Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"Error loading dll" help [RESOLVED]

Started by allsmiles , Jan 30 2008 06:59 PM

  • This topic is locked This topic is locked

#1
allsmiles
Posted 30 January 2008 - 06:59 PM

allsmiles

    New Member

  • Member
  • Pip
  • 8 posts
Hello! I'm new here, but I've been browsing this site for the past few days hoping to stumble across some information that could help me fix my computer issue. I've found that most of this stuff is too technical for me to fix it on my own, so I'm hoping with this information I'm posting now, I may find some unique help.

I was having problems with internet pop-ups on my new laptop, and so blocked some sites, heightened my security settings and downloaded several spyware programs to help combat this. The programs found a few infected items and I deleted them, but after deleting the items, and subsequently restarting my computer to make sure the removal was successful, I started getting windows pop-ups during start up saying "Error loading c:\users\nina\appdata\local\temp\yayab.dll" and others, and that the specified module could not be found.

I still get random pop-ups, despite the programs I downloaded, but my main concern is these windows at startup. It's really becoming a nuisance, and I'd appreciate any help I can get right now to fix and protect my new investment.

Here is the hijackthis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:21 PM, on 1/30/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AD Killer\adkiller.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AD Killer] C:\Program Files\AD Killer\adkiller.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Nina\AppData\Local\Temp\yayab.dll,#1
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Nina\AppData\Local\Temp\jkkig.dll,c
O4 - HKCU\..\Run: [781957c0] rundll32.exe "C:\Users\Nina\AppData\Local\Temp\smhtmctl.dll",b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\AD Killer\adkiller.exe
O9 - Extra 'Tools' menuitem: &AD Killer - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\AD Killer\adkiller.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12210 bytes


Please help. :)

-Nina :)

Edited by allsmiles, 30 January 2008 - 07:00 PM.

  • 0

Advertisements

#2
Rorschach112
Posted 08 February 2008 - 09:27 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
allsmiles
Posted 08 February 2008 - 05:13 PM

allsmiles

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay, here are the results. Thanks for the help, by the way. :) What's next?

MAIN .TXT

Deckard's System Scanner v20071014.68
Run by Nina on 2008-02-08 17:03:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
15: 2008-02-08 06:42:55 UTC - RP98 - Installed Rhapsody Player Engine
14: 2008-02-08 06:37:49 UTC - RP97 - Device Driver Package Install: NCH Swift Sound Sound, video and game controllers
13: 2008-02-08 06:11:15 UTC - RP96 - Removed Rhapsody Player Engine
12: 2008-02-07 20:59:54 UTC - RP95 - Windows Update
11: 2008-02-07 14:52:33 UTC - RP94 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-02-02 04:23:41 UTC - RP83 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Nina.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:00 PM, on 2/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AD Killer\adkiller.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Nina\Desktop\dss.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nina.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AD Killer] C:\Program Files\AD Killer\adkiller.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\AD Killer\adkiller.exe
O9 - Extra 'Tools' menuitem: &AD Killer - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\AD Killer\adkiller.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11392 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
R3 NCHSSVAD (SoundTap Recorder) - c:\windows\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>
R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys

S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-02-08 16:59:28 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{C7F9AEE9-C00E-454D-B760-B440F4F34A40}.job
2008-02-01 01:00:00 348 --a------ C:\Windows\Tasks\McQcTask.job
2008-01-15 20:07:29 356 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-01-08 and 2008-02-08 -----------------------------

