - Installed DirectX
8: 2007-12-06 05:09:12 UTC - RP50 - Removed Google Toolbar for Internet Explorer
7: 2007-12-01 22:02:37 UTC - RP49 - Installed Steam


-- First Restore Point --
1: 2007-11-18 18:55:21 UTC - RP43 - Installed Ad-Aware 2007


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as skrunch.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:05 AM, on 12/9/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\skrunch\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\skrunch.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [dmxsx.tmp] C:\Windows\system32\dmxsx.tmp
O4 - HKCU\..\Run: [dmqkn.tmp] C:\Windows\system32\dmqkn.tmp
O4 - HKCU\..\Run: [dmked.tmp] C:\Windows\system32\dmked.tmp
O4 - HKCU\..\Run: [dmihi.tmp] C:\Windows\system32\dmihi.tmp
O4 - HKCU\..\Run: [dmdjv.tmp] C:\Windows\system32\dmdjv.tmp
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [dmujl.tmp] C:\Windows\system32\dmujl.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: McAfee Application Installer Cleanup (0245251197207080) (0245251197207080mcinstcleanup) - Unknown owner - C:\Windows\TEMP\024525~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10921 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S2 0245251197207080mcinstcleanup (McAfee Application Installer Cleanup (0245251197207080)) - c:\windows\temp\024525~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-25 17:25:33 348 --a------ C:\Windows\Tasks\McQcTask.job
2007-10-25 17:25:33 356 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2007-11-09 and 2007-12-09 -----------------------------

2007-12-09 08:00:13 0 d-------- C:\Shrink Temps
2007-12-09 07:29:12 0 d-------- C:\Windows\LastGood
2007-12-09 07:28:20 47360 --a------ C:\Windows\system32\drivers\Pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-09 07:28:06 0 d-------- C:\Program Files\Super DVD Creator 9.25.0
2007-12-08 17:58:46 0 d-------- C:\Users\All Users\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Common Files\Nero
2007-12-05 23:31:17 0 d-------- C:\Ripped
2007-12-05 23:25:41 0 d-------- C:\Users\All Users\DVD Shrink
2007-12-05 23:25:38 0 d-------- C:\Program Files\DVD Shrink
2007-12-05 13:49:24 0 dr------- C:\Superbad Unrated
2007-12-05 13:04:47 0 d-------- C:\Napoleon
2007-12-04 21:54:28 0 d-------- C:\TRANSFORMERS_VANILLA
2007-12-01 16:03:22 0 d-------- C:\Program Files\Common Files\Steam
2007-12-01 16:03:18 0 d-------- C:\Program Files\Steam
2007-11-27 20:55:29 0 d-------- C:\Program Files\Trend Micro
2007-11-27 06:26:41 0 d-------- C:\Program Files\CCleaner
2007-11-26 01:22:44 0 d-------- C:\Program Files\Another Matrix Screen Saver
2007-11-22 16:11:49 0 d-------- C:\Program Files\VideoLAN
2007-11-22 12:36:30 0 d-------- C:\Program Files\DV Series
2007-11-22 12:35:57 0 -rahs---- C:\MSDOS.SYS
2007-11-22 12:35:57 0 -rahs---- C:\IO.SYS
2007-11-21 05:53:25 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-11-21 05:32:08 0 d-------- C:\Program Files\STOPzilla!
2007-11-21 05:32:06 0 d-------- C:\Program Files\Common Files\iS3
2007-11-21 05:32:05 0 d-------- C:\Users\All Users\STOPzilla!
2007-11-20 21:10:10 0 d-------- C:\Program Files\Coupons
2007-11-20 21:10:09 31 --ah----- C:\Windows\uccspecc.sys
2007-11-18 13:41:19 0 d-------- C:\Users\All Users\Webroot
2007-11-18 13:41:19 0 d-------- C:\Program Files\Webroot
2007-11-18 13:40:56 164 --a------ C:\install.dat
2007-11-18 12:55:55 0 d-------- C:\Program Files\Lavasoft
2007-11-18 12:55:54 0 d-------- C:\Users\All Users\Lavasoft
2007-11-18 12:54:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 21:35:05 0 d-------- C:\Windows\PCHEALTH
2007-11-16 21:35:05 0 d-------- C:\Program Files\Microsoft.NET
2007-11-16 21:32:18 0 d-------- C:\Users\All Users\Microsoft Help
2007-11-16 21:31:32 0 dr-h----- C:\MSOCache
2007-11-15 06:07:39 72214 --a------ C:\Windows\system32\kdenf.exe
2007-11-15 06:07:39 67622 --a------ C:\Windows\system32\dmsrf.exe
2007-11-15 06:07:39 67622 --a------ C:\Windows\system32\dmpyt.exe
2007-11-15 06:07:39 67622 --a------ C:\Windows\system32\dmlze.exe
2007-11-15 06:07:39 67622 --a------ C:\Windows\system32\dmhvy.exe
2007-11-15 06:07:39 67622 --a------ C:\Windows\system32\dmhtc.exe
2007-11-14 21:25:43 0 d-------- C:\Program Files\Dell Support Center
2007-11-14 21:25:39 0 d-------- C:\Program Files\Common Files\supportsoft
2007-11-14 20:41:40 0 d-------- C:\Program Files\uTorrent
2007-11-14 19:53:09 0 d-------- C:\MTK Recording Volume
2007-11-10 15:11:41 0 d-------- C:\THE_OUTSIDERS

pynfmly
2007-12-09, 21:37
-- Find3M Report ---------------------------------------------------------------

2007-12-09 09:34:17 0 d-------- C:\Users\skrunch\AppData\Roaming\uTorrent
2007-12-09 07:31:14 0 d-------- C:\Program Files\McAfee
2007-12-08 18:03:28 0 d-------- C:\Users\skrunch\AppData\Roaming\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Common Files
2007-12-05 23:40:11 0 d-------- C:\Program Files\Google
2007-12-04 21:25:21 0 d-------- C:\Users\skrunch\AppData\Roaming\CyberLink
2007-11-22 16:14:46 0 d-------- C:\Users\skrunch\AppData\Roaming\vlc
2007-11-18 17:38:40 0 d-------- C:\Users\skrunch\AppData\Roaming\MusicNet
2007-11-18 13:41:19 0 d-------- C:\Users\skrunch\AppData\Roaming\Webroot
2007-11-16 21:36:08 0 d-------- C:\Program Files\Microsoft Works
2007-11-15 06:05:15 0 d-------- C:\Program Files\Windows Mail
2007-11-14 23:06:17 0 d-------- C:\Users\skrunch\AppData\Roaming\Roxio
2007-11-09 00:01:39 0 d-------- C:\Users\skrunch\AppData\Roaming\WinRAR
2007-11-08 06:08:59 0 d-------- C:\Program Files\iTunes
2007-11-08 06:08:45 0 d-------- C:\Program Files\iPod
2007-11-08 06:06:08 0 d-------- C:\Program Files\QuickTime
2007-11-07 20:56:04 0 d-------- C:\Program Files\SigmaTel
2007-11-07 20:55:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-04 08:56:55 0 d-------- C:\Users\skrunch\AppData\Roaming\Webshots
2007-11-04 08:56:55 0 d-------- C:\Program Files\Webshots
2007-11-03 21:19:38 0 d-------- C:\Program Files\EA GAMES
2007-11-03 11:07:56 141132 --a------ C:\Windows\hpoins14.dat
2007-11-03 11:05:46 0 d-------- C:\Program Files\HP
2007-11-03 11:05:33 0 d-------- C:\Users\skrunch\AppData\Roaming\HPAppData
2007-11-03 11:03:06 0 d-------- C:\Program Files\Common Files\HP
2007-11-03 11:02:38 0 d-------- C:\Program Files\Hewlett-Packard
2007-11-03 11:02:20 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-11-03 10:45:36 0 d-------- C:\Program Files\Cucusoft
2007-11-03 10:34:21 0 d-------- C:\Program Files\Replay AV 8
2007-11-03 10:32:09 0 d-------- C:\Program Files\WinPcap
2007-11-03 10:29:30 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-11-01 20:05:42 0 d-------- C:\Users\skrunch\AppData\Roaming\Adobe
2007-10-31 17:04:48 0 d--h----- C:\Users\skrunch\AppData\Roaming\GTek
2007-10-30 22:11:35 0 d-------- C:\Users\skrunch\AppData\Roaming\Apple Computer
2007-10-30 22:09:01 0 d-------- C:\Program Files\Apple Software Update
2007-10-30 22:07:49 0 d-------- C:\Program Files\Common Files\Apple
2007-10-30 22:04:30 0 --a------ C:\Windows\nsreg.dat
2007-10-30 22:04:28 0 d-------- C:\Users\skrunch\AppData\Roaming\Mozilla
2007-10-30 20:07:46 0 d-------- C:\Program Files\Microsoft FrontPage
2007-10-30 20:05:25 0 d-------- C:\Users\skrunch\AppData\Roaming\Microsoft Web Folders
2007-10-30 19:11:51 0 d-------- C:\Users\skrunch\AppData\Roaming\Google
2007-10-30 18:54:31 0 d-------- C:\Users\skrunch\AppData\Roaming\Macromedia
2007-10-30 18:47:31 174 --ahs---- C:\Program Files\desktop.ini
2007-10-30 18:44:40 0 d-------- C:\Program Files\Windows Calendar
2007-10-30 18:35:19 0 d-------- C:\Program Files\MSXML 4.0
2007-10-30 18:27:22 0 d-------- C:\Users\skrunch\AppData\Roaming\Identities
2007-10-26 00:47:55 0 d-------- C:\Program Files\DellTPad
2007-10-26 00:41:44 0 d-------- C:\Program Files\Windows Defender
2007-10-25 17:23:26 0 d-------- C:\Program Files\Dell
2007-10-25 17:19:40 0 d-------- C:\Program Files\Common Files\McAfee
2007-10-25 17:19:31 0 d-------- C:\Program Files\McAfee.com
2007-10-25 17:18:38 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-25 17:18:11 0 d-------- C:\Program Files\Dell DataSafe Online
2007-10-25 17:17:17 0 d-------- C:\Program Files\Yahoo!
2007-10-25 17:16:30 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-10-25 17:14:59 0 d-------- C:\Program Files\DellSupport
2007-10-25 17:13:25 0 d-------- C:\Program Files\CyberLink
2007-10-25 17:11:52 0 d-------- C:\Program Files\Roxio
2007-10-25 17:11:39 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-25 17:10:34 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-25 17:09:27 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-25 17:08:09 0 d--h----- C:\Program Files\Creative Installation Information
2007-10-25 17:07:38 0 d-------- C:\Program Files\Creative
2007-10-25 17:07:31 0 d-------- C:\Program Files\Common Files\Creative
2007-10-25 17:07:12 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-10-25 17:07:12 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-10-25 17:06:36 0 d-------- C:\Program Files\Common Files\Creative Labs Shared
2007-10-25 17:06:29 0 d-------- C:\Program Files\Broadcom
2007-10-25 17:06:19 0 d-------- C:\Program Files\Digital Line Detect
2007-10-25 17:05:50 0 d-------- C:\Program Files\NetWaiting
2007-10-25 17:05:25 0 d-------- C:\Program Files\Modem Diagnostic Tool
2007-10-25 17:00:27 0 d-------- C:\Program Files\Java
2007-10-25 17:00:27 0 d-------- C:\Program Files\Common Files\Java
2007-10-25 16:52:54 0 d-------- C:\Program Files\CONEXANT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 03:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 05:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/26/2007 12:41 AM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [04/17/2007 09:31 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [07/01/2007 11:14 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [07/01/2007 11:13 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [07/01/2007 11:14 PM]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [11/27/2006 08:14 AM]
"UpdReg"="C:\Windows\UpdReg.EXE" [05/11/2000 12:00 AM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [03/21/2007 01:33 PM]
"@"="" []
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 06:57 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 09:33 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 08:34 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [09/07/2007 10:23 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"dmsrf.exe"="C:\Windows\system32\dmsrf.exe" [11/15/2007 06:07 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 08:51 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe" [11/02/2006 03:45 AM C:\Windows\System32\rundll32.exe]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 06:36 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:35 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [10/09/2007 06:56 PM]
"dmxsx.tmp"="C:\Windows\system32\dmxsx.tmp" []
"dmqkn.tmp"="C:\Windows\system32\dmqkn.tmp" []
"dmked.tmp"="C:\Windows\system32\dmked.tmp" []
"dmihi.tmp"="C:\Windows\system32\dmihi.tmp" []
"dmdjv.tmp"="C:\Windows\system32\dmdjv.tmp" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [10/23/2007 02:18 PM]
"dmujl.tmp"="C:\Windows\system32\dmujl.tmp" []

C:\Users\skrunch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [11/4/2007 8:56:51 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/25/2007 5:06:18 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 8:26:24 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 5:13:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c8f4453-834c-11dc-8b6d-806e6f6e6963}]
AutoRun\command- E:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7517 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-12-09 09:35:46 ------------




EXTRA

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 2037.57 MiB / 1053.34 MiB
Pagefile Memory (total/avail): 4292.15 MiB / 3100.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.19 MiB

C: is Fixed (NTFS) - 136.47 GiB total, 41.99 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.99 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - Hitachi HTS722016K9A300 - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 78.41 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 136.47 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Spy Sweeper v5.5.7.103 (Webroot Software Inc) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\skrunch\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SKRUNCH-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\skrunch
LOCALAPPDATA=C:\Users\skrunch\AppData\Local
LOGONSERVER=\\SKRUNCH-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\skrunch\AppData\Local\Temp
TMP=C:\Users\skrunch\AppData\Local\Temp
USERDOMAIN=skrunch-PC
USERNAME=skrunch
USERPROFILE=C:\Users\skrunch
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

skrunch

pynfmly
2007-12-09, 21:37
-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Another Matrix Screen Saver --> "C:\Program Files\Another Matrix Screen Saver\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Broadcom Management Programs --> MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\Setup.exe" -l0x9 /remove
Cucusoft DVD to iPod + iPod Video Converter Suite 3.16.3.29 --> "C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
Dell DataSafe Online --> MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzscr01.exe -datfile hposcr14.dat
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 8 Demo --> MsiExec.exe /X{9BF1DD9D-DB81-46BD-9807-E3D1E5CC1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickSet --> MsiExec.exe /I{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Replay AV 8 --> C:\Windows\iun6002.exe "C:\Program Files\Replay AV 8\uninstall8.ini"
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sound Blaster Audigy ADVANCED MB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Super DVD Creator 9.25.0 --> "C:\Program Files\Super DVD Creator 9.25.0\unins000.exe"
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Nightlife --> C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business --> C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Webshots Desktop --> C:\PROGRA~1\Webshots\UNWISE.EXE C:\PROGRA~1\Webshots\INSTALL.LOG
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 4.0.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}


-- Application Event Log -------------------------------------------------------

Event Record #/Type17745 / Error
Event Submitted/Written: 12/08/2007 06:12:52 PM
Event ID/Source: 5007 / WerSvc
Event Description:
The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Event Record #/Type17736 / Success
Event Submitted/Written: 12/08/2007 06:12:32 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type17732 / Success
Event Submitted/Written: 12/08/2007 06:12:31 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type17726 / Success
Event Submitted/Written: 12/08/2007 06:11:38 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type17713 / Warning
Event Submitted/Written: 12/08/2007 06:10:25 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
4 user registry handles leaked from \Registry\User\S-1-5-21-2894344637-584356251-598915129-1000:
Process 4488 (\Device\HarddiskVolume3\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2894344637-584356251-598915129-1000
Process 4488 (\Device\HarddiskVolume3\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2894344637-584356251-598915129-1000
Process 4488 (\Device\HarddiskVolume3\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2894344637-584356251-598915129-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 4488 (\Device\HarddiskVolume3\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2894344637-584356251-598915129-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21171 / Warning
Event Submitted/Written: 12/09/2007 09:02:43 AM
Event ID/Source: 51 / cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type21169 / Warning
Event Submitted/Written: 12/09/2007 08:56:39 AM
Event ID/Source: 51 / cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type21168 / Warning
Event Submitted/Written: 12/09/2007 08:56:29 AM
Event ID/Source: 51 / cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type21167 / Warning
Event Submitted/Written: 12/09/2007 08:56:22 AM
Event ID/Source: 51 / cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type21166 / Warning
Event Submitted/Written: 12/09/2007 08:56:22 AM
Event ID/Source: 51 / cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.



