clicks on google links go to other advert sites...and new reg change alerts @sysboot

[pynfmly]

Once again there two separate posts


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, December 13, 2007 10:22:20 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/12/2007
Kaspersky Anti-Virus database records: 481915
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 104999
Number of viruses found: 2
Number of infected objects: 53
Number of suspicious objects: 0
Duration of the scan process: 01:57:23

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\20071211051917\backup\Users\skrunch\AppData\Local\Temp\NERO14210\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A81000000003}\Enterprise.mnt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.ilg Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU18FC.txt Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\ProgramData\McAfee\MNA\NAData Object is locked skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Data\TFRF758.tmp Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dell.txt Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dfee9266286073de0835d49fa86e476f_9963db8b-1c5d-4e0c-86cb-d93489e8d1a7 Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Users\skrunch\AppData\Local\Ahead\Nero Home\bl.db Object is locked skipped
C:\Users\skrunch\AppData\Local\Ahead\Nero Home\is2.db Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012007121320071214\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\UsrClass.dat{b1379d3d-8745-11dc-84a7-001c23adc912}.TM.blf Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\UsrClass.dat{b1379d3d-8745-11dc-84a7-001c23adc912}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\skrunch\AppData\Local\Microsoft\Windows\UsrClass.dat{b1379d3d-8745-11dc-84a7-001c23adc912}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\skrunch\AppData\Local\SupportSoft\DellSupportCenter\skrunch\state\logs\sprtcmd.log Object is locked skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmahu.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmarb.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmbhm.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmcue.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmeqy.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmfqi.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmgqk.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmgyx.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhmb.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhtj.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhwu.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmijp.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmilt.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmilw.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmirz.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmjam.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmjou.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmkth.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmkwf.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlpx.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlqu.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlsa.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmmir.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmmsn.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmpyy.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmqnc.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmqyc.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmtdt.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmuca.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmues.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmuhg.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwad.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwce.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwte.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxbc.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxna.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxrq.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmzfv.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmzun.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Users\skrunch\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\skrunch\AppData\Roaming\Webroot\Spy Sweeper\Logs\071213194137.ses Object is locked skipped
C:\Users\skrunch\Desktop\Downloads\Nero-8.1.1.4_eng_trial_wch.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Users\skrunch\Desktop\Downloads\Nero-8.1.1.4_eng_trial_wch.exe 7-Zip: infected - 1 skipped
C:\Users\skrunch\NTUSER.DAT Object is locked skipped
C:\Users\skrunch\ntuser.dat.LOG1 Object is locked skipped
C:\Users\skrunch\ntuser.dat.LOG2 Object is locked skipped
C:\Users\skrunch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\skrunch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\skrunch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\setupact.log Object is locked skipped
C:\Windows\Panther\setuperr.log Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped

 

[pynfmly]

C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Broadcom Wireless LAN.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\McDefragTask.job Object is locked skipped
C:\Windows\Tasks\McQcTask.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmfiw.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmgqp.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmhlm.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmhtc.exe Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmhvy.exe Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmjsd.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmlze.exe Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmodb.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmpig.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmpyt.exe Infected: Trojan.Win32.DNSChanger.abk skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\dmxwx.tmp Infected: Trojan.Win32.DNSChanger.abk skipped
D:\Windows\security\database\secedit.sdb Object is locked skipped

Scan process completed.

 

[katana]

OTMoveIt
Please download OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmahu.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmarb.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmbhm.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmcue.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmeqy.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmfqi.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmgqk.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmgyx.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhmb.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhtj.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhwu.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmijp.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmilt.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmilw.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmirz.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmjam.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmjou.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmkth.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmkwf.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlpx.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlqu.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlsa.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmmir.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmmsn.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmpyy.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmqnc.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmqyc.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmtdt.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmuca.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmues.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmuhg.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwad.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwce.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwte.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxbc.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxna.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxrq.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmzfv.tmp
  C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmzun.tmp
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Close OTMoveIt
• Copy and paste the contents of the results box as a reply to this topic

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\\_OTMoveIt\\MovedFiles\\********_******.log
(where "********_******" is the "date_time")

Please post a fresh HJT log along with the OTMoveIt results

 

[pynfmly]

Here are the move it results

C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmahu.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmarb.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmbhm.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmcue.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmeqy.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmfqi.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmgqk.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmgyx.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhmb.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhtj.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmhwu.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmijp.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmilt.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmilw.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmirz.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmjam.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmjou.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmkth.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmkwf.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlpx.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlqu.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmlsa.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmmir.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmmsn.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmpyy.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmqnc.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmqyc.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmtdt.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmuca.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmues.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmuhg.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwad.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwce.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmwte.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxbc.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxna.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmxrq.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmzfv.tmp moved successfully.
C:\Users\skrunch\AppData\Local\VirtualStore\Windows\System32\dmzun.tmp moved successfully.