2008-02-08 00:43:15 0 d-------- C:\Program Files\Real
2008-02-08 00:37:39 26112 --a------ C:\Windows\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>
2008-02-08 00:37:36 0 d-------- C:\Program Files\NCH Swift Sound
2008-02-07 23:26:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-05 18:55:32 0 d-------- C:\Users\Nina\.thumbnails <THUMBN~1>
2008-02-02 19:11:59 0 d-------- C:\Program Files\Easy MP3 Sound Recorder
2008-02-02 17:45:03 0 d-------- C:\Users\All Users\NCH Swift Sound
2008-02-01 22:30:33 0 d-------- C:\Program Files\Family Feud
2008-01-30 23:09:29 0 d-------- C:\Users\Nina\.gimp-2.4 <GIMP-2~1.4>
2008-01-30 19:07:17 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-01-30 18:21:14 0 d-------- C:\Program Files\Trend Micro
2008-01-29 17:03:51 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-29 17:03:37 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-29 16:46:10 0 d-------- C:\Users\All Users\Prevx
2008-01-29 09:50:54 0 d-------- C:\Program Files\AD Killer
2008-01-28 23:11:35 0 d-------- C:\Users\All Users\Lavasoft
2008-01-28 23:11:35 0 d-------- C:\Program Files\Lavasoft
2008-01-28 23:10:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 21:29:02 0 d-------- C:\Program Files\Common Files\Scanner
2008-01-28 21:28:58 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-01-28 21:27:39 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-01-28 21:26:01 0 d-------- C:\Windows\cache
2008-01-26 20:08:26 0 d-------- C:\Users\Nina\Bluetooth Software <BLUETO~1>
2008-01-26 02:33:58 0 dr------- C:\Users\Nina\Contacts
2008-01-26 01:46:21 0 d-------- C:\Program Files\WinFF
2008-01-26 00:52:53 0 d-------- C:\Program Files\WordWeb
2008-01-25 22:00:44 0 d-------- C:\Users\All Users\Sony Online Entertainment
2008-01-25 22:00:44 0 d-------- C:\Program Files\Sony Online Entertainment
2008-01-24 20:40:02 2560 --a------ C:\Windows\_MSRSTRT.EXE
2008-01-24 14:50:29 150528 --a------ C:\Windows\unSpySweeper.exe <Not Verified; Webroot Software, Inc.; >
2008-01-24 14:50:28 0 d-------- C:\Program Files\Webroot
2008-01-24 14:33:02 0 d-------- C:\Users\Nina\Random Files <RANDOM~1>
2008-01-23 12:08:21 0 d-------- C:\Program Files\Common Files\Deterministic Networks
2008-01-23 11:18:24 0 d-------- C:\Program Files\Cisco Systems
2008-01-23 10:42:09 0 d-------- C:\Program Files\MSXML 4.0
2008-01-23 00:42:31 0 d-------- C:\Program Files\WIDCOMM
2008-01-23 00:38:44 0 d-------- C:\Users\All Users\Yahoo!
2008-01-22 23:39:40 0 d-------- C:\Program Files\EA GAMES
2008-01-22 23:39:39 442368 -ra------ C:\Windows\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-01-22 23:29:36 0 d--h----- C:\Windows\msdownld.tmp
2008-01-22 23:29:28 0 d-------- C:\Windows\system32\directx
2008-01-22 23:27:47 0 d-------- C:\Program Files\Yahoo!
2008-01-22 23:22:07 0 d-------- C:\Program Files\iPod
2008-01-22 23:22:04 0 d-------- C:\Program Files\iTunes
2008-01-22 23:21:14 0 d-------- C:\Program Files\Bonjour
2008-01-22 23:20:29 0 d-------- C:\Program Files\QuickTime
2008-01-22 23:20:27 0 d-------- C:\Users\All Users\Apple Computer
2008-01-22 23:20:03 0 d-------- C:\Program Files\Apple Software Update
2008-01-22 23:19:12 0 d-------- C:\Program Files\Common Files\Apple
2008-01-22 23:19:11 0 d-------- C:\Users\All Users\Apple
2008-01-22 23:18:20 0 d-------- C:\Program Files\GIMP-2.0
2008-01-22 21:21:33 0 d-------- C:\Windows\system32\vmm32
2008-01-22 17:47:59 25088 -----n--- C:\Windows\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-01-22 17:47:58 44032 -----n--- C:\Windows\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-01-22 17:15:37 0 d-------- C:\Intel
2008-01-22 17:14:12 0 d--hs---- C:\Users\Nina\Templates <TEMPLA~1>
2008-01-22 17:14:12 0 d--hs---- C:\Users\Nina\Start Menu <STARTM~1>
2008-01-22 17:14:12 0 d--hs---- C:\Users\Nina\SendTo