-- End of Deckard's System Scanner: finished at 2007-12-09 09:35:46 ------------

katana
2007-12-09, 22:20
Disable Windows Defender
Please disable Windows Defender Real Time Protection as it may interfere with the fix. To disable Windows Defender:

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
Close Windows Defender


Disable SpySweeper
If you have Spy Sweeper version 4:
Open it, Click Options over on the left, then Program options
Uncheck load at windows startup.
Over to the left, Click shields and Uncheck all there.
Uncheck home page shield.
Uncheck automatically restore default without notification.
Reboot your computer, and verify SpySweeper is disabled.

If you have SpySweeper version 5:
Open SpySweeper, click Shield Settings on the right
(or Shields on the left, depending what screen you're on).
Click Internet Explorer and uncheck all items.
Click Windows System and uncheck all items.
Click Hosts File and uncheck all items.
Click Startup Programs and uncheck all items.
Close SpySweeper.
Reboot your computer, and verify Spy Sweeper is disabled.

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines

O4 - HKLM\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKCU\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKCU\..\Run: [dmodb.tmp] C:\Windows\system32\dmodb.tmp
O4 - HKCU\..\Run: [dmpig.tmp] C:\Windows\system32\dmpig.tmp
O4 - HKCU\..\Run: [dmhlm.tmp] C:\Windows\system32\dmhlm.tmp
O4 - HKCU\..\Run: [dmfiw.tmp] C:\Windows\system32\dmfiw.tmp
O4 - HKCU\..\Run: [dmxwx.tmp] C:\Windows\system32\dmxwx.tmp
O4 - HKCU\..\Run: [dmjsd.tmp] C:\Windows\system32\dmjsd.tmp
O4 - HKCU\..\Run: [dmgqp.tmp] C:\Windows\system32\dmgqp.tmp
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

OTMoveIt
Please download OTMoveIt by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe).

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Windows\system32\kdenf.exe
C:\Windows\system32\dmsrf.exe
C:\Windows\system32\dmpyt.exe
C:\Windows\system32\dmlze.exe
C:\Windows\system32\dmhvy.exe
C:\Windows\system32\dmhtc.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt
Copy and paste the contents of the results box as a reply to this topic

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\\_OTMoveIt\\MovedFiles\\********_******.log
(where "********_******" is the "date_time")

Deckard's System Scanner
Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - main.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your reply

(NOTE: Only one file will be created this time)

pynfmly
2007-12-10, 03:18
Hey,
I have a few questions for clarification before I do these tasks...

1. For the Windows defender task...it is already disabled...so as long as it stays disabled then I do not need to take action there correct?

2. I have spysweeper 5.5 but my tabs are a little different than the steps indicate. For instance I do not have a tab labeled "Hosts File". Everything I unchecked previously is still unchecked. What should I do for that?

3. For the HJT step the only line of text in my log was "O4 - HKLM\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe" I do not have any of the others...what should I do?

I stopped there and decided to ask this list of questions before moving on...
Thanks for helping...just let me know what I should do now...

katana
2007-12-10, 11:54
1) As long as Defender is not running when you you HJT that is fine, I included that because the DSS log showed it as running at boot up.

2) It doesn't matter about the Hosts tab in SpySweeper, we are not altering the host file.

3) Just fix what you can see in HJT, and then post the log I requested.

That is great, I would rather you ask than just plunge forward if you are unsure :bigthumb:

pynfmly
2007-12-11, 13:28
Please note: Due to length, part of the DSS file is listed in a separate post***
Here is the Move it text
File move failed. C:\Windows\system32\kdenf.exe scheduled to be moved on reboot.
File move failed. C:\Windows\system32\dmsrf.exe scheduled to be moved on reboot.
File move failed. C:\Windows\system32\dmpyt.exe scheduled to be moved on reboot.
File move failed. C:\Windows\system32\dmlze.exe scheduled to be moved on reboot.
File move failed. C:\Windows\system32\dmhvy.exe scheduled to be moved on reboot.
File move failed. C:\Windows\system32\dmhtc.exe scheduled to be moved on reboot.

Created on 12/11/2007 05:13:24


Here is the DSS Main file text

Deckard's System Scanner v20071014.68
Run by skrunch on 2007-12-11 05:19:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as skrunch.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:47 AM, on 12/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Users\skrunch\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\skrunch.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dmsrf.exe] C:\Windows\system32\dmsrf.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [dmxsx.tmp] C:\Windows\system32\dmxsx.tmp
O4 - HKCU\..\Run: [dmqkn.tmp] C:\Windows\system32\dmqkn.tmp
O4 - HKCU\..\Run: [dmked.tmp] C:\Windows\system32\dmked.tmp
O4 - HKCU\..\Run: [dmihi.tmp] C:\Windows\system32\dmihi.tmp
O4 - HKCU\..\Run: [dmdjv.tmp] C:\Windows\system32\dmdjv.tmp
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [dmujl.tmp] C:\Windows\system32\dmujl.tmp
O4 - HKCU\..\Run: [dmuni.tmp] C:\Windows\system32\dmuni.tmp
O4 - HKCU\..\Run: [dmtcb.tmp] C:\Windows\system32\dmtcb.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10885 bytes

-- Files created between 2007-11-11 and 2007-12-11 -----------------------------

pynfmly
2007-12-11, 13:29
2007-12-10 06:03:36 0 d-------- C:\Program Files\Audible
2007-12-09 08:00:13 0 d-------- C:\Shrink Temps
2007-12-09 07:28:20 47360 --a------ C:\Windows\system32\drivers\Pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-09 07:28:06 0 d-------- C:\Program Files\Super DVD Creator 9.25.0
2007-12-08 17:58:46 0 d-------- C:\Users\All Users\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Common Files\Nero
2007-12-05 23:31:17 0 d-------- C:\Ripped
2007-12-05 23:25:41 0 d-------- C:\Users\All Users\DVD Shrink
2007-12-05 23:25:38 0 d-------- C:\Program Files\DVD Shrink
2007-12-05 13:04:47 0 d-------- C:\Napoleon
2007-12-01 16:03:22 0 d-------- C:\Program Files\Common Files\Steam
2007-12-01 16:03:18 0 d-------- C:\Program Files\Steam
2007-11-27 20:55:29 0 d-------- C:\Program Files\Trend Micro
2007-11-27 06:26:41 0 d-------- C:\Program Files\CCleaner
2007-11-26 01:22:44 0 d-------- C:\Program Files\Another Matrix Screen Saver
2007-11-22 16:11:49 0 d-------- C:\Program Files\VideoLAN
2007-11-22 12:36:30 0 d-------- C:\Program Files\DV Series
2007-11-22 12:35:57 0 -rahs---- C:\MSDOS.SYS
2007-11-22 12:35:57 0 -rahs---- C:\IO.SYS
2007-11-21 05:53:25 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-11-21 05:32:08 0 d-------- C:\Program Files\STOPzilla!
2007-11-21 05:32:06 0 d-------- C:\Program Files\Common Files\iS3
2007-11-21 05:32:05 0 d-------- C:\Users\All Users\STOPzilla!
2007-11-20 21:10:10 0 d-------- C:\Program Files\Coupons
2007-11-20 21:10:09 31 --ah----- C:\Windows\uccspecc.sys
2007-11-18 13:41:19 0 d-------- C:\Users\All Users\Webroot
2007-11-18 13:41:19 0 d-------- C:\Program Files\Webroot
2007-11-18 13:40:56 164 --a------ C:\install.dat
2007-11-18 12:55:55 0 d-------- C:\Program Files\Lavasoft
2007-11-18 12:55:54 0 d-------- C:\Users\All Users\Lavasoft
2007-11-18 12:54:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 21:35:05 0 d-------- C:\Windows\PCHEALTH
2007-11-16 21:35:05 0 d-------- C:\Program Files\Microsoft.NET
2007-11-16 21:32:18 0 d-------- C:\Users\All Users\Microsoft Help
2007-11-16 21:31:32 0 dr-h----- C:\MSOCache
2007-11-15 06:07:39 72214 --a------ C:\Windows\system32\kdenf.exe
2007-11-15 06:07:39 67622 --a------ C:\Windows\system32\dmsrf.exe
2007-11-15 06:07:39 67622 --a------ C:\Windows\system32\dmpyt.exe
2007-11-15 06:07:39 67622 --a------ C:\Windows\system32\dmlze.exe
2007-11-15 06:07:39 67622 --a------ C:\Windows\system32\dmhvy.exe
2007-11-15 06:07:39 67622 --a------ C:\Windows\system32\dmhtc.exe
2007-11-14 21:25:43 0 d-------- C:\Program Files\Dell Support Center
2007-11-14 21:25:39 0 d-------- C:\Program Files\Common Files\supportsoft
2007-11-14 20:41:40 0 d-------- C:\Program Files\uTorrent
2007-11-14 19:53:09 0 d-------- C:\MTK Recording Volume


-- Find3M Report ---------------------------------------------------------------

2007-12-11 05:15:46 0 d-------- C:\Program Files\McAfee
2007-12-11 05:05:38 0 d-------- C:\Users\skrunch\AppData\Roaming\uTorrent
2007-12-08 18:03:28 0 d-------- C:\Users\skrunch\AppData\Roaming\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Common Files
2007-12-05 23:40:11 0 d-------- C:\Program Files\Google
2007-12-04 21:25:21 0 d-------- C:\Users\skrunch\AppData\Roaming\CyberLink
2007-11-22 16:14:46 0 d-------- C:\Users\skrunch\AppData\Roaming\vlc
2007-11-18 17:38:40 0 d-------- C:\Users\skrunch\AppData\Roaming\MusicNet
2007-11-18 13:41:19 0 d-------- C:\Users\skrunch\AppData\Roaming\Webroot
2007-11-16 21:36:08 0 d-------- C:\Program Files\Microsoft Works
2007-11-15 06:05:15 0 d-------- C:\Program Files\Windows Mail
2007-11-14 23:06:17 0 d-------- C:\Users\skrunch\AppData\Roaming\Roxio
2007-11-09 00:01:39 0 d-------- C:\Users\skrunch\AppData\Roaming\WinRAR
2007-11-08 06:08:59 0 d-------- C:\Program Files\iTunes
2007-11-08 06:08:45 0 d-------- C:\Program Files\iPod
2007-11-08 06:06:08 0 d-------- C:\Program Files\QuickTime
2007-11-07 20:56:04 0 d-------- C:\Program Files\SigmaTel
2007-11-07 20:55:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-04 08:56:55 0 d-------- C:\Users\skrunch\AppData\Roaming\Webshots
2007-11-04 08:56:55 0 d-------- C:\Program Files\Webshots
2007-11-03 21:19:38 0 d-------- C:\Program Files\EA GAMES
2007-11-03 11:07:56 141132 --a------ C:\Windows\hpoins14.dat
2007-11-03 11:05:46 0 d-------- C:\Program Files\HP
2007-11-03 11:05:33 0 d-------- C:\Users\skrunch\AppData\Roaming\HPAppData
2007-11-03 11:03:06 0 d-------- C:\Program Files\Common Files\HP
2007-11-03 11:02:38 0 d-------- C:\Program Files\Hewlett-Packard
2007-11-03 11:02:20 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-11-03 10:45:36 0 d-------- C:\Program Files\Cucusoft
2007-11-03 10:34:21 0 d-------- C:\Program Files\Replay AV 8
2007-11-03 10:32:09 0 d-------- C:\Program Files\WinPcap
2007-11-03 10:29:30 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-11-01 20:05:42 0 d-------- C:\Users\skrunch\AppData\Roaming\Adobe
2007-10-31 17:04:48 0 d--h----- C:\Users\skrunch\AppData\Roaming\GTek
2007-10-30 22:11:35 0 d-------- C:\Users\skrunch\AppData\Roaming\Apple Computer
2007-10-30 22:09:01 0 d-------- C:\Program Files\Apple Software Update
2007-10-30 22:07:49 0 d-------- C:\Program Files\Common Files\Apple
2007-10-30 22:04:30 0 --a------ C:\Windows\nsreg.dat
2007-10-30 22:04:28 0 d-------- C:\Users\skrunch\AppData\Roaming\Mozilla
2007-10-30 20:07:46 0 d-------- C:\Program Files\Microsoft FrontPage
2007-10-30 20:05:25 0 d-------- C:\Users\skrunch\AppData\Roaming\Microsoft Web Folders
2007-10-30 19:11:51 0 d-------- C:\Users\skrunch\AppData\Roaming\Google
2007-10-30 18:54:31 0 d-------- C:\Users\skrunch\AppData\Roaming\Macromedia
2007-10-30 18:47:31 174 --ahs---- C:\Program Files\desktop.ini
2007-10-30 18:44:40 0 d-------- C:\Program Files\Windows Calendar
2007-10-30 18:35:19 0 d-------- C:\Program Files\MSXML 4.0
2007-10-30 18:27:22 0 d-------- C:\Users\skrunch\AppData\Roaming\Identities
2007-10-26 00:47:55 0 d-------- C:\Program Files\DellTPad
2007-10-26 00:41:44 0 d-------- C:\Program Files\Windows Defender
2007-10-25 17:23:26 0 d-------- C:\Program Files\Dell
2007-10-25 17:19:40 0 d-------- C:\Program Files\Common Files\McAfee
2007-10-25 17:19:31 0 d-------- C:\Program Files\McAfee.com
2007-10-25 17:18:38 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-25 17:18:11 0 d-------- C:\Program Files\Dell DataSafe Online
2007-10-25 17:17:17 0 d-------- C:\Program Files\Yahoo!
2007-10-25 17:16:30 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-10-25 17:14:59 0 d-------- C:\Program Files\DellSupport
2007-10-25 17:13:25 0 d-------- C:\Program Files\CyberLink
2007-10-25 17:11:52 0 d-------- C:\Program Files\Roxio
2007-10-25 17:11:39 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-25 17:10:34 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-25 17:09:27 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-25 17:08:09 0 d--h----- C:\Program Files\Creative Installation Information
2007-10-25 17:07:38 0 d-------- C:\Program Files\Creative
2007-10-25 17:07:31 0 d-------- C:\Program Files\Common Files\Creative
2007-10-25 17:07:12 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-10-25 17:07:12 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-10-25 17:06:36 0 d-------- C:\Program Files\Common Files\Creative Labs Shared
2007-10-25 17:06:29 0 d-------- C:\Program Files\Broadcom
2007-10-25 17:06:19 0 d-------- C:\Program Files\Digital Line Detect
2007-10-25 17:05:50 0 d-------- C:\Program Files\NetWaiting
2007-10-25 17:05:25 0 d-------- C:\Program Files\Modem Diagnostic Tool
2007-10-25 17:00:27 0 d-------- C:\Program Files\Java
2007-10-25 17:00:27 0 d-------- C:\Program Files\Common Files\Java
2007-10-25 16:52:54 0 d-------- C:\Program Files\CONEXANT