Created on 12/14/2007 05:20:09

 

[pynfmly]

Here is the HJT log...although it has the 12/12/07 date on it...I think that means this file is a duplicate of a previous file?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:32 AM, on 12/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Users\skrunch\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\skrunch.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10004 bytes

 

[katana]

That is an old one, I will need to see a fresh log to make sure the infection has not regenerated.

Please re-run HJT using the Do a system scan and save a log file button

 

[pynfmly]

I tried scanning and it gave me this log with the heading
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:32 AM, on 12/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

I tried restarting and rescanning to no avail...
I could do the DSS scan but I don't know if that will give you the info you are looking for...

Please let me know what you would like for me to do...

BTW...it has only just occurred to me that all of the security programs you had me turn off...are still off...should I be re-enabling them after I finish doing what you request each time?

sorry this is becoming so difficult-THANKS FOR YOUR HELP!!! :bow:

 

[katana]

It's better to leave Defender and Spysweeper until we are finished.

Yes, please do a DSS scan :bigthumb:

 

[pynfmly]

post #1

Deckard's System Scanner v20071014.68
Run by skrunch on 2007-12-15 17:08:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as skrunch.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:41 PM, on 12/15/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Webshots\webshots.scr
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\skrunch\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\skrunch.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10389 bytes

 

[pynfmly]

-- Files created between 2007-11-15 and 2007-12-15 -----------------------------

2007-12-13 15:33:00 0 d-------- C:\PLANES_TRAINS_AND_AUTOMOBILES
2007-12-13 12:37:57 0 d-------- C:\Program Files\DVDFab Platinum 3
2007-12-12 21:51:06 0 d-------- C:\Windows\system32\Kaspersky Lab
2007-12-11 11:39:03 0 d-------- C:\THE_EX
2007-12-11 11:00:12 0 d-------- C:\I_NOW_PRONOUNCE_CHUCK_LARRY
2007-12-10 06:03:36 0 d-------- C:\Program Files\Audible
2007-12-09 08:00:13 0 d-------- C:\Shrink Temps
2007-12-09 07:28:06 0 d-------- C:\Program Files\Super DVD Creator 9.25.0
2007-12-08 17:58:46 0 d-------- C:\Users\All Users\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Common Files\Nero
2007-12-05 23:31:17 0 d-------- C:\Ripped
2007-12-05 23:25:41 0 d-------- C:\Users\All Users\DVD Shrink
2007-12-05 23:25:38 0 d-------- C:\Program Files\DVD Shrink
2007-12-05 13:04:47 0 d-------- C:\Napoleon
2007-12-01 16:03:22 0 d-------- C:\Program Files\Common Files\Steam
2007-12-01 16:03:18 0 d-------- C:\Program Files\Steam
2007-11-27 20:55:29 0 d-------- C:\Program Files\Trend Micro
2007-11-27 06:26:41 0 d-------- C:\Program Files\CCleaner
2007-11-26 01:22:44 0 d-------- C:\Program Files\Another Matrix Screen Saver
2007-11-22 16:11:49 0 d-------- C:\Program Files\VideoLAN
2007-11-22 12:36:30 0 d-------- C:\Program Files\DV Series
2007-11-22 12:35:57 0 -rahs---- C:\MSDOS.SYS
2007-11-22 12:35:57 0 -rahs---- C:\IO.SYS
2007-11-21 05:53:25 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-11-21 05:32:08 0 d-------- C:\Program Files\STOPzilla!
2007-11-21 05:32:06 0 d-------- C:\Program Files\Common Files\iS3
2007-11-21 05:32:05 0 d-------- C:\Users\All Users\STOPzilla!
2007-11-20 21:10:10 0 d-------- C:\Program Files\Coupons
2007-11-20 21:10:09 31 --ah----- C:\Windows\uccspecc.sys
2007-11-18 13:41:19 0 d-------- C:\Users\All Users\Webroot
2007-11-18 13:41:19 0 d-------- C:\Program Files\Webroot
2007-11-18 13:40:56 164 --a------ C:\install.dat
2007-11-18 12:55:55 0 d-------- C:\Program Files\Lavasoft
2007-11-18 12:55:54 0 d-------- C:\Users\All Users\Lavasoft
2007-11-18 12:54:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 21:35:05 0 d-------- C:\Windows\PCHEALTH
2007-11-16 21:35:05 0 d-------- C:\Program Files\Microsoft.NET
2007-11-16 21:32:18 0 d-------- C:\Users\All Users\Microsoft Help
2007-11-16 21:31:32 0 dr-h----- C:\MSOCache