2008-01-22 17:14:12 0 d--hs---- C:\Users\Nina\Recent
2008-01-22 17:14:12 0 d--hs---- C:\Users\Nina\PrintHood <PRINTH~1>
2008-01-22 17:14:12 0 d--hs---- C:\Users\Nina\NetHood
2008-01-22 17:14:12 0 d--hs---- C:\Users\Nina\My Documents <MYDOCU~1>
2008-01-22 17:14:12 0 d--hs---- C:\Users\Nina\Local Settings <LOCALS~1>
2008-01-22 17:14:12 0 d--hs---- C:\Users\Nina\Cookies
2008-01-22 17:14:12 0 d--hs---- C:\Users\Nina\Application Data <APPLIC~1>
2008-01-22 17:14:11 2359296 --ahs---- C:\Users\Nina\NTUSER.DAT
2008-01-22 17:14:11 0 dr------- C:\Users\Nina\Favorites <FAVORI~1>
2008-01-22 17:14:11 0 dr------- C:\Users\Nina\Desktop
2008-01-22 17:14:11 0 d--h----- C:\Users\Nina\AppData
2008-01-22 17:13:29 0 d--hs---- C:\Users\Default\Templates <TEMPLA~1>
2008-01-22 17:13:29 0 d--hs---- C:\Users\Default\Start Menu <STARTM~1>
2008-01-22 17:13:29 0 d--hs---- C:\Users\Default\SendTo
2008-01-22 17:13:29 0 d--hs---- C:\Users\Default\Recent
2008-01-22 17:13:29 0 d--hs---- C:\Users\Default\PrintHood <PRINTH~1>
2008-01-22 17:13:29 0 d--hs---- C:\Users\Default\NetHood
2008-01-22 17:13:29 0 d--hs---- C:\Users\Default\My Documents <MYDOCU~1>
2008-01-22 17:13:29 0 d--hs---- C:\Users\Default\Local Settings <LOCALS~1>
2008-01-22 17:13:29 0 d--hs---- C:\Users\Default\Cookies
2008-01-22 17:13:29 0 d--hs---- C:\Users\Default\Application Data <APPLIC~1>
2008-01-22 17:13:29 0 d--hs---- C:\Users\All Users\Templates <TEMPLA~1>
2008-01-22 17:13:29 0 d--hs---- C:\Users\All Users\Start Menu <STARTM~1>
2008-01-22 17:13:29 0 d--hs---- C:\Users\All Users\Favorites <FAVORI~1>
2008-01-22 17:13:29 0 d--hs---- C:\Users\All Users\Documents
2008-01-22 17:13:29 0 d--hs---- C:\Users\All Users\Desktop
2008-01-22 17:13:29 0 d--hs---- C:\Users\All Users\Application Data <APPLIC~1>
2008-01-16 03:15:06 0 d-------- C:\Program Files\DellTPad
2008-01-16 03:04:48 0 d-------- C:\Windows\Users
2008-01-16 03:00:12 0 d------c- C:\doctemp
2008-01-16 02:58:26 0 d-------- C:\Windows\system32\oem
2008-01-16 02:58:24 0 d-------- C:\Drivers
2008-01-16 02:58:24 0 d------c- C:\DELL
2008-01-15 20:01:50 0 d-------- C:\Users\All Users\Dell
2008-01-15 19:59:57 0 d-------- C:\Users\All Users\CyberLink
2008-01-15 19:59:20 0 d-------- C:\Program Files\CyberLink
2008-01-15 19:58:58 0 d-------- C:\Users\All Users\SupportSoft
2008-01-15 19:58:33 0 d-------- C:\Program Files\Dell Support Center
2008-01-15 19:58:33 0 d-------- C:\Program Files\Common Files\supportsoft
2008-01-15 19:57:00 143360 --a------ C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-01-15 19:56:07 0 d-------- C:\Program Files\McAfee.com
2008-01-15 19:56:06 0 d-------- C:\Program Files\Common Files\McAfee
2008-01-15 19:56:04 0 d-------- C:\Program Files\McAfee
2008-01-15 19:56:01 0 d-------- C:\Users\All Users\McAfee
2008-01-15 19:55:54 0 d-------- C:\Users\All Users\Google
2008-01-15 19:55:15 0 d-------- C:\Users\All Users\Adobe
2008-01-15 19:55:09 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-15 19:53:36 0 d-------- C:\Program Files\Dell DataSafe Online
2008-01-15 19:52:13 0 d-------- C:\Program Files\Microsoft Works
2008-01-15 19:51:55 0 d-------- C:\Windows\PCHEALTH
2008-01-15 19:51:55 0 d-------- C:\Program Files\Microsoft.NET
2008-01-15 19:50:30 0 d-------- C:\Users\All Users\Microsoft Help
2008-01-15 19:49:47 0 dr-h----- C:\MSOCache
2008-01-15 19:48:02 0 d-------- C:\Users\All Users\Roxio
2008-01-15 19:45:46 0 d-------- C:\Users\All Users\InstallShield
2008-01-15 19:45:31 0 d-------- C:\Users\All Users\Sonic
2008-01-15 19:44:54 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-15 19:44:39 0 d-------- C:\Windows\Downloaded Installations
2008-01-15 19:44:31 126976 --a------ C:\Windows\system32\Imsmudlg.exe <Not Verified; Intel® Corporation; Uninstset Installation Utility>
2008-01-15 19:44:31 0 d-------- C:\Windows\system32\ENU
2008-01-15 19:39:13 76 -r-hs---- C:\Windows\CT4CET.bin