-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 03:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 05:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/26/2007 12:41 AM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [04/17/2007 09:31 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [07/01/2007 11:14 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [07/01/2007 11:13 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [07/01/2007 11:14 PM]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [11/27/2006 08:14 AM]
"UpdReg"="C:\Windows\UpdReg.EXE" [05/11/2000 12:00 AM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [03/21/2007 01:33 PM]
"@"="" []
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 06:57 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 09:33 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 08:34 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [09/07/2007 10:23 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"dmsrf.exe"="C:\Windows\system32\dmsrf.exe" [11/15/2007 06:07 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 08:51 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe" [11/02/2006 03:45 AM C:\Windows\System32\rundll32.exe]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 06:36 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:35 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [10/09/2007 06:56 PM]
"dmxsx.tmp"="C:\Windows\system32\dmxsx.tmp" []
"dmqkn.tmp"="C:\Windows\system32\dmqkn.tmp" []
"dmked.tmp"="C:\Windows\system32\dmked.tmp" []
"dmihi.tmp"="C:\Windows\system32\dmihi.tmp" []
"dmdjv.tmp"="C:\Windows\system32\dmdjv.tmp" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [10/23/2007 02:18 PM]
"dmujl.tmp"="C:\Windows\system32\dmujl.tmp" []
"dmuni.tmp"="C:\Windows\system32\dmuni.tmp" []
"dmtcb.tmp"="C:\Windows\system32\dmtcb.tmp" []

C:\Users\skrunch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [11/4/2007 8:56:51 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/25/2007 5:06:18 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 8:26:24 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 5:13:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-12-11 05:20:37 ------------

katana
2007-12-11, 14:54
It look like this one isn't giving in without a fight

Please make sure you do the following in the order they are given


Reboot in safe mode
You will now need to reboot in safe mode, you will not have internet access whilst you do the next part
Please copy/paste or print the following instructions.

To reboot in safe mode
You can boot in Safe Mode by restarting your computer, then continually tapping F8 until a menu appears.
Use your up arrow key to highlight Safe Mode, then hit enter.

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines

O4 - HKCU\..\Run: [dmxsx.tmp] C:\Windows\system32\dmxsx.tmp
O4 - HKCU\..\Run: [dmqkn.tmp] C:\Windows\system32\dmqkn.tmp
O4 - HKCU\..\Run: [dmked.tmp] C:\Windows\system32\dmked.tmp
O4 - HKCU\..\Run: [dmihi.tmp] C:\Windows\system32\dmihi.tmp
O4 - HKCU\..\Run: [dmdjv.tmp] C:\Windows\system32\dmdjv.tmp
O4 - HKCU\..\Run: [dmujl.tmp] C:\Windows\system32\dmujl.tmp
O4 - HKCU\..\Run: [dmuni.tmp] C:\Windows\system32\dmuni.tmp
O4 - HKCU\..\Run: [dmtcb.tmp] C:\Windows\system32\dmtcb.tmp
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

OTMoveIt
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Windows\system32\dmxsx.tmp
C:\Windows\system32\dmqkn.tmp
C:\Windows\system32\dmked.tmp
C:\Windows\system32\dmihi.tmp
C:\Windows\system32\dmdjv.tmp
C:\Windows\system32\dmujl.tmp
C:\Windows\system32\dmuni.tmp
C:\Windows\system32\dmtcb.tmp
C:\Windows\system32\kdenf.exe
C:\Windows\system32\dmsrf.exe
C:\Windows\system32\dmpyt.exe
C:\Windows\system32\dmlze.exe
C:\Windows\system32\dmhvy.exe
C:\Windows\system32\dmhtc.exe

. Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt



Please reboot your computer to normal mode

Deckard's System Scanner
Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - main.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your reply

(NOTE: Only one file will be created this time)

pynfmly
2007-12-12, 13:54
Please note: Due to post length the DSS log will be posted in 2 posts

--------------------------------------------------------------------------------



-- HijackThis (run as skrunch.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:32 AM, on 12/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Users\skrunch\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\skrunch.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10004 bytes

-- Files created between 2007-11-12 and 2007-12-12 -----------------------------

2007-12-11 11:39:03 0 d-------- C:\THE_EX
2007-12-11 11:00:12 0 d-------- C:\I_NOW_PRONOUNCE_CHUCK_LARRY
2007-12-10 06:03:36 0 d-------- C:\Program Files\Audible
2007-12-09 08:00:13 0 d-------- C:\Shrink Temps
2007-12-09 07:28:20 47360 --a------ C:\Windows\system32\drivers\Pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-09 07:28:06 0 d-------- C:\Program Files\Super DVD Creator 9.25.0
2007-12-08 17:58:46 0 d-------- C:\Users\All Users\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Common Files\Nero
2007-12-05 23:31:17 0 d-------- C:\Ripped
2007-12-05 23:25:41 0 d-------- C:\Users\All Users\DVD Shrink
2007-12-05 23:25:38 0 d-------- C:\Program Files\DVD Shrink
2007-12-05 13:04:47 0 d-------- C:\Napoleon
2007-12-01 16:03:22 0 d-------- C:\Program Files\Common Files\Steam
2007-12-01 16:03:18 0 d-------- C:\Program Files\Steam
2007-11-27 20:55:29 0 d-------- C:\Program Files\Trend Micro
2007-11-27 06:26:41 0 d-------- C:\Program Files\CCleaner
2007-11-26 01:22:44 0 d-------- C:\Program Files\Another Matrix Screen Saver
2007-11-22 16:11:49 0 d-------- C:\Program Files\VideoLAN
2007-11-22 12:36:30 0 d-------- C:\Program Files\DV Series
2007-11-22 12:35:57 0 -rahs---- C:\MSDOS.SYS
2007-11-22 12:35:57 0 -rahs---- C:\IO.SYS
2007-11-21 05:53:25 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-11-21 05:32:08 0 d-------- C:\Program Files\STOPzilla!
2007-11-21 05:32:06 0 d-------- C:\Program Files\Common Files\iS3
2007-11-21 05:32:05 0 d-------- C:\Users\All Users\STOPzilla!
2007-11-20 21:10:10 0 d-------- C:\Program Files\Coupons
2007-11-20 21:10:09 31 --ah----- C:\Windows\uccspecc.sys
2007-11-18 13:41:19 0 d-------- C:\Users\All Users\Webroot
2007-11-18 13:41:19 0 d-------- C:\Program Files\Webroot
2007-11-18 13:40:56 164 --a------ C:\install.dat
2007-11-18 12:55:55 0 d-------- C:\Program Files\Lavasoft
2007-11-18 12:55:54 0 d-------- C:\Users\All Users\Lavasoft
2007-11-18 12:54:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 21:35:05 0 d-------- C:\Windows\PCHEALTH
2007-11-16 21:35:05 0 d-------- C:\Program Files\Microsoft.NET
2007-11-16 21:32:18 0 d-------- C:\Users\All Users\Microsoft Help
2007-11-16 21:31:32 0 dr-h----- C:\MSOCache
2007-11-14 21:25:43 0 d-------- C:\Program Files\Dell Support Center
2007-11-14 21:25:39 0 d-------- C:\Program Files\Common Files\supportsoft
2007-11-14 20:41:40 0 d-------- C:\Program Files\uTorrent
2007-11-14 19:53:09 0 d-------- C:\MTK Recording Volume

pynfmly
2007-12-12, 13:55
-- Find3M Report ---------------------------------------------------------------

2007-12-12 05:32:15 0 d-------- C:\Users\skrunch\AppData\Roaming\uTorrent
2007-12-12 03:55:16 0 d-------- C:\Program Files\McAfee
2007-12-08 18:03:28 0 d-------- C:\Users\skrunch\AppData\Roaming\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Common Files
2007-12-05 23:40:11 0 d-------- C:\Program Files\Google
2007-12-04 21:25:21 0 d-------- C:\Users\skrunch\AppData\Roaming\CyberLink
2007-11-22 16:14:46 0 d-------- C:\Users\skrunch\AppData\Roaming\vlc
2007-11-18 17:38:40 0 d-------- C:\Users\skrunch\AppData\Roaming\MusicNet
2007-11-18 13:41:19 0 d-------- C:\Users\skrunch\AppData\Roaming\Webroot
2007-11-16 21:36:08 0 d-------- C:\Program Files\Microsoft Works
2007-11-15 06:05:15 0 d-------- C:\Program Files\Windows Mail
2007-11-14 23:06:17 0 d-------- C:\Users\skrunch\AppData\Roaming\Roxio
2007-11-09 00:01:39 0 d-------- C:\Users\skrunch\AppData\Roaming\WinRAR
2007-11-08 06:08:59 0 d-------- C:\Program Files\iTunes
2007-11-08 06:08:45 0 d-------- C:\Program Files\iPod
2007-11-08 06:06:08 0 d-------- C:\Program Files\QuickTime
2007-11-07 20:56:04 0 d-------- C:\Program Files\SigmaTel
2007-11-07 20:55:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-04 08:56:55 0 d-------- C:\Users\skrunch\AppData\Roaming\Webshots
2007-11-04 08:56:55 0 d-------- C:\Program Files\Webshots
2007-11-03 21:19:38 0 d-------- C:\Program Files\EA GAMES
2007-11-03 11:07:56 141132 --a------ C:\Windows\hpoins14.dat
2007-11-03 11:05:46 0 d-------- C:\Program Files\HP
2007-11-03 11:05:33 0 d-------- C:\Users\skrunch\AppData\Roaming\HPAppData
2007-11-03 11:03:06 0 d-------- C:\Program Files\Common Files\HP
2007-11-03 11:02:38 0 d-------- C:\Program Files\Hewlett-Packard
2007-11-03 11:02:20 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-11-03 10:45:36 0 d-------- C:\Program Files\Cucusoft
2007-11-03 10:34:21 0 d-------- C:\Program Files\Replay AV 8
2007-11-03 10:32:09 0 d-------- C:\Program Files\WinPcap
2007-11-03 10:29:30 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-11-01 20:05:42 0 d-------- C:\Users\skrunch\AppData\Roaming\Adobe
2007-10-31 17:04:48 0 d--h----- C:\Users\skrunch\AppData\Roaming\GTek
2007-10-30 22:11:35 0 d-------- C:\Users\skrunch\AppData\Roaming\Apple Computer
2007-10-30 22:09:01 0 d-------- C:\Program Files\Apple Software Update
2007-10-30 22:07:49 0 d-------- C:\Program Files\Common Files\Apple
2007-10-30 22:04:30 0 --a------ C:\Windows\nsreg.dat
2007-10-30 22:04:28 0 d-------- C:\Users\skrunch\AppData\Roaming\Mozilla
2007-10-30 20:07:46 0 d-------- C:\Program Files\Microsoft FrontPage
2007-10-30 20:05:25 0 d-------- C:\Users\skrunch\AppData\Roaming\Microsoft Web Folders
2007-10-30 19:11:51 0 d-------- C:\Users\skrunch\AppData\Roaming\Google
2007-10-30 18:54:31 0 d-------- C:\Users\skrunch\AppData\Roaming\Macromedia
2007-10-30 18:47:31 174 --ahs---- C:\Program Files\desktop.ini
2007-10-30 18:44:40 0 d-------- C:\Program Files\Windows Calendar
2007-10-30 18:35:19 0 d-------- C:\Program Files\MSXML 4.0
2007-10-30 18:27:22 0 d-------- C:\Users\skrunch\AppData\Roaming\Identities
2007-10-26 00:47:55 0 d-------- C:\Program Files\DellTPad
2007-10-26 00:41:44 0 d-------- C:\Program Files\Windows Defender
2007-10-25 17:23:26 0 d-------- C:\Program Files\Dell
2007-10-25 17:19:40 0 d-------- C:\Program Files\Common Files\McAfee
2007-10-25 17:19:31 0 d-------- C:\Program Files\McAfee.com
2007-10-25 17:18:38 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-25 17:18:11 0 d-------- C:\Program Files\Dell DataSafe Online
2007-10-25 17:17:17 0 d-------- C:\Program Files\Yahoo!
2007-10-25 17:16:30 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-10-25 17:14:59 0 d-------- C:\Program Files\DellSupport
2007-10-25 17:13:25 0 d-------- C:\Program Files\CyberLink
2007-10-25 17:11:52 0 d-------- C:\Program Files\Roxio
2007-10-25 17:11:39 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-25 17:10:34 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-25 17:09:27 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-25 17:08:09 0 d--h----- C:\Program Files\Creative Installation Information
2007-10-25 17:07:38 0 d-------- C:\Program Files\Creative
2007-10-25 17:07:31 0 d-------- C:\Program Files\Common Files\Creative
2007-10-25 17:07:12 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-10-25 17:07:12 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-10-25 17:06:36 0 d-------- C:\Program Files\Common Files\Creative Labs Shared
2007-10-25 17:06:29 0 d-------- C:\Program Files\Broadcom
2007-10-25 17:06:19 0 d-------- C:\Program Files\Digital Line Detect
2007-10-25 17:05:50 0 d-------- C:\Program Files\NetWaiting
2007-10-25 17:05:25 0 d-------- C:\Program Files\Modem Diagnostic Tool
2007-10-25 17:00:27 0 d-------- C:\Program Files\Java
2007-10-25 17:00:27 0 d-------- C:\Program Files\Common Files\Java
2007-10-25 16:52:54 0 d-------- C:\Program Files\CONEXANT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 03:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 05:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/26/2007 12:41 AM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [04/17/2007 09:31 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [07/01/2007 11:14 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [07/01/2007 11:13 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [07/01/2007 11:14 PM]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [11/27/2006 08:14 AM]
"UpdReg"="C:\Windows\UpdReg.EXE" [05/11/2000 12:00 AM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [03/21/2007 01:33 PM]
"@"="" []
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 06:57 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 09:33 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 08:34 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [09/07/2007 10:23 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 08:51 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 06:36 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:35 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [10/09/2007 06:56 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [10/23/2007 02:18 PM]

C:\Users\skrunch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [11/4/2007 8:56:51 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/25/2007 5:06:18 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 8:26:24 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 5:13:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-12-12 05:51:38 ------------

katana
2007-12-12, 15:13
:wav: That looks like it worked :D:

Let's do a last scan to make sure we got everything

Kaspersky Online Scanner .