-- Find3M Report ---------------------------------------------------------------

2007-12-14 05:28:41 0 d-------- C:\Program Files\McAfee
2007-12-14 05:18:20 0 d-------- C:\Users\skrunch\AppData\Roaming\uTorrent
2007-12-13 23:31:06 0 d-------- C:\Users\skrunch\AppData\Roaming\Vso
2007-12-13 12:39:42 34 --a------ C:\Users\skrunch\AppData\Roaming\pcouffin.log
2007-12-13 12:38:05 7824 --a------ C:\Users\skrunch\AppData\Roaming\pcouffin.cat
2007-12-08 18:03:28 0 d-------- C:\Users\skrunch\AppData\Roaming\Nero
2007-12-08 17:58:46 0 d-------- C:\Program Files\Common Files
2007-12-05 23:40:11 0 d-------- C:\Program Files\Google
2007-12-04 21:25:21 0 d-------- C:\Users\skrunch\AppData\Roaming\CyberLink
2007-11-22 16:14:46 0 d-------- C:\Users\skrunch\AppData\Roaming\vlc
2007-11-18 17:38:40 0 d-------- C:\Users\skrunch\AppData\Roaming\MusicNet
2007-11-18 13:41:19 0 d-------- C:\Users\skrunch\AppData\Roaming\Webroot
2007-11-16 21:36:08 0 d-------- C:\Program Files\Microsoft Works
2007-11-15 06:05:15 0 d-------- C:\Program Files\Windows Mail
2007-11-14 23:06:17 0 d-------- C:\Users\skrunch\AppData\Roaming\Roxio
2007-11-14 21:26:19 0 d-------- C:\Program Files\Dell Support Center
2007-11-14 21:25:43 0 d-------- C:\Program Files\Common Files\supportsoft
2007-11-14 20:41:40 0 d-------- C:\Program Files\uTorrent
2007-11-09 00:01:39 0 d-------- C:\Users\skrunch\AppData\Roaming\WinRAR
2007-11-08 06:08:59 0 d-------- C:\Program Files\iTunes
2007-11-08 06:08:45 0 d-------- C:\Program Files\iPod
2007-11-08 06:06:08 0 d-------- C:\Program Files\QuickTime
2007-11-07 20:56:04 0 d-------- C:\Program Files\SigmaTel
2007-11-07 20:55:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-04 08:56:55 0 d-------- C:\Users\skrunch\AppData\Roaming\Webshots
2007-11-04 08:56:55 0 d-------- C:\Program Files\Webshots
2007-11-03 21:19:38 0 d-------- C:\Program Files\EA GAMES
2007-11-03 11:07:56 141132 --a------ C:\Windows\hpoins14.dat
2007-11-03 11:05:46 0 d-------- C:\Program Files\HP
2007-11-03 11:05:33 0 d-------- C:\Users\skrunch\AppData\Roaming\HPAppData
2007-11-03 11:03:06 0 d-------- C:\Program Files\Common Files\HP
2007-11-03 11:02:38 0 d-------- C:\Program Files\Hewlett-Packard
2007-11-03 11:02:20 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-11-03 10:45:36 0 d-------- C:\Program Files\Cucusoft
2007-11-03 10:34:21 0 d-------- C:\Program Files\Replay AV 8
2007-11-03 10:32:09 0 d-------- C:\Program Files\WinPcap
2007-11-03 10:29:30 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-11-01 20:05:42 0 d-------- C:\Users\skrunch\AppData\Roaming\Adobe
2007-10-31 17:04:48 0 d--h----- C:\Users\skrunch\AppData\Roaming\GTek
2007-10-30 22:11:35 0 d-------- C:\Users\skrunch\AppData\Roaming\Apple Computer
2007-10-30 22:09:01 0 d-------- C:\Program Files\Apple Software Update
2007-10-30 22:07:49 0 d-------- C:\Program Files\Common Files\Apple
2007-10-30 22:04:30 0 --a------ C:\Windows\nsreg.dat
2007-10-30 22:04:28 0 d-------- C:\Users\skrunch\AppData\Roaming\Mozilla
2007-10-30 20:07:46 0 d-------- C:\Program Files\Microsoft FrontPage
2007-10-30 20:05:25 0 d-------- C:\Users\skrunch\AppData\Roaming\Microsoft Web Folders
2007-10-30 19:11:51 0 d-------- C:\Users\skrunch\AppData\Roaming\Google
2007-10-30 18:54:31 0 d-------- C:\Users\skrunch\AppData\Roaming\Macromedia