2008-01-15 19:37:48 0 d-------- C:\Program Files\Creative Live! Cam
2008-01-15 19:37:33 0 d-------- C:\Program Files\Dell
2008-01-15 19:36:50 0 d-------- C:\Program Files\Intel, Inc
2008-01-15 19:36:38 0 d-------- C:\Users\Default\Roaming
2008-01-15 19:36:20 0 d-------- C:\Users\All Users\Intel
2008-01-15 19:36:17 0 d-------- C:\Program Files\Intel
2008-01-15 19:35:19 0 d-------- C:\Program Files\Common Files\Creative
2008-01-15 19:35:15 0 d--h----- C:\Program Files\Creative Installation Information
2008-01-15 19:35:01 66560 -----n--- C:\Windows\system32\CmdRtr.dll
2008-01-15 19:35:01 101376 -----n--- C:\Windows\system32\APOMngr.dll
2008-01-15 19:35:00 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-01-15 19:35:00 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-01-15 19:34:22 0 d-------- C:\Program Files\Creative
2008-01-15 19:34:17 0 d-------- C:\Users\All Users\Creative
2008-01-15 19:34:16 0 d-------- C:\Users\All Users\Creative Labs
2008-01-15 19:34:15 0 d-------- C:\Program Files\Common Files\Creative Labs Shared
2008-01-15 19:33:42 0 d-------- C:\Program Files\Digital Line Detect
2008-01-15 19:33:07 0 d-------- C:\Program Files\NetWaiting
2008-01-15 19:33:03 0 d-------- C:\Program Files\Modem Diagnostic Tool
2008-01-15 19:32:56 0 d-------- C:\Windows\java
2008-01-15 19:32:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-15 19:32:54 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-15 19:32:46 0 d-------- C:\Program Files\Java
2008-01-15 19:32:46 0 d-------- C:\Program Files\Common Files\Java
2008-01-15 19:31:52 12 --a------ C:\Windows\bthservsdp.dat
2008-01-15 19:30:42 0 d--hs---- C:\Windows\Installer
2008-01-15 19:29:42 0 d-------- C:\Windows\system32\Macromed
2008-01-15 19:21:58 0 d-------- C:\Windows\SoftwareDistribution
2008-01-15 19:21:16 0 d-------- C:\Program Files\CONEXANT
2008-01-15 19:21:03 0 d-------- C:\Program Files\Sigmatel
2008-01-15 19:19:55 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-02-08 00:37:36 0 d-------- C:\Users\Nina\AppData\Roaming\NCH Swift Sound
2008-02-05 18:55:36 0 d-------- C:\Users\Nina\AppData\Roaming\gtk-2.0
2008-02-02 19:56:36 0 d-------- C:\Users\Nina\AppData\Roaming\Creative
2008-02-02 18:01:41 0 d-------- C:\Users\Nina\AppData\Roaming\InstallShield
2008-02-02 17:45:19 0 d-------- C:\Users\Nina\AppData\Roaming\Recordpad
2008-01-29 17:03:37 0 d-------- C:\Users\Nina\AppData\Roaming\SUPERAntiSpyware.com
2008-01-29 16:46:51 0 d-------- C:\Users\Nina\AppData\Roaming\PrevxCSI
2008-01-28 23:10:26 0 d-------- C:\Program Files\Common Files
2008-01-28 21:39:18 0 d-------- C:\Program Files\Windows Mail
2008-01-28 21:27:39 0 d-------- C:\Users\Nina\AppData\Roaming\Yahoo!
2008-01-27 04:23:17 0 d-------- C:\Users\Nina\AppData\Roaming\Tunebite
2008-01-26 16:05:29 0 d-------- C:\Users\Nina\AppData\Roaming\LimeWire
2008-01-26 01:46:26 0 d-------- C:\Users\Nina\AppData\Roaming\Winff
2008-01-24 20:18:57 0 d-------- C:\Users\Nina\AppData\Roaming\Real
2008-01-24 00:47:44 0 d-------- C:\Users\Nina\AppData\Roaming\Adobe
2008-01-23 19:45:44 0 d-------- C:\Users\Nina\AppData\Roaming\CyberLink
2008-01-23 10:49:58 0 d-------- C:\Program Files\Windows Sidebar
2008-01-23 10:48:46 0 d-------- C:\Users\Nina\AppData\Roaming\Roxio
2008-01-22 23:22:24 0 d-------- C:\Users\Nina\AppData\Roaming\Apple Computer
2008-01-22 23:02:15 0 d-------- C:\Users\Nina\AppData\Roaming\Earthlink
2008-01-22 21:17:48 0 d-------- C:\Users\Nina\AppData\Roaming\Intel
2008-01-22 20:59:34 0 d-------- C:\Users\Nina\AppData\Roaming\Google
2008-01-22 20:57:13 0 d-------- C:\Users\Nina\AppData\Roaming\Macromedia
2008-01-22 17:15:06 0 d-------- C:\Users\Nina\AppData\Roaming\Identities
2008-01-16 03:10:26 0 d-------- C:\Program Files\Windows Calendar
2008-01-16 03:07:05 0 d-------- C:\Program Files\Windows Defender