Go Here http://www.kaspersky.com/virusscanner ( please use IE. and allow active X)

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post the report in your reply.

pynfmly
2007-12-14, 06:29
Once again there two separate posts


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, December 13, 2007 10:22:20 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/12/2007
Kaspersky Anti-Virus database records: 481915
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 104999
Number of viruses found: 2
Number of infected objects: 53
Number of suspicious objects: 0
Duration of the scan process: 01:57:23

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\20071211051917\backup\Users\skrunch\AppData\Local\Temp\NERO14210\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A81000000003}\Enterprise.mnt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.ilg Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU18FC.txt Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\ProgramData\McAfee\MNA\NAData Object is locked skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Data\TFRF758.tmp Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dell.txt Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dfee9266286073de0835d49fa86e476f_9963db8b-1c5d-4e0c-86cb-d93489e8d1a7 Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Users\skrunch\AppData\Local\Ahead\Nero Home\bl.db Object is locked skipped
C:\Users\skrunch\AppData\Local\Ahead\Nero Home\is2.db Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012007121320071214\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\UsrClass.dat{b1379d3d-8745-11dc-84a7-001c23adc912}.TM.blf Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\UsrClass.dat{b1379d3d-8745-11dc-84a7-001c23adc912}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\UsrClass.dat{b1379d3d-8745-11dc-84a7-001c23adc912}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\skrunch\AppData\Local\SupportSoft\DellSupportCenter\skrunch\state\logs\sprtcmd.log Object is locked skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmahu.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmarb.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmbhm.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmcue.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmeqy.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmfqi.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmgqk.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmgyx.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhmb.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhtj.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhwu.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmijp.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmilt.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmilw.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmirz.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmjam.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmjou.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmkth.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmkwf.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlpx.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlqu.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlsa.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmmir.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmmsn.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmpyy.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmqnc.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmqyc.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmtdt.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmuca.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmues.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmuhg.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwad.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwce.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwte.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxbc.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxna.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxrq.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmzfv.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmzun.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Roaming\Webroot\Spy Sweeper\Logs\071213194137.ses Object is locked skipped
C:\Users\skrunch\Desktop\Downloads\Nero-8.1.1.4_eng_trial_wch.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Users\skrunch\Desktop\Downloads\Nero-8.1.1.4_eng_trial_wch.exe 7-Zip: infected - 1 skipped
C:\Users\skrunch\NTUSER.DAT Object is locked skipped
C:\Users\skrunch\ntuser.dat.LOG1 Object is locked skipped
C:\Users\skrunch\ntuser.dat.LOG2 Object is locked skipped
C:\Users\skrunch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\skrunch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\skrunch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\setupact.log Object is locked skipped
C:\Windows\Panther\setuperr.log Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped

pynfmly
2007-12-14, 06:29
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Broadcom Wireless LAN.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\McDefragTask.job Object is locked skipped
C:\Windows\Tasks\McQcTask.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmfiw.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmgqp.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmhlm.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmhtc.exe Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmhvy.exe Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmjsd.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmlze.exe Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmodb.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmpig.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmpyt.exe Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmxwx.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
D:\Windows\security\database\secedit.sdb Object is locked skipped

Scan process completed.

katana
2007-12-14, 10:30
OTMoveIt
Please download OTMoveIt by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe).

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmahu.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmarb.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmbhm.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmcue.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmeqy.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmfqi.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmgqk.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmgyx.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhmb.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhtj.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhwu.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmijp.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmilt.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmilw.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmirz.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmjam.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmjou.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmkth.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmkwf.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlpx.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlqu.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlsa.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmmir.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmmsn.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmpyy.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmqnc.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmqyc.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmtdt.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmuca.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmues.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmuhg.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwad.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwce.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwte.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxbc.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxna.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxrq.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmzfv.tmp
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmzun.tmp

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt
Copy and paste the contents of the results box as a reply to this topic

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\\_OTMoveIt\\MovedFiles\\********_******.log
(where "********_******" is the "date_time")

Please post a fresh HJT log along with the OTMoveIt results

pynfmly
2007-12-14, 13:25
Here are the move it results

C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmahu.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmarb.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmbhm.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmcue.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmeqy.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmfqi.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmgqk.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmgyx.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhmb.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhtj.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhwu.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmijp.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmilt.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmilw.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmirz.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmjam.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmjou.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmkth.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmkwf.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlpx.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlqu.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlsa.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmmir.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmmsn.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmpyy.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmqnc.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmqyc.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmtdt.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmuca.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmues.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmuhg.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwad.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwce.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwte.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxbc.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxna.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxrq.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmzfv.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmzun.tmp moved successfully.

Created on 12/14/2007 05:20:09

pynfmly
2007-12-14, 13:33
Here is the HJT log...although it has the 12/12/07 date on it...I think that means this file is a duplicate of a previous file?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:32 AM, on 12/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Users\skrunch\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\skrunch.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10004 bytes

katana
2007-12-14, 13:39
That is an old one, I will need to see a fresh log to make sure the infection has not regenerated.

Please re-run HJT using the Do a system scan and save a log file button

pynfmly
2007-12-15, 17:15
I tried scanning and it gave me this log with the heading
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:32 AM, on 12/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

I tried restarting and rescanning to no avail...
I could do the DSS scan but I don't know if that will give you the info you are looking for...

Please let me know what you would like for me to do...

BTW...it has only just occurred to me that all of the security programs you had me turn off...are still off...should I be re-enabling them after I finish doing what you request each time?

sorry this is becoming so difficult-THANKS FOR YOUR HELP!!! :bow:

katana
2007-12-15, 23:11
It's better to leave Defender and Spysweeper until we are finished.

Yes, please do a DSS scan :bigthumb:

pynfmly
2007-12-16, 01:22
post #1

Deckard's System Scanner v20071014.68
Run by skrunch on 2007-12-15 17:08:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as skrunch.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:41 PM, on 12/15/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Webshots\webshots.scr
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\skrunch\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\skrunch.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10389 bytes

pynfmly
2007-12-16, 01:23
-- Files created between 2007-11-15 and 2007-12-15 -----------------------------

2007-12-13 15:33:00 0 d-------- C:\PLANES_TRAINS_AND_AUTOMOBILES
2007-12-13 12:37:57 0 d-------- C:\Program Files\DVDFab Platinum 3
2007-12-12 21:51:06 0 d-------- C:\Windows\system32\Kaspersky Lab
2007-12-11 11:39:03 0 d-------- C:\THE_EX
2007-12-11 11:00:12 0 d-------- C:\I_NOW_PRONOUNCE_CHUCK_LARRY
2007-12-10 06:03:36 0 d-------- C:\Program Files\Audible
2007-12-09 08:00:13 0 d-------- C:\Shrink Temps
2007-12-09 07:28:06 0 d-------- C:\Program Files\Super DVD Creator 9.25.0
2007-12-08 17:58:46 0 d-------- C:\Users\All Users\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Common Files\Nero
2007-12-05 23:31:17 0 d-------- C:\Ripped
2007-12-05 23:25:41 0 d-------- C:\Users\All Users\DVD Shrink
2007-12-05 23:25:38 0 d-------- C:\Program Files\DVD Shrink
2007-12-05 13:04:47 0 d-------- C:\Napoleon
2007-12-01 16:03:22 0 d-------- C:\Program Files\Common Files\Steam
2007-12-01 16:03:18 0 d-------- C:\Program Files\Steam
2007-11-27 20:55:29 0 d-------- C:\Program Files\Trend Micro
2007-11-27 06:26:41 0 d-------- C:\Program Files\CCleaner
2007-11-26 01:22:44 0 d-------- C:\Program Files\Another Matrix Screen Saver
2007-11-22 16:11:49 0 d-------- C:\Program Files\VideoLAN
2007-11-22 12:36:30 0 d-------- C:\Program Files\DV Series
2007-11-22 12:35:57 0 -rahs---- C:\MSDOS.SYS
2007-11-22 12:35:57 0 -rahs---- C:\IO.SYS
2007-11-21 05:53:25 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-11-21 05:32:08 0 d-------- C:\Program Files\STOPzilla!
2007-11-21 05:32:06 0 d-------- C:\Program Files\Common Files\iS3
2007-11-21 05:32:05 0 d-------- C:\Users\All Users\STOPzilla!
2007-11-20 21:10:10 0 d-------- C:\Program Files\Coupons
2007-11-20 21:10:09 31 --ah----- C:\Windows\uccspecc.sys
2007-11-18 13:41:19 0 d-------- C:\Users\All Users\Webroot
2007-11-18 13:41:19 0 d-------- C:\Program Files\Webroot
2007-11-18 13:40:56 164 --a------ C:\install.dat
2007-11-18 12:55:55 0 d-------- C:\Program Files\Lavasoft
2007-11-18 12:55:54 0 d-------- C:\Users\All Users\Lavasoft
2007-11-18 12:54:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 21:35:05 0 d-------- C:\Windows\PCHEALTH
2007-11-16 21:35:05 0 d-------- C:\Program Files\Microsoft.NET
2007-11-16 21:32:18 0 d-------- C:\Users\All Users\Microsoft Help
2007-11-16 21:31:32 0 dr-h----- C:\MSOCache


-- Find3M Report ---------------------------------------------------------------

2007-12-14 05:28:41 0 d-------- C:\Program Files\McAfee
2007-12-14 05:18:20 0 d-------- C:\Users\skrunch\AppData\Roaming\uTorrent
2007-12-13 23:31:06 0 d-------- C:\Users\skrunch\AppData\Roaming\Vso
2007-12-13 12:39:42 34 --a------ C:\Users\skrunch\AppData\Roaming\pcouffin.log
2007-12-13 12:38:05 7824 --a------ C:\Users\skrunch\AppData\Roaming\pcouffin.cat
2007-12-08 18:03:28 0 d-------- C:\Users\skrunch\AppData\Roaming\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Common Files
2007-12-05 23:40:11 0 d-------- C:\Program Files\Google
2007-12-04 21:25:21 0 d-------- C:\Users\skrunch\AppData\Roaming\CyberLink
2007-11-22 16:14:46 0 d-------- C:\Users\skrunch\AppData\Roaming\vlc
2007-11-18 17:38:40 0 d-------- C:\Users\skrunch\AppData\Roaming\MusicNet
2007-11-18 13:41:19 0 d-------- C:\Users\skrunch\AppData\Roaming\Webroot
2007-11-16 21:36:08 0 d-------- C:\Program Files\Microsoft Works
2007-11-15 06:05:15 0 d-------- C:\Program Files\Windows Mail
2007-11-14 23:06:17 0 d-------- C:\Users\skrunch\AppData\Roaming\Roxio
2007-11-14 21:26:19 0 d-------- C:\Program Files\Dell Support Center
2007-11-14 21:25:43 0 d-------- C:\Program Files\Common Files\supportsoft
2007-11-14 20:41:40 0 d-------- C:\Program Files\uTorrent
2007-11-09 00:01:39 0 d-------- C:\Users\skrunch\AppData\Roaming\WinRAR
2007-11-08 06:08:59 0 d-------- C:\Program Files\iTunes
2007-11-08 06:08:45 0 d-------- C:\Program Files\iPod
2007-11-08 06:06:08 0 d-------- C:\Program Files\QuickTime
2007-11-07 20:56:04 0 d-------- C:\Program Files\SigmaTel
2007-11-07 20:55:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-04 08:56:55 0 d-------- C:\Users\skrunch\AppData\Roaming\Webshots
2007-11-04 08:56:55 0 d-------- C:\Program Files\Webshots
2007-11-03 21:19:38 0 d-------- C:\Program Files\EA GAMES
2007-11-03 11:07:56 141132 --a------ C:\Windows\hpoins14.dat
2007-11-03 11:05:46 0 d-------- C:\Program Files\HP
2007-11-03 11:05:33 0 d-------- C:\Users\skrunch\AppData\Roaming\HPAppData
2007-11-03 11:03:06 0 d-------- C:\Program Files\Common Files\HP
2007-11-03 11:02:38 0 d-------- C:\Program Files\Hewlett-Packard
2007-11-03 11:02:20 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-11-03 10:45:36 0 d-------- C:\Program Files\Cucusoft
2007-11-03 10:34:21 0 d-------- C:\Program Files\Replay AV 8
2007-11-03 10:32:09 0 d-------- C:\Program Files\WinPcap
2007-11-03 10:29:30 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-11-01 20:05:42 0 d-------- C:\Users\skrunch\AppData\Roaming\Adobe
2007-10-31 17:04:48 0 d--h----- C:\Users\skrunch\AppData\Roaming\GTek
2007-10-30 22:11:35 0 d-------- C:\Users\skrunch\AppData\Roaming\Apple Computer
2007-10-30 22:09:01 0 d-------- C:\Program Files\Apple Software Update
2007-10-30 22:07:49 0 d-------- C:\Program Files\Common Files\Apple
2007-10-30 22:04:30 0 --a------ C:\Windows\nsreg.dat
2007-10-30 22:04:28 0 d-------- C:\Users\skrunch\AppData\Roaming\Mozilla
2007-10-30 20:07:46 0 d-------- C:\Program Files\Microsoft FrontPage
2007-10-30 20:05:25 0 d-------- C:\Users\skrunch\AppData\Roaming\Microsoft Web Folders
2007-10-30 19:11:51 0 d-------- C:\Users\skrunch\AppData\Roaming\Google
2007-10-30 18:54:31 0 d-------- C:\Users\skrunch\AppData\Roaming\Macromedia
2007-10-30 18:47:31 174 --ahs---- C:\Program Files\desktop.ini
2007-10-30 18:44:40 0 d-------- C:\Program Files\Windows Calendar
2007-10-30 18:35:19 0 d-------- C:\Program Files\MSXML 4.0
2007-10-30 18:27:22 0 d-------- C:\Users\skrunch\AppData\Roaming\Identities
2007-10-26 00:47:55 0 d-------- C:\Program Files\DellTPad
2007-10-26 00:41:44 0 d-------- C:\Program Files\Windows Defender
2007-10-25 17:23:26 0 d-------- C:\Program Files\Dell
2007-10-25 17:19:40 0 d-------- C:\Program Files\Common Files\McAfee
2007-10-25 17:19:31 0 d-------- C:\Program Files\McAfee.com
2007-10-25 17:18:38 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-25 17:18:11 0 d-------- C:\Program Files\Dell DataSafe Online
2007-10-25 17:17:17 0 d-------- C:\Program Files\Yahoo!
2007-10-25 17:16:30 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-10-25 17:14:59 0 d-------- C:\Program Files\DellSupport
2007-10-25 17:13:25 0 d-------- C:\Program Files\CyberLink
2007-10-25 17:11:52 0 d-------- C:\Program Files\Roxio
2007-10-25 17:11:39 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-25 17:10:34 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-25 17:09:27 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-25 17:08:09 0 d--h----- C:\Program Files\Creative Installation Information
2007-10-25 17:07:38 0 d-------- C:\Program Files\Creative
2007-10-25 17:07:31 0 d-------- C:\Program Files\Common Files\Creative
2007-10-25 17:07:12 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-10-25 17:07:12 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-10-25 17:06:36 0 d-------- C:\Program Files\Common Files\Creative Labs Shared
2007-10-25 17:06:29 0 d-------- C:\Program Files\Broadcom
2007-10-25 17:06:19 0 d-------- C:\Program Files\Digital Line Detect
2007-10-25 17:05:50 0 d-------- C:\Program Files\NetWaiting
2007-10-25 17:05:25 0 d-------- C:\Program Files\Modem Diagnostic Tool
2007-10-25 17:00:27 0 d-------- C:\Program Files\Java
2007-10-25 17:00:27 0 d-------- C:\Program Files\Common Files\Java
2007-10-25 16:52:54 0 d-------- C:\Program Files\CONEXANT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 03:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 05:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/26/2007 12:41 AM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [04/17/2007 09:31 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [07/01/2007 11:14 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [07/01/2007 11:13 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [07/01/2007 11:14 PM]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [11/27/2006 08:14 AM]
"UpdReg"="C:\Windows\UpdReg.EXE" [05/11/2000 12:00 AM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [03/21/2007 01:33 PM]
"@"="" []
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 06:57 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 09:33 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 08:34 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [09/07/2007 10:23 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 08:51 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 06:36 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:35 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [10/09/2007 06:56 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [10/23/2007 02:18 PM]

C:\Users\skrunch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [11/4/2007 8:56:51 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/25/2007 5:06:18 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 8:26:24 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 5:13:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-12-15 17:09:27 ------------

katana
2007-12-16, 01:38
Congratulations your logs look clean :D

Let’s see if I can help you keep it that way

First lets tidy up :D

Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.