2007-10-30 18:47:31 174 --ahs---- C:\Program Files\desktop.ini
2007-10-30 18:44:40 0 d-------- C:\Program Files\Windows Calendar
2007-10-30 18:35:19 0 d-------- C:\Program Files\MSXML 4.0
2007-10-30 18:27:22 0 d-------- C:\Users\skrunch\AppData\Roaming\Identities
2007-10-26 00:47:55 0 d-------- C:\Program Files\DellTPad
2007-10-26 00:41:44 0 d-------- C:\Program Files\Windows Defender
2007-10-25 17:23:26 0 d-------- C:\Program Files\Dell
2007-10-25 17:19:40 0 d-------- C:\Program Files\Common Files\McAfee
2007-10-25 17:19:31 0 d-------- C:\Program Files\McAfee.com
2007-10-25 17:18:38 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-25 17:18:11 0 d-------- C:\Program Files\Dell DataSafe Online
2007-10-25 17:17:17 0 d-------- C:\Program Files\Yahoo!
2007-10-25 17:16:30 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-10-25 17:14:59 0 d-------- C:\Program Files\DellSupport
2007-10-25 17:13:25 0 d-------- C:\Program Files\CyberLink
2007-10-25 17:11:52 0 d-------- C:\Program Files\Roxio
2007-10-25 17:11:39 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-25 17:10:34 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-25 17:09:27 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-25 17:08:09 0 d--h----- C:\Program Files\Creative Installation Information
2007-10-25 17:07:38 0 d-------- C:\Program Files\Creative
2007-10-25 17:07:31 0 d-------- C:\Program Files\Common Files\Creative
2007-10-25 17:07:12 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-10-25 17:07:12 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-10-25 17:06:36 0 d-------- C:\Program Files\Common Files\Creative Labs Shared
2007-10-25 17:06:29 0 d-------- C:\Program Files\Broadcom
2007-10-25 17:06:19 0 d-------- C:\Program Files\Digital Line Detect
2007-10-25 17:05:50 0 d-------- C:\Program Files\NetWaiting
2007-10-25 17:05:25 0 d-------- C:\Program Files\Modem Diagnostic Tool
2007-10-25 17:00:27 0 d-------- C:\Program Files\Java
2007-10-25 17:00:27 0 d-------- C:\Program Files\Common Files\Java
2007-10-25 16:52:54 0 d-------- C:\Program Files\CONEXANT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 03:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 05:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/26/2007 12:41 AM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [04/17/2007 09:31 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [07/01/2007 11:14 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [07/01/2007 11:13 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [07/01/2007 11:14 PM]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [11/27/2006 08:14 AM]
"UpdReg"="C:\Windows\UpdReg.EXE" [05/11/2000 12:00 AM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [03/21/2007 01:33 PM]
"@"="" []
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 06:57 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 09:33 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 08:34 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [09/07/2007 10:23 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 08:51 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 06:36 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:35 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [10/09/2007 06:56 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [10/23/2007 02:18 PM]