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
10/01/2007 07:55 AM 329024 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/16/2008 03:07 AM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [09/07/2007 12:49 AM]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [08/27/2007 11:51 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [11/12/2007 05:07 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [12/14/2007 09:54 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [12/14/2007 09:53 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [12/14/2007 09:53 PM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [07/27/2007 04:43 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [03/21/2007 01:00 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 11:37 AM]
"@"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 06:57 PM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [11/01/2007 03:39 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"AD Killer"="C:\Program Files\AD Killer\adkiller.exe" [05/05/2003 07:26 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [10/09/2007 06:56 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:35 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [02/25/2004 11:48 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/23/2008 10:45 AM]

C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [1/26/2008 12:52:55 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [6/7/2006 5:05:38 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/15/2008 7:34:02 PM]
VPN Client.lnk - C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [1/23/2008 12:11:09 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-02-08 17:07:44 ------------

Edited by allsmiles, 08 February 2008 - 05:19 PM.

  • 0

#4
allsmiles
Posted 08 February 2008 - 05:20 PM

allsmiles

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
EXTRA. TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 2037.43 MiB / 933.05 MiB
Pagefile Memory (total/avail): 4292.88 MiB / 3003.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.59 MiB

C: is Fixed (NTFS) - 99.23 GiB total, 74.08 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.2 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HM121HI - 111.79 GiB - 4 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 99.23 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
AUState says computer is ready and waiting.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Nina\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NINA-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Nina
LOCALAPPDATA=C:\Users\Nina\AppData\Local
LOGONSERVER=\\NINA-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Nina\AppData\Local\Temp
TMP=C:\Users\Nina\AppData\Local\Temp
USERDOMAIN=Nina-PC
USERNAME=Nina
USERPROFILE=C:\Users\Nina
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Nina