Delete any logs we have produced and empty your recycle bin

Set correct settings for files that should be hidden in Windows Vista
Click the Start Orb and type folder options in the search space
Select the shortcut under Programs for Folder Options
Click the View Tab
Under Advanced Settings for Files and Folders, click Do not show hidden files and folders
Click OK



Enable SpySweeper
If you have Spy Sweeper version 4:
Open it, Click Options over on the left, then Program options
Checkmark load at windows startup.
Over to the left, Click shields and Checkmark all there.
Checkmark home page shield.
Checkmark automatically restore default without notification.
Reboot your computer, and verify SpySweeper is disabled.

If you have SpySweeper version 5:
Open SpySweeper, click Shield Settings on the right
(or Shields on the left, depending what screen you're on).
Click Internet Explorer and Checkmark all items.
Click Windows System and Checkmark all items.
Click Hosts File and Checkmark all items.
Click Startup Programs and Checkmark all items.
Close SpySweeper.


Enable Windows Defender

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Check Turn on Real Time Protection (recommended)
Close Windows Defender


Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,

Click Start\Control Panel\System and Maintenance\System
In the left pane, click System Protection. If you are prompted for an administrator password or UAC confirmation, type the password or provide confirmation
To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK.
Restart your computer

Turn ON System Restore

Click Start\Control Panel\System and Maintenance\System
In the left pane, click System Protection. If you are prompted for an administrator password or UAC confirmation, type the password or provide confirmation.

To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.

The following is some info on staying safe, CHECK that any program you try is Vista compatible
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
All of the programs in this list have a free version,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
AVG Anti-Spyware 7.5 (http://www.ewido.net/en/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Ad-Aware 2007 Free (http://www.lavasoftusa.com/products/ad_aware_free.php) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 3.5.1 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/content/view/15/33/) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/content/view/19/2/) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

pynfmly
2007-12-16, 17:02
well...I couldn't even make it past the first step :red:
I opened OTMoveit and clicked cleanup....but then I got an error "File access denied" I stopped there and decided to see what you thought about it...

ALMOST THERE!!!
YAHOO!!!

katana
2007-12-16, 17:16
It's probably something to do with UAC.
Try Right click OTMoveIT.exe and run as administrator

pynfmly
2007-12-18, 06:37
For
* Open Windows Defender
* Click Tools
* Click General Settings
* Scroll down to Real Time Protection Options
* Check Turn on Real Time Protection (recommended)
* Close Windows Defender

I do not have "General Settings in my Tools...how shall I proceed?

katana
2007-12-18, 12:22
Looking at the logs, it never actually got disabled so you don't need to worry about that.

Re-enable Teatimer as well

pynfmly
2007-12-19, 06:18
I'm almost done!
Please hang in there with for another couple of days...
I am just making sure I go through the additional program information thoroughly. I just didn't want this post deleted yet. I'm trying to get this taken care of between work, family and school ;)
But I am working on it and will fill you in on my progress in another day or so...

THANKS!!!

katana
2007-12-19, 06:20
Don't panic ;)

I will make sure this thread is not closed until you are ready.

pynfmly
2007-12-19, 13:37
Can you verify for me to make sure my s&d and teatimer is active and turned on properly?

thanks

katana
2007-12-19, 18:59
If you post a new HJT log, then yes. :D:

pynfmly
2007-12-20, 07:09
The HJT file once again showed several days old...so I ran with the DSS here...hope that's ok :)
Deckard's System Scanner v20071014.68
Run by skrunch on 2007-12-19 23:03:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as skrunch.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:35 PM, on 12/19/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Webshots\webshots.scr
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\skrunch\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\skrunch.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0120041198126407) (0120041198126407mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\012004~1.EXE
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11368 bytes

pynfmly
2007-12-20, 07:10
-- Files created between 2007-11-19 and 2007-12-19 -----------------------------

2007-12-19 06:02:16 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-12-19 06:01:18 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-19 05:58:14 0 d-------- C:\Users\All Users\Grisoft
2007-12-19 05:55:43 0 d-------- C:\Program Files\a-squared Free
2007-12-19 05:54:09 0 d-------- C:\Program Files\BillP Studios
2007-12-13 15:33:00 0 d-------- C:\PLANES_TRAINS_AND_AUTOMOBILES
2007-12-13 12:37:57 0 d-------- C:\Program Files\DVDFab Platinum 3
2007-12-12 21:51:06 0 d-------- C:\Windows\system32\Kaspersky Lab
2007-12-11 11:39:03 0 d-------- C:\THE_EX
2007-12-11 11:00:12 0 d-------- C:\I_NOW_PRONOUNCE_CHUCK_LARRY
2007-12-10 06:03:36 0 d-------- C:\Program Files\Audible
2007-12-09 08:00:13 0 d-------- C:\Shrink Temps
2007-12-09 07:28:06 0 d-------- C:\Program Files\Super DVD Creator 9.25.0
2007-12-08 17:58:46 0 d-------- C:\Users\All Users\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Common Files\Nero
2007-12-05 23:31:17 0 d-------- C:\Ripped
2007-12-05 23:25:41 0 d-------- C:\Users\All Users\DVD Shrink
2007-12-05 23:25:38 0 d-------- C:\Program Files\DVD Shrink
2007-12-05 13:04:47 0 d-------- C:\Napoleon
2007-12-01 16:03:22 0 d-------- C:\Program Files\Common Files\Steam
2007-12-01 16:03:18 0 d-------- C:\Program Files\Steam
2007-11-27 20:55:29 0 d-------- C:\Program Files\Trend Micro
2007-11-27 06:26:41 0 d-------- C:\Program Files\CCleaner
2007-11-26 01:22:44 0 d-------- C:\Program Files\Another Matrix Screen Saver
2007-11-22 16:11:49 0 d-------- C:\Program Files\VideoLAN
2007-11-22 12:36:30 0 d-------- C:\Program Files\DV Series
2007-11-22 12:35:57 0 -rahs---- C:\MSDOS.SYS
2007-11-22 12:35:57 0 -rahs---- C:\IO.SYS
2007-11-21 05:53:25 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-11-21 05:32:08 0 d-------- C:\Program Files\STOPzilla!
2007-11-21 05:32:06 0 d-------- C:\Program Files\Common Files\iS3
2007-11-21 05:32:05 0 d-------- C:\Users\All Users\STOPzilla!
2007-11-20 21:10:10 0 d-------- C:\Program Files\Coupons
2007-11-20 21:10:09 31 --ah----- C:\Windows\uccspecc.sys


-- Find3M Report ---------------------------------------------------------------

2007-12-19 22:53:18 0 d-------- C:\Program Files\McAfee
2007-12-19 06:01:18 0 d-------- C:\Users\skrunch\AppData\Roaming\SUPERAntiSpyware.com
2007-12-19 06:00:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-19 05:58:31 0 d-------- C:\Users\skrunch\AppData\Roaming\Grisoft
2007-12-19 05:54:29 0 d-------- C:\Users\skrunch\AppData\Roaming\WinPatrol
2007-12-16 20:16:49 0 d-------- C:\Users\skrunch\AppData\Roaming\uTorrent
2007-12-13 23:31:06 0 d-------- C:\Users\skrunch\AppData\Roaming\Vso
2007-12-13 12:39:42 34 --a------ C:\Users\skrunch\AppData\Roaming\pcouffin.log
2007-12-13 12:38:05 7824 --a------ C:\Users\skrunch\AppData\Roaming\pcouffin.cat
2007-12-08 18:03:28 0 d-------- C:\Users\skrunch\AppData\Roaming\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Common Files
2007-12-05 23:40:11 0 d-------- C:\Program Files\Google
2007-12-04 21:25:21 0 d-------- C:\Users\skrunch\AppData\Roaming\CyberLink
2007-11-22 16:14:46 0 d-------- C:\Users\skrunch\AppData\Roaming\vlc
2007-11-18 17:38:40 0 d-------- C:\Users\skrunch\AppData\Roaming\MusicNet
2007-11-18 13:41:19 0 d-------- C:\Users\skrunch\AppData\Roaming\Webroot
2007-11-18 13:41:19 0 d-------- C:\Program Files\Webroot
2007-11-18 13:40:57 164 --a------ C:\install.dat
2007-11-18 12:55:55 0 d-------- C:\Program Files\Lavasoft
2007-11-16 21:36:08 0 d-------- C:\Program Files\Microsoft Works
2007-11-16 21:35:05 0 d-------- C:\Program Files\Microsoft.NET
2007-11-15 06:05:15 0 d-------- C:\Program Files\Windows Mail
2007-11-14 23:06:17 0 d-------- C:\Users\skrunch\AppData\Roaming\Roxio
2007-11-14 21:26:19 0 d-------- C:\Program Files\Dell Support Center
2007-11-14 21:25:43 0 d-------- C:\Program Files\Common Files\supportsoft
2007-11-14 20:41:40 0 d-------- C:\Program Files\uTorrent
2007-11-09 00:01:39 0 d-------- C:\Users\skrunch\AppData\Roaming\WinRAR
2007-11-08 06:08:59 0 d-------- C:\Program Files\iTunes
2007-11-08 06:08:45 0 d-------- C:\Program Files\iPod
2007-11-08 06:06:08 0 d-------- C:\Program Files\QuickTime
2007-11-07 20:56:04 0 d-------- C:\Program Files\SigmaTel
2007-11-07 20:55:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-04 08:56:55 0 d-------- C:\Users\skrunch\AppData\Roaming\Webshots
2007-11-04 08:56:55 0 d-------- C:\Program Files\Webshots
2007-11-03 21:19:38 0 d-------- C:\Program Files\EA GAMES
2007-11-03 11:07:56 141132 --a------ C:\Windows\hpoins14.dat
2007-11-03 11:05:46 0 d-------- C:\Program Files\HP
2007-11-03 11:05:33 0 d-------- C:\Users\skrunch\AppData\Roaming\HPAppData
2007-11-03 11:03:06 0 d-------- C:\Program Files\Common Files\HP
2007-11-03 11:02:38 0 d-------- C:\Program Files\Hewlett-Packard
2007-11-03 11:02:20 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-11-03 10:45:36 0 d-------- C:\Program Files\Cucusoft
2007-11-03 10:34:21 0 d-------- C:\Program Files\Replay AV 8
2007-11-03 10:32:09 0 d-------- C:\Program Files\WinPcap
2007-11-03 10:29:30 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-11-01 20:05:42 0 d-------- C:\Users\skrunch\AppData\Roaming\Adobe
2007-10-31 17:04:48 0 d--h----- C:\Users\skrunch\AppData\Roaming\GTek
2007-10-30 22:11:35 0 d-------- C:\Users\skrunch\AppData\Roaming\Apple Computer
2007-10-30 22:09:01 0 d-------- C:\Program Files\Apple Software Update
2007-10-30 22:07:49 0 d-------- C:\Program Files\Common Files\Apple
2007-10-30 22:04:30 0 --a------ C:\Windows\nsreg.dat
2007-10-30 22:04:28 0 d-------- C:\Users\skrunch\AppData\Roaming\Mozilla
2007-10-30 20:07:46 0 d-------- C:\Program Files\Microsoft FrontPage
2007-10-30 20:05:25 0 d-------- C:\Users\skrunch\AppData\Roaming\Microsoft Web Folders
2007-10-30 19:11:51 0 d-------- C:\Users\skrunch\AppData\Roaming\Google
2007-10-30 18:54:31 0 d-------- C:\Users\skrunch\AppData\Roaming\Macromedia
2007-10-30 18:47:31 174 --ahs---- C:\Program Files\desktop.ini
2007-10-30 18:44:40 0 d-------- C:\Program Files\Windows Calendar
2007-10-30 18:35:19 0 d-------- C:\Program Files\MSXML 4.0
2007-10-30 18:27:22 0 d-------- C:\Users\skrunch\AppData\Roaming\Identities
2007-10-26 00:47:55 0 d-------- C:\Program Files\DellTPad
2007-10-26 00:41:44 0 d-------- C:\Program Files\Windows Defender
2007-10-25 17:23:26 0 d-------- C:\Program Files\Dell
2007-10-25 17:19:40 0 d-------- C:\Program Files\Common Files\McAfee
2007-10-25 17:19:31 0 d-------- C:\Program Files\McAfee.com
2007-10-25 17:18:38 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-25 17:18:11 0 d-------- C:\Program Files\Dell DataSafe Online
2007-10-25 17:17:17 0 d-------- C:\Program Files\Yahoo!
2007-10-25 17:16:30 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-10-25 17:14:59 0 d-------- C:\Program Files\DellSupport
2007-10-25 17:13:25 0 d-------- C:\Program Files\CyberLink
2007-10-25 17:11:52 0 d-------- C:\Program Files\Roxio
2007-10-25 17:11:39 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-25 17:10:34 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-25 17:09:27 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-25 17:08:09 0 d--h----- C:\Program Files\Creative Installation Information
2007-10-25 17:07:38 0 d-------- C:\Program Files\Creative
2007-10-25 17:07:31 0 d-------- C:\Program Files\Common Files\Creative
2007-10-25 17:07:12 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-10-25 17:07:12 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-10-25 17:06:36 0 d-------- C:\Program Files\Common Files\Creative Labs Shared
2007-10-25 17:06:29 0 d-------- C:\Program Files\Broadcom
2007-10-25 17:06:19 0 d-------- C:\Program Files\Digital Line Detect
2007-10-25 17:05:50 0 d-------- C:\Program Files\NetWaiting
2007-10-25 17:05:25 0 d-------- C:\Program Files\Modem Diagnostic Tool
2007-10-25 17:00:27 0 d-------- C:\Program Files\Java
2007-10-25 17:00:27 0 d-------- C:\Program Files\Common Files\Java
2007-10-25 16:52:54 0 d-------- C:\Program Files\CONEXANT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 03:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 05:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/26/2007 12:41 AM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [04/17/2007 09:31 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [07/01/2007 11:14 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [07/01/2007 11:13 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [07/01/2007 11:14 PM]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [11/27/2006 08:14 AM]
"UpdReg"="C:\Windows\UpdReg.EXE" [05/11/2000 12:00 AM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [03/21/2007 01:33 PM]
"@"="" []
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 06:57 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 09:33 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 08:34 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [09/07/2007 10:23 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 08:51 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" [10/26/2007 10:06 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:35 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [10/09/2007 06:56 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [10/23/2007 02:18 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 06:36 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

C:\Users\skrunch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [11/4/2007 8:56:51 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/25/2007 5:06:18 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 8:26:24 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 5:13:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-12-19 23:04:42 ------------

katana
2007-12-20, 11:11
Teatimer is not active yet

Enable Teatimer


RIGHT click Link >>> HERE <<< Link (http://downloads.subratam.org/ResetTeaTimer.bat) and select "save as" and save it to your desktop
Double click ResetTeaTimer.bat
Open Spybot S&D
Click Mode, check Advanced Mode
Go To Left Panel, Click Tools, then also in left panel, click Resident
If your firewall raises a question, say OK
check the box labeled Resident Tea-Timer and OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
You can now delete ResetTeaTimer.bat



You also have Super Anti Spyware and AVG AntiSpyware running at startup.