C:\Users\skrunch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [11/4/2007 8:56:51 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/25/2007 5:06:18 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 8:26:24 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 5:13:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-12-15 17:09:27 ------------

 

[katana]

Congratulations your logs look clean

Let’s see if I can help you keep it that way

First lets tidy up

Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.

Delete any logs we have produced and empty your recycle bin

Set correct settings for files that should be hidden in Windows Vista
Click the Start Orb and type folder options in the search space
Select the shortcut under Programs for Folder Options
Click the View Tab
Under Advanced Settings for Files and Folders, click Do not show hidden files and folders
Click OK



Enable SpySweeper
If you have Spy Sweeper version 4:

• Open it, Click Options over on the left, then Program options
• Checkmark load at windows startup.
• Over to the left, Click shields and Checkmark all there.
• Checkmark home page shield.
• Checkmark automatically restore default without notification.
• Reboot your computer, and verify SpySweeper is disabled.

If you have SpySweeper version 5:

• Open SpySweeper, click Shield Settings on the right
  (or Shields on the left, depending what screen you're on).
• Click Internet Explorer and Checkmark all items.
• Click Windows System and Checkmark all items.
• Click Hosts File and Checkmark all items.
• Click Startup Programs and Checkmark all items.
• Close SpySweeper.

Enable Windows Defender

• Open Windows Defender
• Click Tools
• Click General Settings
• Scroll down to Real Time Protection Options
• Check Turn on Real Time Protection (recommended)
• Close Windows Defender

Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,

Click Start\Control Panel\System and Maintenance\System
In the left pane, click System Protection. If you are prompted for an administrator password or UAC confirmation, type the password or provide confirmation
To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK.
Restart your computer

Turn ON System Restore

Click Start\Control Panel\System and Maintenance\System
In the left pane, click System Protection. If you are prompted for an administrator password or UAC confirmation, type the password or provide confirmation.

To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.

The following is some info on staying safe, CHECK that any program you try is Vista compatible
AntiSpyware

• 
  AntiSpyware is not the same thing as Antivirus.
  Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
  You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
  All of the programs in this list have a free version,
  it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
• Spybot - Search & Destroy <<< A must have program
  • It includes host protection and registry protection
  • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
• a-squared Free <<< A good "realtime" or "on demand" scanner
• AVG Anti-Spyware 7.5 <<< A good "realtime" or "on demand" scanner
• superantispyware <<< A good "realtime" or "on demand" scanner
• Ad-Aware 2007 Free <<< A good "realtime" or "on demand" scanner

Prevention

• 
  These programs don't detect malware, they help stop it getting on your machine in the first place.
  Each does a different job, so you can have more than one
• Winpatrol
  • An excellent startup manager and then some !!
  • Notifies you if programs are added to startup
  • Allows delayed startup
  • A must have addition
• SpywareBlaster 3.5.1
  • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
• SpywareGuard 2.2
  • SpywareGuard provides real-time protection against spyware.
  • Not required if you have other "realtime" antispyware or Winpatrol
• ZonedOut
  • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
• MVPS HOSTS
  • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
  • For information on how to download and install, please read this tutorial by WinHelp2002.
  • Not required if you are using other host file protections

Internet Browsers

• 
  Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
  Using a different web browser can help stop malware getting on your machine.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
       • Change the Download signed ActiveX controls to Prompt
       • Change the Download unsigned ActiveX controls to Disable
       • Change the Initialise and script ActiveX controls not marked as safe to Disable
       • Change the Installation of desktop items to Prompt
       • Change the Launching programs and files in an IFRAME to Prompt
       • Change the Navigate sub-frames across different domains to Prompt
       • When all these settings have been made, click on the OK button.
       • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  If you are still using IE6 then either update, or get one of the following.
  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential
  • Opera
    • Another popular alternative
  • Netscape
    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

• 
  Temporary Internet Files are mainly the files that are downloaded when you open a web page.
  Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
  It is a good idea to empty the Temporary Internet Files folder on a regular basis.
  
  Tracking Cookies are files that websites use to monitor which sites you visit and how often.
  A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
  CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
  
  Both of these can be cleaned manually, but a quicker option is to use a program
• ATF Cleaner
  • Free and very simple to use
• CCleaner
  • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

 

[pynfmly]

well...I couldn't even make it past the first step :red:
I opened OTMoveit and clicked cleanup....but then I got an error "File access denied" I stopped there and decided to see what you thought about it...

ALMOST THERE!!!
YAHOO!!!

 

[katana]

It's probably something to do with UAC.
Try Right click OTMoveIT.exe and run as administrator

 

[pynfmly]

For
* Open Windows Defender
* Click Tools
* Click General Settings
* Scroll down to Real Time Protection Options
* Check Turn on Real Time Protection (recommended)
* Close Windows Defender

I do not have "General Settings in my Tools...how shall I proceed?

 

[katana]

Looking at the logs, it never actually got disabled so you don't need to worry about that.

Re-enable Teatimer as well

 

[pynfmly]

I'm almost done!
Please hang in there with for another couple of days...
I am just making sure I go through the additional program information thoroughly. I just didn't want this post deleted yet. I'm trying to get this taken care of between work, family and school
But I am working on it and will fill you in on my progress in another day or so...

THANKS!!!

 

[katana]

Don't panic

I will make sure this thread is not closed until you are ready.

 

[pynfmly]

Can you verify for me to make sure my s&d and teatimer is active and turned on properly?

thanks

 

[katana]

If you post a new HJT log, then yes. :

 

[pynfmly]

The HJT file once again showed several days old...so I ran with the DSS here...hope that's ok
Deckard's System Scanner v20071014.68
Run by skrunch on 2007-12-19 23:03:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as skrunch.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:35 PM, on 12/19/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Webshots\webshots.scr
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\skrunch\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\skrunch.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0120041198126407) (0120041198126407mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\012004~1.EXE
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11368 bytes