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
AD Killer 1.20 --> "C:\Program Files\AD Killer\unins000.exe"
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Cisco Systems VPN Client 5.0.01.0600 --> MsiExec.exe /X{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\Setup.exe" -l0x9 /remove
Dell DataSafe Online --> MsiExec.exe /I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Getting Started Guide --> MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Family Feud --> "C:\Program Files\Family Feud\uninstall.exe"
GIMP 2.4.2 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
Intel® PROSet/Wireless Software --> C:\Windows\Installer\iProInst.exe
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JEOPARDY! (remove only) --> "C:\Program Files\Sony Online Entertainment\JEOPARDY!\Uninstall JEOPARDY!.exe"
Laptop Integrated Webcam Driver (1.04.01.1011) --> C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator --> C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0 --> C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
mCore --> MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
NCH Toolbox --> C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoundTap --> C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
Spy Sweeper --> C:\Windows\unSpySweeper.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Mobile Device Center Driver Update --> MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
WinFF 0.33 --> "C:\Program Files\WinFF\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordWeb --> C:\Program Files\WordWeb\uninst.exe
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type9508 / Success
Event Submitted/Written: 02/08/2008 04:57:03 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type9507 / Success
Event Submitted/Written: 02/08/2008 04:57:02 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type9499 / Success
Event Submitted/Written: 02/08/2008 04:56:09 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type9490 / Success
Event Submitted/Written: 02/08/2008 00:46:18 AM
Event ID/Source: 903 / Software Licensing Service
Event Description:
The Software Licensing service has stopped.

Event Record #/Type9488 / Warning
Event Submitted/Written: 02/08/2008 00:46:14 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2389467937-3131003347-2801825376-1000_Classes:
Process 908 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2389467937-3131003347-2801825376-1000_CLASSES



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35433 / Warning
Event Submitted/Written: 02/08/2008 05:06:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Nina-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Nina-PC27 can't undo changes that you allow.

For more information please see the following:
%Nina-PC275

Scan ID: {6A65A859-336D-4647-A7D8-7C89D49F0EA2}

User: Nina-PC\Nina

Name: %Nina-PC271

ID: %Nina-PC272

Severity ID: %Nina-PC273

Category ID: %Nina-PC274

Path Found: %Nina-PC276

Alert Type: %Nina-PC278

Detection Type: 1.1.1505.02

Event Record #/Type35432 / Warning
Event Submitted/Written: 02/08/2008 05:06:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Nina-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Nina-PC27 can't undo changes that you allow.

For more information please see the following:
%Nina-PC275

Scan ID: {F8EA5D55-29CB-42CF-9CAD-5CDFAEB66BE1}

User: Nina-PC\Nina

Name: %Nina-PC271

ID: %Nina-PC272

Severity ID: %Nina-PC273

Category ID: %Nina-PC274

Path Found: %Nina-PC276

Alert Type: %Nina-PC278

Detection Type: 1.1.1505.02

Event Record #/Type35431 / Warning
Event Submitted/Written: 02/08/2008 05:06:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Nina-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Nina-PC27 can't undo changes that you allow.

For more information please see the following:
%Nina-PC275

Scan ID: {1B8CB895-0423-4F3B-A844-FBDBBA6EFD90}

User: Nina-PC\Nina

Name: %Nina-PC271

ID: %Nina-PC272

Severity ID: %Nina-PC273

Category ID: %Nina-PC274

Path Found: %Nina-PC276

Alert Type: %Nina-PC278

Detection Type: 1.1.1505.02

Event Record #/Type35430 / Warning
Event Submitted/Written: 02/08/2008 05:06:10 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Nina-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Nina-PC27 can't undo changes that you allow.

For more information please see the following:
%Nina-PC275

Scan ID: {86C1F15F-599F-4CD8-B9BF-DE6F01730489}

User: Nina-PC\Nina

Name: %Nina-PC271

ID: %Nina-PC272

Severity ID: %Nina-PC273

Category ID: %Nina-PC274

Path Found: %Nina-PC276

Alert Type: %Nina-PC278

Detection Type: 1.1.1505.02

Event Record #/Type35429 / Warning
Event Submitted/Written: 02/08/2008 05:06:10 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Nina-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Nina-PC27 can't undo changes that you allow.

For more information please see the following:
%Nina-PC275

Scan ID: {E778ED4B-0F50-45BD-8EC5-55208086BDC7}

User: Nina-PC\Nina

Name: %Nina-PC271

ID: %Nina-PC272

Severity ID: %Nina-PC273

Category ID: %Nina-PC274

Path Found: %Nina-PC276

Alert Type: %Nina-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-02-08 17:07:44 ------------
  • 0

#5
Rorschach112
Posted 08 February 2008 - 07:07 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

What is the name of the dll error ?


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#6
allsmiles
Posted 08 February 2008 - 07:52 PM

allsmiles

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The .dll errors I somehow deleted using HiJackThis just a few minutes after I reposted my initial help post in the Waiting Room. I noted that in the message.