You don't need them to run all the time if you have Defender and Teatimer active.
Just run them once a week or so.

pynfmly
2007-12-23, 08:08
It looks like I am finished DLing and installing everything...
Can you look at the some additional info to help me decide what is necessary for my machine to have running?

I think this Winpatrol log will help

WinPatrol Report Log
Report created by WinPatrol version 12.2.2007.0:12.2.2007.0 at 0:02:35 AM, on 12/23/2007

Platform: Windows Vista Home Edition (Build 6000)
Browser: Firefox - Firefox version 2.0.0.11
Memory currently in use: 50%

MSIE: Internet Explorer (7.00.6000.16386)
IE Cookie Path: C:\Users\skrunch\AppData\Roaming\Microsoft\Windows\Cookies\
Firefox 2.0.0.11 installed in C:\Program Files\Mozilla Firefox

HKCU Window Title = Internet Explorer provided by Dell
HKLM Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
HKCU Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071026
HKLM Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

WinLogon Shell=explorer.exe
WinLogon UserInit=C:\Windows\system32\userinit.exe,


Startup Programs
Active Tasks
Scheduled Tasks
IE Helpers
File Types
Services
• Startup Programs •
# Windows Defender

MSASCui.exe -hide Windows Defender User Interface
Version: 1.1.1505.0 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Windows Defender\MSASCui.exe -hide
First Detected by WinPatrol: 12/22/2007 5:55 PM
Click for Plus Info


# Apoint

Apoint.exe Alps Pointing-device Driver
Version: 7.0.101.201 Copyright (C) 1999-2007 Alps Electric Co., Ltd.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\DellTPad\Apoint.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# IgfxTray

igfxtray.exe igfxTray Module
Version: 7.14.10.1272 Copyright 1999-2006, Intel Corporation
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Windows\System32\igfxtray.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# HotKeysCmds

hkcmd.exe hkcmd Module
Version: 7.14.10.1272 Copyright 1999-2006, Intel Corporation
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Windows\System32\hkcmd.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Persistence

igfxpers.exe persistence Module
Version: 7.14.10.1272 Copyright 1999-2006, Intel Corporation
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Windows\System32\igfxpers.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# VolPanel

VolPanlu.exe /r VolPanlu.exe
Version: 2.20.0.0 Copyright (c) Creative Technology Ltd., 2004-2006. All rights reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe /r
First Detected by WinPatrol: 12/22/2007 5:55 PM
Click for Plus Info


# UpdReg

Updreg.EXE Creative UpdReg
Version: 1.0.2 Copyright (c) Creative Technology Ltd. 2000
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Windows\Updreg.EXE
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Broadcom Wireless Manager UI

WLTRAY.EXE Dell Wireless WLAN Card Wireless Network Tray Applet
Version: 4.102.15.61 1998-2006, Dell Inc. All Rights Reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Windows\System32\WLTRAY.EXE
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# dscactivate

dsca.exe
Version: 1.0.2767.18581
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Adobe Reader Speed Launcher

Reader_sl.exe Adobe Acrobat SpeedLauncher
Version: 8.0.0.0 Copyright Adobe Systems Incorporated 2004
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# mcagent_exe

mcagent.exe /runkey McAfee Integrated Security Platform
Version: 8,0,0,0 Copyright © 2006 McAfee, Inc.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
First Detected by WinPatrol: 12/22/2007 5:55 PM
Click for Plus Info


# HP Software Update

HPWuSchd2.exe Hewlett-Packard Product Assistant
Version: 090.000.043.000 Copyright (C) Hewlett-Packard Co. 1995-2005
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SigmatelSysTrayApp

sttray.exe Sigmatel Audio system tray application
Version: 1.0.5609.0 nd652 cp1 Copyright (c) 2004-2007, IDT, Inc.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# iTunesHelper

iTunesHelper.exe iTunesHelper Module
Version: 7.5.0.20 © 2003-2007 Apple Inc. All Rights Reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\iTunes\iTunesHelper.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# NeroFilterCheck

NeroCheck.exe NeroCheck
Version: 1, 0, 0, 6 Copyright (c) 1995-2006 Nero AG and its licensors
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# NBKeyScan

NBKeyScan.exe Nero BackItUp
Version: 3, 1, 0, 0 Copyright (c) 2003-2007 Nero AG and its licensors
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# WinPatrol

WinPatrol.exe WinPatrol System Monitor
Version: 12.2.2007.0 Copyright © 1997- 2007 BillP Studios
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# TkBellExe

realsched.exe -osboot RealNetworks Scheduler
Version: 0.1.0.4279 Copyright © RealNetworks, Inc. 1995-2007
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
First Detected by WinPatrol: 12/22/2007 5:55 PM
Click for Plus Info


# SpySweeper

SpySweeperUI.exe /startintray Spy Sweeper Client Executable
Version: 5, 5 Copyright (C) 2002 - 2007, All Rights Reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
First Detected by WinPatrol: 12/22/2007 5:55 PM
Click for Plus Info


# ehTray.exe

ehtray.exe Media Center Tray Applet
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Windows\ehome\ehtray.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# DellSupportCenter

sprtcmd.exe /P DellSupportCenter Version: 7.0.585.0 Copyright 1997-2007 SupportSoft
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter
First Detected by WinPatrol: 12/22/2007 5:55 PM
Click for Plus Info


# BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}

NMBgMonitor.exe Nero Home
Version: 3.1.3.0 Copyright 2007 Nero AG and its licensors
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# WMPNSCFG

wmpnscfg.exe Windows Media Player Network Sharing Service Configuration Application
Version: 11.0.6000.6324 © Microsoft Corporation. All rights reserved.
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Windows Media Player\wmpnscfg.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SpybotSD TeaTimer

TeaTimer.exe System settings protector
Version: 1, 5, 0, 0 © 2000-2007 Safer Networking Limited. All rights reserved.
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
First Detected by WinPatrol: 12/20/2007 8:56 PM
Click for Plus Info


# SUPERAntiSpyware

SUPERAntiSpyware.exe SUPERAntiSpyware
Version: 3, 9, 0, 1008 Copyright (C) 2005-2007 by SUPERAntiSpyware.com and SUPERAdBlocker.com
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
First Detected by WinPatrol: 12/19/2007 6:03 AM
Click for Plus Info


# Digital Line Detection

DLG.exe Digital Line Detection
Version: 1, 0, 0, 2 Copyright © 2001-2006
Location: Windows Startup Group
Path: C:\Program Files\Digital Line Detect\DLG.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# HP Digital Imaging Monitor

hpqtra08.exe HP Digital Imaging Monitor
Version: 090.000.146.000 Copyright (C) Hewlett-Packard Co. 1995-2005
Location: Windows Startup Group
Path: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Microsoft Office StartUp

OSA9.EXE Microsoft Office 2000 component
Version: 9.0.2617 Copyright© Microsoft Corporation 1994-1999. All rights reserved.
Location: Windows Startup Group
Path: C:\Program Files\Microsoft Office\Office\OSA9.EXE
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# QuickSet

quickset.exe QuickSet
Version: 8, 2, 14, 0 © 2001 Dell Inc.
Location: Windows Startup Group
Path: C:\Program Files\Dell\QuickSet\quickset.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Webshots.lnk

Launcher.exe
Location: Windows Startup Group
Path: C:\Program Files\Webshots\Launcher.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Winlogon Userinit

userinit.exe Userinit Logon Application
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit
Path: C:\Windows\System32\userinit.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Winlogon Shell

explorer.exe Windows Explorer
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
Path: explorer.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info

pynfmly
2007-12-23, 08:09
#
• Delayed Start •
• Active Tasks •
# McAfee Integrated Security Platform

mcagent.exe McAfee Integrated Security Platform
Version: 8,0,0,0 Copyright © 2006 McAfee, Inc.
Path: C:\Program Files\McAfee.com\Agent\mcagent.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Task Scheduler Engine

taskeng.exe Task Scheduler Engine
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: C:\Windows\System32\taskeng.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Desktop Window Manager

dwm.exe Desktop Window Manager
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: C:\Windows\System32\dwm.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Windows Explorer

explorer.exe Windows Explorer
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: C:\Windows\explorer.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Windows Defender User Interface

MSASCui.exe Windows Defender User Interface
Version: 1.1.1505.0 © Microsoft Corporation. All rights reserved.
Path: C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCui.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Alps Pointing-device Driver

Apoint.exe Alps Pointing-device Driver
Version: 7.0.101.201 Copyright (C) 1999-2007 Alps Electric Co., Ltd.
Path: C:\PROGRAM FILES\DellTPad\Apoint.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# hkcmd Module

hkcmd.exe hkcmd Module
Version: 7.14.10.1272 Copyright 1999-2006, Intel Corporation
Path: C:\Windows\System32\hkcmd.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# persistence Module

igfxpers.exe persistence Module
Version: 7.14.10.1272 Copyright 1999-2006, Intel Corporation
Path: C:\Windows\System32\igfxpers.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# VolPanlu.exe

VolPanlu.exe VolPanlu.exe
Version: 2.20.0.0 Copyright (c) Creative Technology Ltd., 2004-2006. All rights reserved.
Path: C:\PROGRAM FILES\Creative\SBAudigy\VOLUME PANEL\VolPanlu.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Dell Wireless WLAN Card Wireless Network Tray Applet

WLTRAY.EXE Dell Wireless WLAN Card Wireless Network Tray Applet
Version: 4.102.15.61 1998-2006, Dell Inc. All Rights Reserved.
Path: C:\Windows\System32\WLTRAY.EXE
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Hewlett-Packard Product Assistant

HPWUSCHD2.EXE Hewlett-Packard Product Assistant
Version: 090.000.043.000 Copyright (C) Hewlett-Packard Co. 1995-2005
Path: C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Sigmatel Audio system tray application

sttray.exe Sigmatel Audio system tray application
Version: 1.0.5609.0 nd652 cp1 Copyright (c) 2004-2007, IDT, Inc.
Path: C:\PROGRAM FILES\SigmaTel\C-MAJOR AUDIO\WDM\sttray.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# iTunesHelper Module

ITUNESHELPER.EXE iTunesHelper Module
Version: 7.5.0.20 © 2003-2007 Apple Inc. All Rights Reserved.
Path: C:\PROGRAM FILES\iTunes\ITUNESHELPER.EXE
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# igfxsrvc Module

igfxsrvc.exe igfxsrvc Module
Version: 7.14.10.1272 Copyright 1999-2006, Intel Corporation
Path: C:\Windows\System32\igfxsrvc.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# WinPatrol

WINPATROL.EXE WinPatrol System Monitor
Version: 12.2.2007.0 Copyright © 1997- 2007 BillP Studios
Path: C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# RealNetworks Scheduler

REALSCHED.EXE RealNetworks Scheduler
Version: 0.1.0.4279 Copyright © RealNetworks, Inc. 1995-2007
Path: C:\PROGRAM FILES\COMMON FILES\Real\UPDATE_OB\REALSCHED.EXE
First Detected by WinPatrol: 12/21/2007 6:28 AM
Click for Plus Info


# Spy Sweeper Client Executable

SPYSWEEPERUI.EXE Spy Sweeper Client Executable
Version: 5, 5 Copyright (C) 2002 - 2007, All Rights Reserved.
Path: C:\PROGRAM FILES\Webroot\SPY SWEEPER\SPYSWEEPERUI.EXE
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Media Center Tray Applet

ehtray.exe Media Center Tray Applet
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: C:\Windows\ehome\ehtray.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# sprtcmd

sprtcmd.exe Version: 7.0.585.0 Copyright 1997-2007 SupportSoft
Path: C:\PROGRAM FILES\DELL SUPPORT CENTER\bin\sprtcmd.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Windows Media Player Network Sharing Service Configuration Application

wmpnscfg.exe Windows Media Player Network Sharing Service Configuration Application
Version: 11.0.6000.6324 © Microsoft Corporation. All rights reserved.
Path: C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmpnscfg.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# System settings protector

TeaTimer.exe System settings protector
Version: 1, 5, 0, 0 © 2000-2007 Safer Networking Limited. All rights reserved.
Path: C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
First Detected by WinPatrol: 12/20/2007 9:04 PM
Click for Plus Info


# Digital Line Detection

DLG.exe Digital Line Detection
Version: 1, 0, 0, 2 Copyright © 2001-2006
Path: C:\PROGRAM FILES\DIGITAL LINE DETECT\DLG.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# HP Digital Imaging Monitor

hpqtra08.exe HP Digital Imaging Monitor
Version: 090.000.146.000 Copyright (C) Hewlett-Packard Co. 1995-2005
Path: C:\PROGRAM FILES\HP\DIGITAL IMAGING\bin\hpqtra08.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Media Center Media Status Aggregator Service

ehmsas.exe Media Center Media Status Aggregator Service
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: C:\Windows\ehome\ehmsas.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# QuickSet

quickset.exe QuickSet
Version: 8, 2, 14, 0 © 2001 Dell Inc.
Path: C:\PROGRAM FILES\Dell\QuickSet\quickset.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# uTorrent

uTorrent.exe
Path: C:\PROGRAM FILES\uTorrent\uTorrent.exe
First Detected by WinPatrol: 12/20/2007 10:50 PM
Click for Plus Info


# ApMsgFwd

ApMsgFwd.exe ApMsgFwd
Version: 7, 0, 0, 16 Copyright (C) 2006-2007 Alps Electric Co., Ltd.
Path: C:\PROGRAM FILES\DellTPad\ApMsgFwd.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Webshots Photo Manager

webshots.scr Webshots Photo Manager
Version: 2.5.0.5135 Copyright (C) 2006
Path: C:\PROGRAM FILES\Webshots\webshots.scr
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Alps Pointing-device Driver for Windows NT/2000/XP/Vista

ApntEx.exe Alps Pointing-device Driver for Windows NT/2000/XP/Vista
Version: 7.0.1.26 Copyright (C) 1998-2006 Alps Electric Co., Ltd.
Path: C:\PROGRAM FILES\DellTPad\ApntEx.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Alps Pointing-device Driver

hidfind.exe Alps Pointing-device Driver
Version: 7.0.0.26 Copyright (C) 1998-2006 Alps Electric Co., Ltd.
Path: C:\PROGRAM FILES\DellTPad\hidfind.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Firefox

firefox.exe Firefox
Version: 2.0.0.11 Mozilla Corporation
Path: C:\Program Files\Mozilla Firefox\firefox.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# WinPatrol

WINPATROLEX.EXE WinPatrol Explorer
Version: 12.2.2007.0 Copyright © 2004-2007 BillP Studios
Path: C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE
Click for Plus Info


# Microsoft Windows Search Filter Host

SEARCHFILTERHOST.EXE Microsoft Windows Search Filter Host
Version: 6.0.6000.20499 © Microsoft Corporation. All rights reserved.
Path: C:\Windows\System32\SEARCHFILTERHOST.EXE
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


• Scheduled Tasks •
# McQcTask.job

QcConsol.exe QuickClean Console Application
Version: 8,0,0,0 Copyright © 2006 McAfee, Inc.
Path: c:\Program Files\McAfee\MQC\QcConsol.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Never
Location: "HKLM\"
Click for Plus Info


# McDefragTask.job

QcConsol.exe QuickClean Console Application
Version: 8,0,0,0 Copyright © 2006 McAfee, Inc.
Path: c:\Program Files\McAfee\MQC\QcConsol.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Never
Location: "HKLM\"
Click for Plus Info


• IE Helpers •
# HP Smart Web Printing

hpswp_framework.dll Leo (Framework) - add-on for Internet Explorer
Version: 2.15.7.0 Copyright (C) Hewlett-Packard Co. 1995-2006
Path: C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
First Detected by WinPatrol: 12/19/2007 5:54 AM
2.15.7.0
Click for Plus Info


# AcroIEHelper Library

AcroIEHelper.dll Adobe PDF Helper for Internet Explorer
Version: 8.0.0.2006102200 Copyright 1984-2006 Adobe Systems Incorporated and its licensors. All rights reserved.
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
First Detected by WinPatrol: 12/19/2007 5:54 AM
8.0.0.2006102200
Click for Plus Info


# mcapbho.dll

mcapbho.dll
Path: C:\Program Files\McAfee\MSK\mcapbho.dll
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Spybot - Search & Destroy

SDHelper.dll SBSD IE Protection
Version: 1, 5, 0, 0 © 2000-2007 Safer Networking Limited. All rights reserved.
Path: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
First Detected by WinPatrol: 12/19/2007 5:54 AM
1, 5, 0, 0
Click for Plus Info


# Java(TM) Platform SE 6

ssv.dll Java(TM) Platform SE binary
Version: 6.0.0.104 Copyright © 2004
Path: c:\Program Files\Java\jre1.6.0\bin\ssv.dll
First Detected by WinPatrol: 12/19/2007 5:54 AM
6.0.0.104
Click for Plus Info


# VSCORE.14.0.0.349.x86

scriptsn.dll VSCore Script Scanner
Copyright© 1995-2007 McAfee, Inc. All Rights Reserved.
Path: C:\Program Files\McAfee\VirusScan\scriptsn.dll
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Browser Address Error Redirector

BAE.dll BAE.dll
Version: 1.2.0.3 (c) 2006. Dell Inc. All rights reserved.
Path: C:\Program Files\Dell\BAE\BAE.dll
First Detected by WinPatrol: 12/19/2007 5:54 AM
1.2.0.3
Click for Plus Info


# HP Clipbook


C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll,208
Click for Plus Info


# HP Smart Select


C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll,210
Click for Plus Info


# Research


C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO
Click for Plus Info

pynfmly
2007-12-23, 08:10
#
• File Types •
# Windows Batch File

%1 %*
Path: %1 %*
.BAT
Startup Type: batfile
Click for Plus Info


# WinRAR archive

WinRAR.exe %1
Path: C:\Program Files\WinRAR\WinRAR.exe %1
.CAB
Startup Type: WinRAR
Click for Plus Info


# Security Catalog

rundll32.exe cryptext.dll,CryptExtOpenCAT %1 Windows host process (Rundll32)
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1
.CAT
Startup Type: CATFile
Click for Plus Info


# Compiled HTML Help file

hh.exe %1 Microsoft® HTML Help Executable
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: C:\Windows\hh.exe %1
.CHM
Startup Type: chm.file
Click for Plus Info


# MS-DOS Application

%1 %*
Path: %1 %*
.COM
Startup Type: comfile
Click for Plus Info


# Windows Command Script

%1 %*
Path: %1 %*
.CMD
Startup Type: cmdfile
Click for Plus Info


# Microsoft Word Document

WINWORD.EXE /n Microsoft Word for Windows
Version: 9.0.2717 Copyright© Microsoft Corporation 1983-1999. All rights reserved.
Path: C:\Program Files\Microsoft Office\Office\WINWORD.EXE /n
.DOC
Startup Type: Word.Document.8
Click for Plus Info


# Internet E-Mail Message

WinMail.exe /eml:%1 Windows Mail
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Windows Mail\WinMail.exe /eml:%1
.EML
Startup Type: Microsoft Internet Mail Message
Click for Plus Info


# Application

%1 %*
Path: %1 %*
.EXE
Startup Type: exefile
Click for Plus Info


# Setup Information

NOTEPAD.EXE %1 Notepad
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: C:\Windows\system32\NOTEPAD.EXE %1
.INF
Startup Type: inffile
Click for Plus Info


# JScript Script File

WScript.exe %1 %* Microsoft (R) Windows Based Script Host
Version: 5.7.0.6000 Copyright (C) Microsoft Corp. 1996-2006, All Rights Reserved
Path: C:\Windows\System32\WScript.exe %1 %*
.JS
Startup Type: JSFile
Click for Plus Info


# Text Document

NOTEPAD.EXE %1 Notepad
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: C:\Windows\system32\NOTEPAD.EXE %1
.LOG
Startup Type: txtfile
Click for Plus Info


# Windows Installer Package

msiexec.exe /i %1 %* Windows® installer
Version: 4.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: C:\Windows\System32\msiexec.exe /i %1 %*
.MSI
Startup Type: Msi.Package
Click for Plus Info


# Outlook Item

OUTLOOK.EXE /f %1 Microsoft Outlook
Version: 9.0.2416 Copyright© Microsoft Corporation 1983-1999. All rights reserved.
Path: C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE /f %1
.MSG
Startup Type: msgfile
Click for Plus Info


# Yahoo! Music Jukebox File

YahooMusicEngine.exe -play %1 Yahoo! Music Jukebox
Version: 2.2.2.056 (Build 056) Copyright © Yahoo! 2056-2007
Path: C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe -play %1
.MID
Startup Type: YMP.Media
Click for Plus Info


# Yahoo! Music Jukebox File

YahooMusicEngine.exe -play %1 Yahoo! Music Jukebox
Version: 2.2.2.056 (Build 056) Copyright © Yahoo! 2056-2007
Path: C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe -play %1
.MP3
Startup Type: YMP.Media
Click for Plus Info


# Shortcut to MS-DOS Program

%1 %*
Path: %1 %*
.PIF
Startup Type: piffile
Click for Plus Info


# RealPlayer Presentation

RealPlay.exe %1 RealPlayer
Version: 11.0.0.372 Copyright © RealNetworks, Inc. 1995-2007
Path: C:\Program Files\Real\RealPlayer\RealPlay.exe %1
.RAM
Startup Type: RealPlayer.RAM.6
Click for Plus Info


# Registration Entries

regedit.exe %1 Registry Editor
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: regedit.exe %1
.REG
Startup Type: regfile
Click for Plus Info


# Rich Text Format

WINWORD.EXE /n Microsoft Word for Windows
Version: 9.0.2717 Copyright© Microsoft Corporation 1983-1999. All rights reserved.
Path: C:\Program Files\Microsoft Office\Office\WINWORD.EXE /n
.RTF
Startup Type: Word.RTF.8
Click for Plus Info


# Spyware supplemental file

SpybotSD.exe %1 Spybot - Search & Destroy
Version: 1, 5, 0, 0 © 2000-2007 Safer Networking Limited. All rights reserved.
Path: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe %1
.SBS
Startup Type: SpybotSD.SBSFile
Click for Plus Info


# Screen Saver

%1 /S
Path: %1 /S
.SCR
Startup Type: scrfile
Click for Plus Info


# Text Document

NOTEPAD.EXE %1 Notepad
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: C:\Windows\system32\NOTEPAD.EXE %1
.TXT
Startup Type: txtfile
Click for Plus Info


# Windows host process (Rundll32)

rundll32.exe ieframe.dll,OpenURL %l Windows host process (Rundll32)
Version: 6.0.6000.16386 © Microsoft Corporation. All rights reserved.
Path: rundll32.exe ieframe.dll,OpenURL %l
.URL
Startup Type: Windows host process (Rundll32)
Click for Plus Info


# VBScript Script File

WScript.exe %1 %* Microsoft (R) Windows Based Script Host
Version: 5.7.0.6000 Copyright (C) Microsoft Corp. 1996-2006, All Rights Reserved
Path: C:\Windows\System32\WScript.exe %1 %*
.VBS
Startup Type: VBSFile
Click for Plus Info


# VBScript Encoded File

WScript.exe %1 %* Microsoft (R) Windows Based Script Host
Version: 5.7.0.6000 Copyright (C) Microsoft Corp. 1996-2006, All Rights Reserved
Path: C:\Windows\System32\WScript.exe %1 %*
.VBE
Startup Type: VBEFile
Click for Plus Info


# Windows Script File

WScript.exe %1 %* Microsoft (R) Windows Based Script Host
Version: 5.7.0.6000 Copyright (C) Microsoft Corp. 1996-2006, All Rights Reserved
Path: C:\Windows\System32\WScript.exe %1 %*
.WSF
Startup Type: WSFFile
Click for Plus Info


# Windows Script Host Settings File

WScript.exe %1 %* Microsoft (R) Windows Based Script Host
Version: 5.7.0.6000 Copyright (C) Microsoft Corp. 1996-2006, All Rights Reserved
Path: C:\Windows\System32\WScript.exe %1 %*
.WSH
Startup Type: WSHFile
Click for Plus Info


# Microsoft Excel Worksheet

EXCEL.EXE /e Microsoft Excel for Windows
Version: 9.0.2719 Copyright© Microsoft Corporation 1985-1999. All rights reserved.
Path: C:\Program Files\Microsoft Office\Office\EXCEL.EXE /e
.XLS
Startup Type: Excel.Sheet.8
Click for Plus Info


• Services •
# a2service.exe

a-squared Service
Version: 3.0.0.0 (C) 2003-2007 Emsi Software GmbH
Path: C:\Program Files\a-squared Free\a2service.exe
First Detected by WinPatrol: 12/19/2007 6:02 AM
Scans the PC for unwanted software and provides protection from malicious code
Created: 12/19/2007 5:55 AM
Accessed: 12/19/2007 5:55 AM
Written: 12/13/2007 7:58 AM
File Size: 366,704 Bytes
Click for Plus Info


# aawservice.exe

Ad-Aware 2007 Service
Version: 7, 0, 2, 5 Copyright (C) 2007
Path: C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Protects your computer from spyware
Created: 10/29/2007 1:27 PM
Accessed: 11/18/2007 12:55 AM
Written: 10/29/2007 1:27 PM
File Size: 587,096 Bytes
Click for Plus Info


# AEstSrv.exe

Andrea filters APO access service (32-bit)
Copyright 2007 (c) Andrea Electronics Corporation. All rights reserved.
Path: C:\Windows\System32\AEstSrv.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Created: 11/07/2007 8:59 PM
Accessed: 11/07/2007 8:59 PM
Written: 08/29/2007 1:25 PM
File Size: 73,728 Bytes
Click for Plus Info


# AppleMobileDeviceService.exe

Apple Mobile Device Service
Version: 1, 14, 0, 0 Copyright 2007 Apple, Inc. All Rights Reserved.
Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Provides the interface to Apple mobile devices.
Created: 09/06/2007 12:28 AM
Accessed: 10/30/2007 10:08 PM
Written: 09/06/2007 12:28 AM
File Size: 110,592 Bytes
Click for Plus Info


# guard.exe

AVG Anti-Spyware guard
Version: 7, 5, 1, 22 Copyright © 2007 GRISOFT s.r.o.
Path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
First Detected by WinPatrol: 12/19/2007 6:03 AM
Created: 05/30/2007 6:31 AM
Accessed: 12/19/2007 5:58 AM
Written: 05/30/2007 6:31 AM
File Size: 312,880 Bytes
Click for Plus Info


# CreativeLicensing.exe

System Level Service Utility
Path: C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Provides licensing services for Creative Labs applications.
Created: 10/25/2007 5:06 PM
Accessed: 10/25/2007 5:06 PM
Written: 10/25/2007 5:06 PM
File Size: 72,704 Bytes
Click for Plus Info


# CTSVCCDA.EXE

Creative Service for CDROM Access
Version: 1.0.0.0 Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
Path: C:\Windows\System32\CTSVCCDA.EXE
First Detected by WinPatrol: 12/19/2007 5:54 AM
Created: 10/25/2007 5:07 PM
Accessed: 10/25/2007 5:07 PM
Written: 04/09/2007 0:48 AM
File Size: 44,032 Bytes
Click for Plus Info

pynfmly
2007-12-23, 08:11
#


# brkrsvc.exe

Gteko BrkrSvc Application
Version: 1, 0, 0, 9 Copyright (C) 2006 Gteko Ltd.
Path: C:\Program Files\DellSupport\brkrsvc.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Created: 03/19/2007 11:44 AM
Accessed: 10/25/2007 5:14 PM
Written: 03/19/2007 11:44 AM
File Size: 70,656 Bytes
Click for Plus Info


# hpqcxs08.dll

HP CUE Context Manager Objects
Version: 090.000.146.000 Copyright (C) Hewlett-Packard Co. 1995-2005
Path: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
First Detected by WinPatrol: 12/19/2007 5:54 AM
Created: 03/11/2007 8:24 PM
Accessed: 11/03/2007 11:03 AM
Written: 03/11/2007 8:24 PM
File Size: 217,088 Bytes
Click for Plus Info


# hpqddsvc.dll

HP CUE DeviceDiscovery Service
Version: 090.000.146.000 Copyright (C) Hewlett-Packard Co. 1995-2005
Path: C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
First Detected by WinPatrol: 12/19/2007 5:54 AM
This service detects and monitors CUE devices on the system.
Created: 03/11/2007 9:02 PM
Accessed: 11/03/2007 11:05 AM
Written: 03/11/2007 9:02 PM
File Size: 131,072 Bytes
Click for Plus Info


# IDriverT.exe

IDriverT Module
Version: 10.50 Copyright (C) 2004 Macrovision Corporation
Path: C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Provides support for the Running Object Table for InstallShield Drivers
Created: 10/22/2004 2:24 AM
Accessed: 10/25/2007 5:10 PM
Written: 10/22/2004 2:24 AM
File Size: 73,728 Bytes
Click for Plus Info


# iPodService.exe

iPodService Module
Version: 7.5.0.20 © 2003-2007 Apple Inc. All Rights Reserved.
Path: C:\Program Files\iPod\bin\iPodService.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
iPod hardware management services
Created: 11/02/2007 6:36 PM
Accessed: 11/08/2007 6:08 AM
Written: 11/02/2007 6:36 PM
File Size: 504,104 Bytes
Click for Plus Info


# mcmscsvc.exe

McAfee Services
Version: 8,0,0,0 Copyright © 2006 McAfee, Inc.
Path: C:\Program Files\McAfee\MSC\mcmscsvc.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
McAfee Protection Manager
Created: 10/30/2007 6:39 PM
Accessed: 08/04/2007 2:08 AM
Written: 08/04/2007 2:08 AM
File Size: 749,904 Bytes
Click for Plus Info


# McNASvc.exe

McAfee Network Agent
Version: 2,0,0,0 Copyright © 2006 McAfee, Inc.
Path: c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Allows McAfee applications to communicate securely on the local network.
Created: 10/25/2007 5:19 PM
Accessed: 07/22/2007 7:15 PM
Written: 07/22/2007 7:15 PM
File Size: 2,376,992 Bytes
Click for Plus Info


# mcods.exe

McAfee VirusScan - On Demand Scan
Version: 12,0,0,0 Copyright © 2006 McAfee, Inc.
Path: C:\Program Files\McAfee\VirusScan\mcods.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Scans specified locations on this computer for viruses and other threats. The service runs for scheduled scans and manual scans.
Created: 10/25/2007 5:20 PM
Accessed: 07/25/2007 2:16 AM
Written: 07/25/2007 2:16 AM
File Size: 378,184 Bytes
Click for Plus Info


# McProxy.exe

McAfee Proxy Service Module
Version: 2,0,0,0 Copyright © 2006 McAfee, Inc.
Path: c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
McAfee Proxy Service
Created: 10/30/2007 6:41 PM
Accessed: 08/15/2007 11:36 AM
Written: 08/15/2007 11:36 AM
File Size: 359,248 Bytes
Click for Plus Info


# Mcshield.exe

On-Access Scanner service
Copyright© 1995-2007 McAfee, Inc. All Rights Reserved.
Path: C:\Program Files\McAfee\VirusScan\Mcshield.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Scans files for viruses and other threats when they are accessed by this computer.
Created: 10/25/2007 5:19 PM
Accessed: 07/24/2007 11:02 AM
Written: 07/24/2007 11:02 AM
File Size: 144,704 Bytes
Click for Plus Info


# mcsysmon.exe

McAfee SystemGuards Service
Version: 12,0,0,0 Copyright © 2006 McAfee, Inc.
Path: C:\Program Files\McAfee\VirusScan\mcsysmon.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Monitors potentially unauthorized changes to this computer.
Created: 10/25/2007 5:19 PM
Accessed: 07/25/2007 0:41 AM
Written: 07/25/2007 0:41 AM
File Size: 695,624 Bytes
Click for Plus Info


# MpfSrv.exe

McAfee Personal Firewall Service
Version: 9.0.136.0 Copyright © 2007 McAfee, Inc. All Rights Reserved.
Path: C:\Program Files\McAfee\MPF\MpfSrv.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Helps protect your computer from intrusion and let's you manage your computer's trusted programs.
Created: 10/25/2007 5:20 PM
Accessed: 07/18/2007 2:54 PM
Written: 07/18/2007 2:54 PM
File Size: 856,864 Bytes
Click for Plus Info


# msksrver.exe

McAfee Anti-Spam Server
Version: 9.0 Copyright © 2007, McAfee Inc.
Path: C:\Program Files\McAfee\MSK\msksrver.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
This service filters e-mail messages on your computer
Created: 10/30/2007 6:41 PM
Accessed: 08/24/2007 3:00 AM
Written: 08/24/2007 3:00 AM
File Size: 23,880 Bytes
Click for Plus Info


# NBService.exe

Nero BackItUp
Version: 3, 1, 0, 0 Copyright (c) 2003-2007 Nero AG and its licensors
Path: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Nero BackItUp Scheduler 3 is responsible to control all jobs created using Nero BackItUp 3. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP.
Created: 09/20/2007 8:51 AM
Accessed: 12/08/2007 6:00 PM
Written: 09/20/2007 8:51 AM
File Size: 853,288 Bytes
Click for Plus Info


# HPZinw12.dll

Dot4Net Module
Version: 12,1,1,54 Copyright © 2006, 2007 Hewlett-Packard
Path: C:\Windows\System32\HPZinw12.dll
First Detected by WinPatrol: 12/19/2007 5:54 AM
Created: 11/08/2006 3:35 PM
Accessed: 11/03/2007 11:01 AM
Written: 11/08/2006 3:35 PM
File Size: 43,520 Bytes
Click for Plus Info


# NMIndexingService.exe

Nero Home
Version: 3.1.3.0 Copyright 2007 Nero AG and its licensors
Path: C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Created: 10/23/2007 2:19 PM
Accessed: 12/08/2007 5:58 PM
Written: 10/23/2007 2:19 PM
File Size: 382,248 Bytes
Click for Plus Info


# HPZipm12.dll

PmlDrv Module
Version: 12,1,1,54 Copyright © 2006, 2007 Hewlett-Packard
Path: C:\Windows\System32\HPZipm12.dll
First Detected by WinPatrol: 12/19/2007 5:54 AM
Created: 11/08/2006 3:35 PM
Accessed: 11/03/2007 11:01 AM
Written: 11/08/2006 3:35 PM
File Size: 53,248 Bytes
Click for Plus Info


# RoxMediaDB9.exe

RoxMediaDB9 Module
Copyright (c) 1994-2005 Sonic Solutions
Path: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Roxio RoxMediaDB9 Service
Created: 11/05/2006 10:15 AM
Accessed: 10/25/2007 5:11 PM
Written: 11/05/2006 10:15 AM
File Size: 880,640 Bytes
Click for Plus Info


# RoxWatch9.exe

RoxSniffer9 Module
Version: 9.0.1.64 Copyright (c) 1994-2005 Sonic Solutions
Path: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Created: 11/05/2006 10:13 AM
Accessed: 10/25/2007 5:12 PM
Written: 11/05/2006 10:13 AM
File Size: 159,744 Bytes
Click for Plus Info


# rpcapd.ini

Remote Packet Capture Daemon
Version: 4.0.0.901 Copyright © 2005-2007 CACE Technologies. Copyright © 2003-2005 NetGroup, Politecnico di Torino.
Path: C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini
Allows to capture traffic on this machine from a remote machine.
Created: 06/28/2007 6:01 PM
Accessed: 11/03/2007 10:32 AM
Written: 06/28/2007 6:01 PM
File Size: 92,792 Bytes
Click for Plus Info


# SDWinSec.exe

Spybot-S&D Security Center integration
Version: 1, 5, 0, 0 Copyright (C) 2006-2007 Safer Networking Ltd.
Path: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Created: 11/21/2007 5:53 AM
Accessed: 11/21/2007 5:53 AM
Written: 08/31/2007 4:46 PM
File Size: 600,912 Bytes
Click for Plus Info


# sprtsvc.exe /service /p dellsupportcenter

SupportSoft Agent Service
Version: 7.0.585.0 Copyright 1997-2007 SupportSoft
Path: C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
SupportSoft Sprocket Service
Created: 10/09/2007 6:56 PM
Accessed: 11/14/2007 9:25 PM
Written: 10/09/2007 6:56 PM
File Size: 202,544 Bytes
Click for Plus Info


# stacsv.exe

STacSV Module
Version: 1.0.5609.0 nd652 cp1 Copyright (c) 2004-2007, IDT, Inc.
Path: C:\Windows\System32\stacsv.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Manages SigmaTel Audio Universal Jack configurations.
Created: 11/07/2007 8:59 PM
Accessed: 11/07/2007 8:59 PM
Written: 09/07/2007 10:25 AM
File Size: 102,400 Bytes
Click for Plus Info


# SteamService.exe /RunAsService

Steam Client Service
Version: 1, 0, 0, 1 Copyright (C) 2007
Path: C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService
Steam Client Service monitors and updates Steam content
Created: 12/01/2007 4:03 PM
Accessed: 12/01/2007 4:03 PM
Written: 12/01/2007 4:04 PM
File Size: 87,288 Bytes
Click for Plus Info


# stllssvr.exe

SureThing Labelflash Disc Printer Service Module
Version: 1.2.447 Copyright © 1999-2006 MicroVision Development, Inc. All rights reserved.
Path: C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Created: 09/14/2006 1:54 PM
Accessed: 10/25/2007 5:09 PM
Written: 09/14/2006 1:54 PM
File Size: 73,728 Bytes
Click for Plus Info


# SpySweeper.exe

Spy Sweeper Engine
Version: 3, 5 Copyright (C) 2002 - 2007, All Rights Reserved.
Path: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function.
Created: 11/18/2007 1:41 PM
Accessed: 11/18/2007 1:41 PM
Written: 10/01/2007 4:40 PM
File Size: 3,567,928 Bytes
Click for Plus Info


# bcmwltry.exe


Path: C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe
Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant.
Created: 10/25/2007 5:08 PM
Accessed: 10/25/2007 5:08 PM
Written: 03/21/2007 1:33 PM
File Size: 24,064 Bytes
Click for Plus Info


# XAudio.exe

Modem Audio Service
Version: 1.00.00 Copyright© Conexant Systems, Inc. 2006
Path: C:\Windows\System32\drivers\XAudio.exe
First Detected by WinPatrol: 12/19/2007 5:54 AM
User-mode gate for Modem Speakephone
Created: 10/26/2007 0:47 AM
Accessed: 10/26/2007 0:47 AM
Written: 08/04/2006 6:39 PM
File Size: 386,560 Bytes
Click for Plus Info

pynfmly
2007-12-23, 08:12
#
• Hidden Files •
# boo

bootmgr
Path: C:\bootmgr
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# dell

dell.sdr
Path: C:\dell.sdr
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# hiberfil

hiberfil.sys
Path: C:\hiberfil.sys
Click for Plus Info


# IO

IO.SYS
Path: C:\IO.SYS
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# MSDOS

MSDOS.SYS
Path: C:\MSDOS.SYS
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# pagefile

pagefile.sys
Path: C:\pagefile.sys
Click for Plus Info


# QTFont

QTFont.qfn
Path: C:\Windows\QTFont.qfn
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# uccspecc

uccspecc.sys
Path: C:\Windows\uccspecc.sys
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# WindowsShell.Mani

WindowsShell.Manifest
Path: C:\Windows\WindowsShell.Manifest
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# WindowsShellOld.Manife

WindowsShellOld.Manifest.1
Path: C:\Windows\WindowsShellOld.Manifest.1
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D0

7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
Path: C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D0

7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
Path: C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# AC3Filter

ac3filter.ax ac3filter
Version: 0.70b Copyright © 2002 by Vigovsky Alexander
Path: C:\Windows\System32\ac3filter.ax
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# AVSredirect

AVSredirect.dll
Path: C:\Windows\System32\AVSredirect.dll
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# BCD-Template

BCD-Template.LOG
Path: C:\Windows\System32\config\BCD-Template.LOG
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# BCD-Template.

BCD-Template.LOG1
Path: C:\Windows\System32\config\BCD-Template.LOG1
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# BCD-Template.

BCD-Template.LOG2
Path: C:\Windows\System32\config\BCD-Template.LOG2
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# COMPONENTS

COMPONENTS.LOG
Path: C:\Windows\System32\config\COMPONENTS.LOG
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# COMPONENTS.

COMPONENTS.LOG1
Path: C:\Windows\System32\config\COMPONENTS.LOG1
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# COMPONENTS.

COMPONENTS.LOG2
Path: C:\Windows\System32\config\COMPONENTS.LOG2
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# DEFAULT

DEFAULT.LOG
Path: C:\Windows\System32\config\DEFAULT.LOG
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# DEFAULT.

DEFAULT.LOG1
Path: C:\Windows\System32\config\DEFAULT.LOG1
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# DEFAULT.

DEFAULT.LOG2
Path: C:\Windows\System32\config\DEFAULT.LOG2
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SAM

SAM.LOG
Path: C:\Windows\System32\config\SAM.LOG
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SAM.

SAM.LOG1
Path: C:\Windows\System32\config\SAM.LOG1
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SAM.

SAM.LOG2
Path: C:\Windows\System32\config\SAM.LOG2
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SECURITY

SECURITY.LOG
Path: C:\Windows\System32\config\SECURITY.LOG
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SECURITY.

SECURITY.LOG1
Path: C:\Windows\System32\config\SECURITY.LOG1
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SECURITY.

SECURITY.LOG2
Path: C:\Windows\System32\config\SECURITY.LOG2
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SOFTWARE

SOFTWARE.LOG
Path: C:\Windows\System32\config\SOFTWARE.LOG
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SOFTWARE.

SOFTWARE.LOG1
Path: C:\Windows\System32\config\SOFTWARE.LOG1
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SOFTWARE.

SOFTWARE.LOG2
Path: C:\Windows\System32\config\SOFTWARE.LOG2
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SYSTEM

SYSTEM.LOG
Path: C:\Windows\System32\config\SYSTEM.LOG
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SYSTEM.

SYSTEM.LOG1
Path: C:\Windows\System32\config\SYSTEM.LOG1
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# SYSTEM.

SYSTEM.LOG2
Path: C:\Windows\System32\config\SYSTEM.LOG2
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# CoreAA

CoreAAC.ax
Path: C:\Windows\System32\CoreAAC.ax
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# CoreAVC Video Decoder

CoreAVC.ax CoreAVC DirectShow Video Decoder
Version: 0, 0, 0, 4 Copyright © 2005-2006
Path: C:\Windows\System32\CoreAVC.ax
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# desktop

desktop.ini
Path: C:\Windows\System32\desktop.ini
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Dirac Splitter

DiracSplitter.ax Dirac Splitter
Version: 1, 0, 0, 0 Copyright (C) 2003-2004 Gabest
Path: C:\Windows\System32\DiracSplitter.ax
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Msft_Kernel_Apfiltr_01005

Msft_Kernel_Apfiltr_01005.Wdf
Path: C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Matroska Splitter

MatroskaSplitter.ax Matroska Splitter
Version: 1, 0, 2, 7 Copyright (C) 2003-2005 Gabest
Path: C:\Windows\System32\MatroskaSplitter.ax
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info


# Ogg Splitter

OggSplitter.ax Ogg Splitter
Version: 1, 0, 0, 0 Copyright (C) 2003-2005 Gabest
Path: C:\Windows\System32\OggSplitter.ax
First Detected by WinPatrol: 12/19/2007 5:54 AM
Click for Plus Info

pynfmly
2007-12-23, 08:13
Thank You!!!

katana
2007-12-23, 14:31
You can safely disable any of these programs with Winpatrol

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

You need to disable [u]ONE of these
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

pynfmly
2007-12-23, 20:33
ok...just to make sure...

When I am in Winpatrol and I choose Apoint and click "disable", I get message asking me if I want winpatrol to remove it from memory. removing it from memory only prevents it from starting up on its own correct? It does not delete or uninstall it? The other option instead of disable is remove which does not give me any message...so I just wanted to clarify terms before I continued

Thanks

katana
2007-12-23, 21:23
Correct.

The entry will stay visible in Winpatrol, with "Disabled" next to it.

If you want to restart it just reverse the process

pynfmly
2007-12-28, 13:51
well...everything seems to be running smooth...
I have all of my protection in place...
I guess we've done all we can...
Is there anything you think we should do?

katana
2007-12-28, 14:12
You look good to go :bigthumb:

The only advice I can give is, be careful.
A recent report said that new malware is created at the rate of one every 45 seconds.
No scanner in the world can keep up with that rate, so it is up to you to do what you can to avoid "dodgey" sites and watch what you download and install.

Safe surfing

K'