I'm assuming I did it successfully because I'm not having that problem anymore.

The .dll errors were yayab.dll, jkkid.dll, and another one that began with an "s" that I don't remember (sorry).

I guess my only problem now is the spyware on my computer.

Should I still continue with your directions or does this change things?

Edited by allsmiles, 08 February 2008 - 07:53 PM.

  • 0

#7
allsmiles
Posted 08 February 2008 - 10:10 PM

allsmiles

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here are the results from the Kaspersky Online Scanner. :)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 08, 2008 10:08:07 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/02/2008
Kaspersky Anti-Virus database records: 555731
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 86201
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:54:25

Infected Object Name / Virus Name / Last Action
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A81000000003}\Enterprise.mnt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.ilg Object is locked skipped
C:\ProgramData\McAfee\MNA\NAData Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{6A3EF21B-A426-4DA4-A561-33CB55266DCF}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Data\TFRF862.tmp Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c80569cb2d8bfad7fec104e44b015e7_f640dfb8-c5b8-461a-a5c3-1a27c3de586d Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dell.txt Object is locked skipped
C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Windows\UsrClass.dat{fae4d4bd-c93e-11dc-ac34-001cbf858c4e}.TM.blf Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Windows\UsrClass.dat{fae4d4bd-c93e-11dc-ac34-001cbf858c4e}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Windows\UsrClass.dat{fae4d4bd-c93e-11dc-ac34-001cbf858c4e}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Windows Defender\FileTracker\{CB850BEF-3885-4A08-972E-169F1546828B} Object is locked skipped
C:\Users\Nina\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Nina\AppData\Local\SupportSoft\DellSupportCenter\Nina\state\logs\sprtcmd.log Object is locked skipped
C:\Users\Nina\AppData\Local\Temp\Low\~DFA0B8.tmp Object is locked skipped
C:\Users\Nina\AppData\Local\Temp\Low\~DFA61C.tmp Object is locked skipped
C:\Users\Nina\AppData\Local\Temp\Low\~DFA843.tmp Object is locked skipped
C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Nina\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Users\Nina\Random Files\Links\Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Users\Nina\NTUSER.DAT Object is locked skipped
C:\Users\Nina\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Nina\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Nina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Nina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Nina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\setupact.log Object is locked skipped
C:\Windows\Panther\setuperr.log Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{BD3796D6-27B3-4919-8E1B-CFB0BFDD3304}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\McDefragTask.job Object is locked skipped
C:\Windows\Tasks\McQcTask.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\mcmsc_81XPKh12EFyBprU Object is locked skipped
C:\Windows\Temp\mcmsc_wpnF94n1pafemiz Object is locked skipped
C:\Windows\Temp\mcmsc_yfqFBclqfNOVyhA Object is locked skipped
C:\Windows\Temp\sqlite_0pgANggeadOiZpD Object is locked skipped
C:\Windows\Temp\sqlite_K2pgTmtI2I8pa6X Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\Windows\security\database\secedit.sdb Object is locked skipped

Scan process completed.
  • 0

#8
Rorschach112
Posted 09 February 2008 - 07:48 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

You can delete the tools that we used


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#9
allsmiles
Posted 09 February 2008 - 04:13 PM

allsmiles

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Your logs are clean ! We need to do a few things

You can delete the tools that we used


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe



For some reason, I couldn't get past this point.

Everytime I enter %SystemRoot%\System32\restore\rstrui.exe, I get a pop-up that says: Windows cannot find 'C:\Windows\System32\restore\rstrui\exe.' Make sure you typed the name correctly, then try again.

I copy and pasted it a few times, and then typed it in, but the same message showed up.

What should I do?

Edited by allsmiles, 09 February 2008 - 04:17 PM.

  • 0

#10
Rorschach112
Posted 09 February 2008 - 04:27 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Sorry that is my mistake, I forgot you were on Vista

Just continue on with the rest of your steps and let me know how it goes
  • 0

#11
allsmiles
Posted 12 February 2008 - 12:24 PM

allsmiles

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Well, here it is a few days later, after I followed the steps you gave me, and I'm having no problems with pop ups or anything.

Thanks for all your help! :)
  • 0

#12
Rorschach112
Posted 12 February 2008 - 02:04 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP