Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I keep etting a pop-up saying I have TrojanDownloader.xs


  • Please log in to reply

#1
ezbob

ezbob

    New Member

  • Member
  • Pip
  • 5 posts
It pops up every 30 minutes or so and says I have Trojandownloader.xs and tells me to go to this site to fix it,
http://antispyware-r...bmid=R3n1c2Bg8A
I know that the whole thing is a scam and I have used norton, AVG, Superantispyware and spybot search and destroy and neither of them have found anything, please help me it's really annoying and I don't go on sites such as ebay or paypal (Where I use my credit card details) because I'm afraid that it will take my details.

Please Help!
  • 0

Advertisements


#2
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hello ezbob , welcome to GeeksToGo! :)

My name is Tal, and I will be assisting you in the process of removing malware from your computer. I am going through your logs now, and I'll be back soon with instructions on how to proceed.

As I'm still in training, my replies to you have to be approved before posting, so please excuse delays between replies.

Tal.
  • 0

#3
ezbob

ezbob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ok thanks very much
  • 0

#4
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hello ezbob ,

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • Please don't be afraid to ask questions! :) No question is considered dumb here. It's better to be safe than sorry!
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you witness a certain entry or program you're unsure about, please don't hesitate to ask! :)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Note: It's likely that the two logs won't fit into one post. If so, please post extra.txt in a separate post.

I will review your logs when you post then and instruct you on what to do next :)

Regards,

Tal
  • 0

#5
ezbob

ezbob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
main.txt

Deckard's System Scanner v20071014.68
Run by Elliott on 2008-03-29 22:25:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Elliott.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:26:03, on 29/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\uncjmbaz\gvklmhun.exe
C:\ProgramData\egkcukbf\chefqven.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Elliott\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Elliott.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [oizwubvz] C:\ProgramData\oizwubvz\gvyxilol.exe
O4 - HKCU\..\Run: [FpyoukPQ0m] C:\ProgramData\uncjmbaz\gvklmhun.exe
O4 - HKCU\..\Run: [egkcukbf] C:\ProgramData\egkcukbf\chefqven.exe
O4 - HKCU\..\Run: [ynlatdwo] C:\ProgramData\ynlatdwo\gjclevmh.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [tjyhfuid] C:\ProgramData\tjyhfuid\qjyxgzcx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8908 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-29 10:30:15 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{8A90457D-2790-4DE6-9CE9-1ECABBC22DDD}.job
2008-03-27 22:56:56 504 --a------ C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Elliott.job


-- Files created between 2008-02-29 and 2008-03-29 -----------------------------

2008-03-29 19:57:43 0 d-------- C:\Windows\system32\Adobe
2008-03-28 21:46:58 0 d-------- C:\Users\All Users\tjyhfuid
2008-03-28 17:23:41 0 d-------- C:\Program Files\Trend Micro
2008-03-28 17:11:26 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-03-28 17:05:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 17:04:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-28 15:24:06 0 --a------ C:\Windows\nsreg.dat
2008-03-28 15:23:12 0 d-------- C:\Users\All Users\Grisoft
2008-03-28 14:51:40 0 d-------- C:\Users\All Users\ynlatdwo
2008-03-28 13:38:03 0 d-------- C:\Users\All Users\egkcukbf
2008-03-28 11:43:09 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-27 23:07:47 5130 --a------ C:\Windows\system32\tmp.reg
2008-03-27 23:06:32 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-27 23:06:32 82432 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-27 23:06:31 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-03-27 23:06:31 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-27 23:06:31 51200 --a------ C:\Windows\system32\dumphive.exe
2008-03-27 23:06:30 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-27 23:06:30 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-27 23:06:26 0 d-------- C:\Users\Elliott\SmitfraudFix
2008-03-27 17:32:34 0 d-------- C:\Users\Elliott\Desktopvirii
2008-03-27 17:32:33 4096 --a------ C:\Users\Elliott\DesktopFWebdEditor.exe
2008-03-27 17:32:33 4096 --a------ C:\Users\Elliott\Desktopfwebd.exe
2008-03-27 17:32:33 4096 --a------ C:\Users\Elliott\Desktopfilemanagerclient.exe
2008-03-27 17:32:27 0 d-------- C:\Users\All Users\uncjmbaz
2008-03-27 17:32:26 0 d-------- C:\Users\All Users\oizwubvz
2008-03-25 12:49:32 0 d-------- C:\Program Files\Common Files\Microsoft Games
2008-03-24 21:23:19 0 d-------- C:\Users\All Users\Age of Empires 3
2008-03-22 09:44:07 61568 -ra------ C:\Windows\VIEWER.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 09:44:07 17536 -ra------ C:\Windows\VIEWENU.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 09:44:07 93504 -ra------ C:\Windows\QTW16DEL.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 09:44:07 74496 -ra------ C:\Windows\PLAYER.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 09:44:07 16928 -ra------ C:\Windows\PLAYENU.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 09:44:06 73712 -ra------ C:\Windows\system\QTOLE.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 09:44:06 4176 -ra------ C:\Windows\system\QTNOTIFY.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 09:44:06 14544 -ra------ C:\Windows\system\QTIMCMGR.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 09:44:06 429424 -ra------ C:\Windows\system\QTIM.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 09:44:06 8304 -ra------ C:\Windows\system\QTHNDLR.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 09:44:06 4320 -ra------ C:\Windows\system\MCIQTENU.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 09:44:03 2037248 -ra------ C:\Windows\QTINSTAL.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 09:43:51 161792 --a------ C:\Windows\uninst95.exe <Not Verified; Syracuse Language Systems; GENERIC UNINSTALL Application>
2008-03-22 09:43:49 298880 --a------ C:\Windows\system32\VBAR2.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-03-22 09:43:49 1984 --a------ C:\Windows\system32\VBAJET.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-03-22 09:43:49 51712 --a------ C:\Windows\system32\OLE2PROX.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.02 for Windows>
2008-03-22 09:43:49 57328 --a------ C:\Windows\system32\OLE2CONV.DLL <Not Verified; Microsoft Corporation; Microsoft Graphic Filters>
2008-03-22 09:43:49 27026 --a------ C:\Windows\system32\OLE2.REG
2008-03-22 09:43:49 64080 --a------ C:\Windows\system32\ODBCTL16.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-03-22 09:43:49 246928 --a------ C:\Windows\system32\ODBCJT16.DLL <Not Verified; Microsoft Corporation; Microsoft ODBC Desktop Driver Pack 2.>
2008-03-22 09:43:49 92576 --a------ C:\Windows\system32\ODBCINST.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-03-22 09:43:49 88896 --a------ C:\Windows\system32\ODBCCURS.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-03-22 09:43:49 56240 --a------ C:\Windows\system32\ODBC.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-03-22 09:43:48 6496 --a------ C:\Windows\system32\ODBCADM.EXE <Not Verified; ; Microsoft Open Database Connectivity>
2008-03-22 09:43:48 15936 --a------ C:\Windows\system32\MSJETINT.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet Database Engine>
2008-03-22 09:43:48 11232 --a------ C:\Windows\system32\MSJETERR.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet Database Engine>
2008-03-22 09:43:48 10304 --a------ C:\Windows\system32\MSCPXLT.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-03-22 09:43:48 995056 --a------ C:\Windows\system32\MSAJT200.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-03-22 09:43:47 7168 --a------ C:\Windows\system32\DISPDIB.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-03-22 09:43:47 0 d-------- C:\OLDDRIVR
2008-03-22 09:43:34 299520 --a------ C:\Windows\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-03-22 09:43:29 0 -rahs---- C:\MSDOS.SYS
2008-03-22 09:43:29 0 -rahs---- C:\IO.SYS
2008-03-20 10:34:42 0 d-------- C:\Program Files\Symantec
2008-03-20 10:34:40 0 d-------- C:\Users\All Users\Symantec
2008-03-20 10:34:26 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-20 10:33:53 0 d-------- C:\Users\All Users\Yahoo!
2008-03-20 10:33:53 0 d-------- C:\graphics
2008-03-20 10:23:45 0 d-------- C:\Program Files\Yahoo!
2008-03-15 13:03:36 0 d-------- C:\Users\Elliott\My Google Gadgets
2008-03-11 18:28:31 0 d-------- C:\Users\All Users\Alfac
2008-03-11 18:28:17 0 d-------- C:\Program Files\DECAdry
2008-03-09 19:32:29 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-09 19:31:36 0 d-------- C:\Program Files\Microsoft.NET
2008-03-09 19:29:43 0 dr-h----- C:\MSOCache
2008-03-06 19:16:59 0 d-------- C:\Windows\PCHEALTH
2008-03-06 19:13:01 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-06 19:12:56 0 d-------- C:\Program Files\Windows Live
2008-03-06 19:12:24 0 d-------- C:\Users\All Users\WLInstaller
2008-03-05 22:16:10 0 d-------- C:\Users\All Users\Roxio
2008-03-05 21:18:28 0 d-------- C:\Program Files\MSXML 4.0
2008-03-05 20:44:28 0 d-------- C:\Users\All Users\NVIDIA
2008-03-05 20:43:55 0 dr------- C:\Users\Elliott\Searches
2008-03-05 20:43:44 0 dr------- C:\Users\Elliott\Contacts
2008-03-05 20:42:50 0 dr------- C:\Users\Elliott\Videos
2008-03-05 20:42:50 0 d--hs---- C:\Users\Elliott\Templates
2008-03-05 20:42:50 0 d--hs---- C:\Users\Elliott\Start Menu
2008-03-05 20:42:50 0 d--hs---- C:\Users\Elliott\SendTo
2008-03-05 20:42:50 0 dr------- C:\Users\Elliott\Saved Games
2008-03-05 20:42:50 0 d-------- C:\Users\Elliott\Roaming
2008-03-05 20:42:50 0 d--hs---- C:\Users\Elliott\Recent
2008-03-05 20:42:50 0 d--hs---- C:\Users\Elliott\PrintHood
2008-03-05 20:42:50 0 dr------- C:\Users\Elliott\Pictures
2008-03-05 20:42:50 2883584 --ahs---- C:\Users\Elliott\NTUSER.DAT
2008-03-05 20:42:50 0 d--hs---- C:\Users\Elliott\NetHood
2008-03-05 20:42:50 0 d--hs---- C:\Users\Elliott\My Documents
2008-03-05 20:42:50 0 dr------- C:\Users\Elliott\Music
2008-03-05 20:42:50 0 d--hs---- C:\Users\Elliott\Local Settings
2008-03-05 20:42:50 0 dr------- C:\Users\Elliott\Links
2008-03-05 20:42:50 0 dr------- C:\Users\Elliott\Favorites
2008-03-05 20:42:50 0 dr------- C:\Users\Elliott\Downloads
2008-03-05 20:42:50 0 dr------- C:\Users\Elliott\Documents
2008-03-05 20:42:50 0 dr------- C:\Users\Elliott\Desktop
2008-03-05 20:42:50 0 d--hs---- C:\Users\Elliott\Cookies
2008-03-05 20:42:50 0 d--hs---- C:\Users\Elliott\Application Data
2008-03-05 20:42:50 0 d--h----- C:\Users\Elliott\AppData
2008-03-05 20:39:20 0 d--hs---- C:\Users\All Users\Templates
2008-03-05 20:39:20 0 d--hs---- C:\Users\All Users\Start Menu
2008-03-05 20:39:20 0 d--hs---- C:\Users\All Users\Favorites
2008-03-05 20:39:20 0 d--hs---- C:\Users\All Users\Documents
2008-03-05 20:39:20 0 d--hs---- C:\Users\All Users\Desktop
2008-03-05 20:39:20 0 d--hs---- C:\Users\All Users\Application Data
2008-03-05 20:39:19 0 d--hs---- C:\Users\Default\Templates
2008-03-05 20:39:19 0 d--hs---- C:\Users\Default\Start Menu
2008-03-05 20:39:19 0 d--hs---- C:\Users\Default\SendTo
2008-03-05 20:39:19 0 d--hs---- C:\Users\Default\Recent
2008-03-05 20:39:19 0 d--hs---- C:\Users\Default\PrintHood
2008-03-05 20:39:19 0 d--hs---- C:\Users\Default\NetHood
2008-03-05 20:39:19 0 d--hs---- C:\Users\Default\My Documents
2008-03-05 20:39:19 0 d--hs---- C:\Users\Default\Local Settings
2008-03-05 20:39:19 0 d--hs---- C:\Users\Default\Cookies
2008-03-05 20:39:19 0 d--hs---- C:\Users\Default\Application Data


-- Find3M Report ---------------------------------------------------------------

2008-03-29 19:26:56 27525 --a------ C:\Users\Elliott\AppData\Roaming\nvModes.001
2008-03-28 17:05:09 0 d-------- C:\Users\Elliott\AppData\Roaming\SUPERAntiSpyware.com
2008-03-28 17:04:50 0 d-------- C:\Program Files\Common Files
2008-03-28 15:24:00 0 d-------- C:\Users\Elliott\AppData\Roaming\Mozilla
2008-03-28 15:23:40 0 d-------- C:\Users\Elliott\AppData\Roaming\Grisoft
2008-03-27 23:07:48 35 --a------ C:\Users\Elliott\AppData\Roaming\SetValue.bat
2008-03-27 23:07:48 691 --a------ C:\Users\Elliott\AppData\Roaming\GetValue.vbs
2008-03-25 13:16:53 27525 --a------ C:\Users\Elliott\AppData\Roaming\nvModes.dat
2008-03-25 12:49:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-22 10:57:28 0 d-------- C:\Program Files\Microsoft Games
2008-03-21 09:38:16 0 d-------- C:\Users\Elliott\AppData\Roaming\Adobe
2008-03-20 10:43:43 0 d-------- C:\Users\Elliott\AppData\Roaming\Yahoo!
2008-03-15 12:05:01 0 d-------- C:\Users\Elliott\AppData\Roaming\PeerNetworking
2008-03-15 11:46:31 31007 --a------ C:\Users\Elliott\AppData\Roaming\UserTile.png
2008-03-14 20:39:39 0 d-------- C:\Users\Elliott\AppData\Roaming\CyberLink
2008-03-11 21:34:42 0 d-------- C:\Program Files\Windows Mail
2008-03-11 18:41:08 0 d-------- C:\Users\Elliott\AppData\Roaming\Alfac
2008-03-11 18:25:27 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-06 16:37:51 0 d-------- C:\Users\Elliott\AppData\Roaming\Google
2008-03-06 16:12:09 0 d-------- C:\Users\Elliott\AppData\Roaming\Macromedia
2008-03-05 22:53:22 0 d-------- C:\Program Files\Windows Sidebar
2008-03-05 22:16:10 0 d-------- C:\Users\Elliott\AppData\Roaming\Roxio
2008-03-05 21:26:56 0 d-------- C:\Users\Elliott\AppData\Roaming\Creative
2008-03-05 20:58:18 0 d-------- C:\Users\Elliott\AppData\Roaming\Intel
2008-03-05 20:43:46 0 d-------- C:\Users\Elliott\AppData\Roaming\Identities
2008-02-28 13:03:39 0 d-------- C:\Program Files\DellTPad
2008-02-28 12:56:32 0 d-------- C:\Program Files\Windows Calendar
2008-02-28 12:52:00 0 d-------- C:\Program Files\Windows Defender
2008-02-28 05:39:28 0 d-------- C:\Program Files\Dell
2008-02-28 05:38:55 0 d-------- C:\Program Files\Tiscali
2008-02-28 05:38:44 0 d-------- C:\Program Files\Microsoft Works
2008-02-28 05:38:01 0 d-------- C:\Program Files\Roxio
2008-02-28 05:38:01 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-02-28 05:36:59 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-02-28 05:36:56 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-02-28 05:36:55 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-02-28 05:34:33 0 d-------- C:\Program Files\CyberLink
2008-02-28 05:33:04 0 d-------- C:\Program Files\Dell Support Center
2008-02-28 05:32:58 0 d-------- C:\Program Files\Common Files\supportsoft
2008-02-28 05:31:02 0 d-------- C:\Program Files\Google
2008-02-28 05:30:35 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-28 05:29:39 0 d-------- C:\Program Files\Online Services
2008-02-28 05:25:17 0 d-------- C:\Program Files\Intel
2008-02-28 05:24:43 76 -r-hs---- C:\Windows\CT4CET.bin
2008-02-28 05:24:31 0 d-------- C:\Program Files\Creative
2008-02-28 05:24:21 0 d-------- C:\Program Files\Common Files\Reallusion
2008-02-28 05:23:41 0 d-------- C:\Program Files\Creative Live! Cam
2008-02-28 05:22:59 0 d-------- C:\Program Files\Fingerprint Reader Suite
2008-02-28 05:21:06 0 d-------- C:\Program Files\Intel, Inc
2008-02-28 05:20:09 0 d-------- C:\Program Files\Java
2008-02-28 05:20:09 0 d-------- C:\Program Files\Common Files\Java
2008-02-28 05:11:16 174 --ahs---- C:\Program Files\desktop.ini
2008-02-28 05:09:25 0 d-------- C:\Program Files\Sigmatel


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [28/02/2008 12:51]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 06:03]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [07/09/2007 08:50]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [28/08/2007 05:51]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [03/12/2007 04:28]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [28/09/2007 06:24]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [28/09/2007 06:24]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [28/09/2007 06:24]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [28/09/2007 06:24]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [28/02/2008 05:20]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [16/04/2007 22:50]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [27/07/2007 16:43]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [21/03/2007 13:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [28/02/2008 05:31]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [01/11/2007 15:39]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [26/06/2007 13:48]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 05:59]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [05/03/2008 21:19]
"oizwubvz"="C:\ProgramData\oizwubvz\gvyxilol.exe" [27/03/2008 17:32]
"FpyoukPQ0m"="C:\ProgramData\uncjmbaz\gvklmhun.exe" [27/03/2008 17:32]
"egkcukbf"="C:\ProgramData\egkcukbf\chefqven.exe" [28/03/2008 13:38]
"ynlatdwo"="C:\ProgramData\ynlatdwo\gjclevmh.exe" [28/03/2008 14:51]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 16:03]
"tjyhfuid"="C:\ProgramData\tjyhfuid\qjyxgzcx.exe" [28/03/2008 21:47]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [07/09/2007 16:27:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 16/04/2007 23:04 86528 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee94f040-e5ba-11dc-be59-806e6f6e6963}]
AutoRun\command- E:\autorun.exe
directx\command- E:\DirectX9\dxsetup.exe
setup\command- E:\setup.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-29 22:27:04 ------------
  • 0

#6
ezbob

ezbob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T5450 @ 1.66GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 3581.26 MiB / 2588.45 MiB
Pagefile Memory (total/avail): 7335.2 MiB / 6212.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.54 MiB

C: is Fixed (NTFS) - 220.27 GiB total, 197.9 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 0.12 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD2500BEVS-75UST0 - 232.88 GiB - 4 partitions
\PARTITION0 - Unknown - 117.63 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 220.27 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Security Online v2007 (Symantec Corporation)
AV: Norton Security Online v2007 (Symantec Corporation)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated
AS: SUPERAntiSpyware v4, 0, 0, 1154 (SUPERAntiSpyware.com)
AS: Norton Security Online v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Elliott\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ELLIOTTS-LAPTOP
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Elliott
LOCALAPPDATA=C:\Users\Elliott\AppData\Local
LOGONSERVER=\\ELLIOTTS-LAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Elliott\AppData\Local\Temp
TMP=C:\Users\Elliott\AppData\Local\Temp
USERDOMAIN=Elliotts-Laptop
USERNAME=Elliott
USERPROFILE=C:\Users\Elliott
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Elliott


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Age of Empires III - The WarChiefs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
BT Yahoo! Applications --> C:\Program Files\Yahoo!\Common\uninstall.exe
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
DECAdry Express Business Cards 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{95398D6D-E2A6-45BC-A9B2-C8C1D9D00E6E} /l1033
Dell Getting Started Guide --> MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Fingerprint Reader Suite 5.6 --> MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
Intel® PROSet/Wireless Software --> C:\Windows\Installer\iProInst.exe
Internet From BT --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}\Setup.exe"
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Laptop Integrated Webcam Driver (1.03.02.0719) --> C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator --> C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0 --> C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
mCore --> MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
QuickSet --> MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}
Roxio Creator Audio --> MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy --> MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data --> MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE --> C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE --> MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools --> MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Tiscali Internet --> MsiExec.exe /I{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type4821 / Error
Event Submitted/Written: 03/29/2008 09:06:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, time stamp 0x47d7134a, faulting module ole32.dll, version 6.0.6000.16386, time stamp 0x4549bd92, exception code 0xc0000005, fault offset 0x00041022,
process id 0x1464, application start time 0xfirefox.exe0.

Event Record #/Type4807 / Success
Event Submitted/Written: 03/29/2008 07:27:23 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type4806 / Success
Event Submitted/Written: 03/29/2008 07:27:22 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type4797 / Success
Event Submitted/Written: 03/29/2008 07:26:39 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type4779 / Warning
Event Submitted/Written: 03/29/2008 05:59:08 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4166299740-4165078599-3477201734-1000_Classes:
Process 124 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-4166299740-4165078599-3477201734-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type16775 / Warning
Event Submitted/Written: 03/29/2008 05:12:23 PM
Event ID/Source: 3 / Print
Event Description:
Printer Microsoft Office Document Image Writer was deleted, and users will no longer be able to print to this printer. No user action is required.
To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box.

Event Record #/Type16774 / Warning
Event Submitted/Written: 03/29/2008 05:12:23 PM
Event ID/Source: 4 / Print
Event Description:
Printer Microsoft Office Document Image Writer will be deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box.

Event Record #/Type16772 / Warning
Event Submitted/Written: 03/29/2008 05:11:37 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser service was unable to retrieve a list of servers from the browser master \\MILLER on the network \Device\NetBT_Tcpip_{68EA1359-5C8C-4FE8-BFEE-5A0E9AA5EB37}.



Browser master: \\MILLER

Network: \Device\NetBT_Tcpip_{68EA1359-5C8C-4FE8-BFEE-5A0E9AA5EB37}



This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Event Record #/Type16754 / Warning
Event Submitted/Written: 03/29/2008 05:09:29 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CBFCEFA97. The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type16732 / Warning
Event Submitted/Written: 03/29/2008 01:52:27 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CBFCEFA97. The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-03-29 22:27:04 ------------
  • 0

#7
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hello ezbob,

Let's start removing the infections from your PC :)

Step1 : Correcting entries with HijackThis

Please re-open HijackThis and click Scan. Put a check next to the following entries presented in the window: (Do NOT click Fix yet!)
O4 - HKCU\..\Run: [oizwubvz] C:\ProgramData\oizwubvz\gvyxilol.exe
O4 - HKCU\..\Run: [FpyoukPQ0m] C:\ProgramData\uncjmbaz\gvklmhun.exe
O4 - HKCU\..\Run: [egkcukbf] C:\ProgramData\egkcukbf\chefqven.exe
O4 - HKCU\..\Run: [ynlatdwo] C:\ProgramData\ynlatdwo\gjclevmh.exe
O4 - HKCU\..\Run: [tjyhfuid] C:\ProgramData\tjyhfuid\qjyxgzcx.exe



Now, close all other windows but HijackThis, including Explorer windows (folders) and this window, and click Fix. Note: It is vital you close all other windows, otherwise the fix will not succeed.

Restart your computer.

Step2 : Registry Fix

Before we start the registry fix, we need to backup the registry in case anything goes wrong. This is a very simple and quick process :)

To backup your registry, click Start > Run > Type regedit into the box > Click OK > In the window that shows up, click File > Export... > Name the file RegistryBackup > Save it in a convenient location such as your desktop.

Please open a new Notepad document (Note: Other text editors will not work) and paste the following code into it, starting from REGEDIT4:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee94f040-e5ba-11dc-be59-806e6f6e6963}]

Now, click File > Save As... > Change the File Type to All Files > Name the file RegFix1.reg > Save it on your desktop.

Once you've saved it, please double click it. A window should pop up - Click Yes to merge the information with the registry.

Step3 : Deleting files & folders with OTMoveIt2

Please download the OTMoveIt2 by OldTimer. Please note: If you already have OTMoveIt on your system, please replace it with this newer version.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\ProgramData\oizwubvz
    C:\ProgramData\uncjmbaz
    C:\ProgramData\egkcukbf
    C:\ProgramData\ynlatdwo
    C:\ProgramData\tjyhfuid
    E:\autorun.exe
    E:\DirectX9\dxsetup.exe
    E:\setup.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step4 : Running Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Summary

In your next reply, please include the following:
  • OTMoveIt log;
  • DSS log (note that DSS will only produce a shortened version of the main.txt log this time).

Regards,

Tal :)
  • 0

#8
ezbob

ezbob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTMoveIt log

C:\ProgramData\oizwubvz moved successfully.
C:\ProgramData\uncjmbaz moved successfully.
C:\ProgramData\egkcukbf moved successfully.
C:\ProgramData\ynlatdwo moved successfully.
C:\ProgramData\tjyhfuid moved successfully.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File move failed. E:\DirectX9\dxsetup.exe scheduled to be moved on reboot.
File move failed. E:\setup.exe scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03312008_172738


DSS log

Deckard's System Scanner v20071014.68
Run by Elliott on 2008-03-31 17:42:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Elliott.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:42:40, on 31/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\explorer.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Users\Elliott\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Elliott.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8483 bytes

-- Files created between 2008-02-29 and 2008-03-31 -----------------------------

2008-03-31 17:34:15 0 drahs---- C:\autorun.inf
2008-03-29 20:57:43 0 d-------- C:\Windows\system32\Adobe
2008-03-28 18:23:41 0 d-------- C:\Program Files\Trend Micro
2008-03-28 18:11:26 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-03-28 18:05:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 18:04:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-28 16:24:06 0 --a------ C:\Windows\nsreg.dat
2008-03-28 16:23:12 0 d-------- C:\Users\All Users\Grisoft
2008-03-28 12:43:09 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-28 00:07:47 5130 --a------ C:\Windows\system32\tmp.reg
2008-03-28 00:06:32 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-28 00:06:32 82432 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-28 00:06:31 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-03-28 00:06:31 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-28 00:06:31 51200 --a------ C:\Windows\system32\dumphive.exe
2008-03-28 00:06:30 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-28 00:06:30 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-28 00:06:26 0 d-------- C:\Users\Elliott\SmitfraudFix
2008-03-27 18:32:34 0 d-------- C:\Users\Elliott\Desktopvirii
2008-03-27 18:32:33 4096 --a------ C:\Users\Elliott\DesktopFWebdEditor.exe
2008-03-27 18:32:33 4096 --a------ C:\Users\Elliott\Desktopfwebd.exe
2008-03-27 18:32:33 4096 --a------ C:\Users\Elliott\Desktopfilemanagerclient.exe
2008-03-25 13:49:32 0 d-------- C:\Program Files\Common Files\Microsoft Games
2008-03-24 22:23:19 0 d-------- C:\Users\All Users\Age of Empires 3
2008-03-22 10:44:07 61568 -ra------ C:\Windows\VIEWER.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 10:44:07 17536 -ra------ C:\Windows\VIEWENU.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 10:44:07 93504 -ra------ C:\Windows\QTW16DEL.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 10:44:07 74496 -ra------ C:\Windows\PLAYER.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 10:44:07 16928 -ra------ C:\Windows\PLAYENU.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 10:44:06 73712 -ra------ C:\Windows\system\QTOLE.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 10:44:06 4176 -ra------ C:\Windows\system\QTNOTIFY.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 10:44:06 14544 -ra------ C:\Windows\system\QTIMCMGR.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 10:44:06 429424 -ra------ C:\Windows\system\QTIM.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 10:44:06 8304 -ra------ C:\Windows\system\QTHNDLR.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 10:44:06 4320 -ra------ C:\Windows\system\MCIQTENU.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 10:44:03 2037248 -ra------ C:\Windows\QTINSTAL.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-03-22 10:43:51 161792 --a------ C:\Windows\uninst95.exe <Not Verified; Syracuse Language Systems; GENERIC UNINSTALL Application>
2008-03-22 10:43:49 298880 --a------ C:\Windows\system32\VBAR2.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-03-22 10:43:49 1984 --a------ C:\Windows\system32\VBAJET.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-03-22 10:43:49 51712 --a------ C:\Windows\system32\OLE2PROX.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.02 for Windows>
2008-03-22 10:43:49 57328 --a------ C:\Windows\system32\OLE2CONV.DLL <Not Verified; Microsoft Corporation; Microsoft Graphic Filters>
2008-03-22 10:43:49 27026 --a------ C:\Windows\system32\OLE2.REG
2008-03-22 10:43:49 64080 --a------ C:\Windows\system32\ODBCTL16.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-03-22 10:43:49 246928 --a------ C:\Windows\system32\ODBCJT16.DLL <Not Verified; Microsoft Corporation; Microsoft ODBC Desktop Driver Pack 2.>
2008-03-22 10:43:49 92576 --a------ C:\Windows\system32\ODBCINST.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-03-22 10:43:49 88896 --a------ C:\Windows\system32\ODBCCURS.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-03-22 10:43:49 56240 --a------ C:\Windows\system32\ODBC.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-03-22 10:43:48 6496 --a------ C:\Windows\system32\ODBCADM.EXE <Not Verified; ; Microsoft Open Database Connectivity>
2008-03-22 10:43:48 15936 --a------ C:\Windows\system32\MSJETINT.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet Database Engine>
2008-03-22 10:43:48 11232 --a------ C:\Windows\system32\MSJETERR.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet Database Engine>
2008-03-22 10:43:48 10304 --a------ C:\Windows\system32\MSCPXLT.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-03-22 10:43:48 995056 --a------ C:\Windows\system32\MSAJT200.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-03-22 10:43:47 7168 --a------ C:\Windows\system32\DISPDIB.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-03-22 10:43:47 0 d-------- C:\OLDDRIVR
2008-03-22 10:43:34 299520 --a------ C:\Windows\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-03-22 10:43:29 0 -rahs---- C:\MSDOS.SYS
2008-03-22 10:43:29 0 -rahs---- C:\IO.SYS
2008-03-20 11:34:42 0 d-------- C:\Program Files\Symantec
2008-03-20 11:34:40 0 d-------- C:\Users\All Users\Symantec
2008-03-20 11:34:26 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-20 11:33:53 0 d-------- C:\Users\All Users\Yahoo!
2008-03-20 11:33:53 0 d-------- C:\graphics
2008-03-20 11:23:45 0 d-------- C:\Program Files\Yahoo!
2008-03-15 14:03:36 0 d-------- C:\Users\Elliott\My Google Gadgets
2008-03-11 19:28:31 0 d-------- C:\Users\All Users\Alfac
2008-03-11 19:28:17 0 d-------- C:\Program Files\DECAdry
2008-03-09 20:32:29 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-09 20:31:36 0 d-------- C:\Program Files\Microsoft.NET
2008-03-09 20:29:43 0 dr-h----- C:\MSOCache
2008-03-06 20:16:59 0 d-------- C:\Windows\PCHEALTH
2008-03-06 20:13:01 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-06 20:12:56 0 d-------- C:\Program Files\Windows Live
2008-03-06 20:12:24 0 d-------- C:\Users\All Users\WLInstaller
2008-03-05 23:16:10 0 d-------- C:\Users\All Users\Roxio
2008-03-05 22:18:28 0 d-------- C:\Program Files\MSXML 4.0
2008-03-05 21:44:28 0 d-------- C:\Users\All Users\NVIDIA
2008-03-05 21:43:55 0 dr------- C:\Users\Elliott\Searches
2008-03-05 21:43:44 0 dr------- C:\Users\Elliott\Contacts
2008-03-05 21:42:50 0 dr------- C:\Users\Elliott\Videos
2008-03-05 21:42:50 0 d--hs---- C:\Users\Elliott\Templates
2008-03-05 21:42:50 0 d--hs---- C:\Users\Elliott\Start Menu
2008-03-05 21:42:50 0 d--hs---- C:\Users\Elliott\SendTo
2008-03-05 21:42:50 0 dr------- C:\Users\Elliott\Saved Games
2008-03-05 21:42:50 0 d-------- C:\Users\Elliott\Roaming
2008-03-05 21:42:50 0 d--hs---- C:\Users\Elliott\Recent
2008-03-05 21:42:50 0 d--hs---- C:\Users\Elliott\PrintHood
2008-03-05 21:42:50 0 dr------- C:\Users\Elliott\Pictures
2008-03-05 21:42:50 2883584 --ahs---- C:\Users\Elliott\NTUSER.DAT
2008-03-05 21:42:50 0 d--hs---- C:\Users\Elliott\NetHood
2008-03-05 21:42:50 0 d--hs---- C:\Users\Elliott\My Documents
2008-03-05 21:42:50 0 dr------- C:\Users\Elliott\Music
2008-03-05 21:42:50 0 d--hs---- C:\Users\Elliott\Local Settings
2008-03-05 21:42:50 0 dr------- C:\Users\Elliott\Links
2008-03-05 21:42:50 0 dr------- C:\Users\Elliott\Favorites
2008-03-05 21:42:50 0 dr------- C:\Users\Elliott\Downloads
2008-03-05 21:42:50 0 dr------- C:\Users\Elliott\Documents
2008-03-05 21:42:50 0 dr------- C:\Users\Elliott\Desktop
2008-03-05 21:42:50 0 d--hs---- C:\Users\Elliott\Cookies
2008-03-05 21:42:50 0 d--hs---- C:\Users\Elliott\Application Data
2008-03-05 21:42:50 0 d--h----- C:\Users\Elliott\AppData
2008-03-05 21:39:20 0 d--hs---- C:\Users\All Users\Templates
2008-03-05 21:39:20 0 d--hs---- C:\Users\All Users\Start Menu
2008-03-05 21:39:20 0 d--hs---- C:\Users\All Users\Favorites
2008-03-05 21:39:20 0 d--hs---- C:\Users\All Users\Documents
2008-03-05 21:39:20 0 d--hs---- C:\Users\All Users\Desktop
2008-03-05 21:39:20 0 d--hs---- C:\Users\All Users\Application Data
2008-03-05 21:39:19 0 d--hs---- C:\Users\Default\Templates
2008-03-05 21:39:19 0 d--hs---- C:\Users\Default\Start Menu
2008-03-05 21:39:19 0 d--hs---- C:\Users\Default\SendTo
2008-03-05 21:39:19 0 d--hs---- C:\Users\Default\Recent
2008-03-05 21:39:19 0 d--hs---- C:\Users\Default\PrintHood
2008-03-05 21:39:19 0 d--hs---- C:\Users\Default\NetHood
2008-03-05 21:39:19 0 d--hs---- C:\Users\Default\My Documents
2008-03-05 21:39:19 0 d--hs---- C:\Users\Default\Local Settings
2008-03-05 21:39:19 0 d--hs---- C:\Users\Default\Cookies
2008-03-05 21:39:19 0 d--hs---- C:\Users\Default\Application Data


-- Find3M Report ---------------------------------------------------------------

2008-03-31 17:29:31 27525 --a------ C:\Users\Elliott\AppData\Roaming\nvModes.001
2008-03-28 18:05:09 0 d-------- C:\Users\Elliott\AppData\Roaming\SUPERAntiSpyware.com
2008-03-28 18:04:50 0 d-------- C:\Program Files\Common Files
2008-03-28 16:24:00 0 d-------- C:\Users\Elliott\AppData\Roaming\Mozilla
2008-03-28 16:23:40 0 d-------- C:\Users\Elliott\AppData\Roaming\Grisoft
2008-03-28 00:07:48 35 --a------ C:\Users\Elliott\AppData\Roaming\SetValue.bat
2008-03-28 00:07:48 691 --a------ C:\Users\Elliott\AppData\Roaming\GetValue.vbs
2008-03-25 14:16:53 27525 --a------ C:\Users\Elliott\AppData\Roaming\nvModes.dat
2008-03-25 13:49:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-22 11:57:28 0 d-------- C:\Program Files\Microsoft Games
2008-03-21 10:38:16 0 d-------- C:\Users\Elliott\AppData\Roaming\Adobe
2008-03-20 11:43:43 0 d-------- C:\Users\Elliott\AppData\Roaming\Yahoo!
2008-03-15 13:05:01 0 d-------- C:\Users\Elliott\AppData\Roaming\PeerNetworking
2008-03-15 12:46:31 31007 --a------ C:\Users\Elliott\AppData\Roaming\UserTile.png
2008-03-14 21:39:39 0 d-------- C:\Users\Elliott\AppData\Roaming\CyberLink
2008-03-11 22:34:42 0 d-------- C:\Program Files\Windows Mail
2008-03-11 19:41:08 0 d-------- C:\Users\Elliott\AppData\Roaming\Alfac
2008-03-11 19:25:27 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-06 17:37:51 0 d-------- C:\Users\Elliott\AppData\Roaming\Google
2008-03-06 17:12:09 0 d-------- C:\Users\Elliott\AppData\Roaming\Macromedia
2008-03-05 23:53:22 0 d-------- C:\Program Files\Windows Sidebar
2008-03-05 23:16:10 0 d-------- C:\Users\Elliott\AppData\Roaming\Roxio
2008-03-05 22:26:56 0 d-------- C:\Users\Elliott\AppData\Roaming\Creative
2008-03-05 21:58:18 0 d-------- C:\Users\Elliott\AppData\Roaming\Intel
2008-03-05 21:43:46 0 d-------- C:\Users\Elliott\AppData\Roaming\Identities
2008-02-28 14:03:39 0 d-------- C:\Program Files\DellTPad
2008-02-28 13:56:32 0 d-------- C:\Program Files\Windows Calendar
2008-02-28 13:52:00 0 d-------- C:\Program Files\Windows Defender
2008-02-28 06:39:28 0 d-------- C:\Program Files\Dell
2008-02-28 06:38:55 0 d-------- C:\Program Files\Tiscali
2008-02-28 06:38:44 0 d-------- C:\Program Files\Microsoft Works
2008-02-28 06:38:01 0 d-------- C:\Program Files\Roxio
2008-02-28 06:38:01 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-02-28 06:36:59 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-02-28 06:36:56 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-02-28 06:36:55 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-02-28 06:34:33 0 d-------- C:\Program Files\CyberLink
2008-02-28 06:33:04 0 d-------- C:\Program Files\Dell Support Center
2008-02-28 06:32:58 0 d-------- C:\Program Files\Common Files\supportsoft
2008-02-28 06:31:02 0 d-------- C:\Program Files\Google
2008-02-28 06:30:35 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-28 06:29:39 0 d-------- C:\Program Files\Online Services
2008-02-28 06:25:17 0 d-------- C:\Program Files\Intel
2008-02-28 06:24:43 76 -r-hs---- C:\Windows\CT4CET.bin
2008-02-28 06:24:31 0 d-------- C:\Program Files\Creative
2008-02-28 06:24:21 0 d-------- C:\Program Files\Common Files\Reallusion
2008-02-28 06:23:41 0 d-------- C:\Program Files\Creative Live! Cam
2008-02-28 06:22:59 0 d-------- C:\Program Files\Fingerprint Reader Suite
2008-02-28 06:21:06 0 d-------- C:\Program Files\Intel, Inc
2008-02-28 06:20:09 0 d-------- C:\Program Files\Java
2008-02-28 06:20:09 0 d-------- C:\Program Files\Common Files\Java
2008-02-28 06:11:16 174 --ahs---- C:\Program Files\desktop.ini
2008-02-28 06:09:25 0 d-------- C:\Program Files\Sigmatel


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [28/02/2008 13:51]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 07:03]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [07/09/2007 09:50]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [28/08/2007 06:51]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [03/12/2007 05:28]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [28/09/2007 07:24]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [28/09/2007 07:24]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [28/09/2007 07:24]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [28/09/2007 07:24]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [28/02/2008 06:20]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [16/04/2007 23:50]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [27/07/2007 17:43]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [21/03/2007 14:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04:06]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [28/02/2008 06:31]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 10:24]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [01/11/2007 16:39]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [26/06/2007 14:48]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 06:59]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [05/03/2008 22:19]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 17:03]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [07/09/2007 17:27:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 17/04/2007 00:04 86528 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-31 17:43:13 ------------
  • 0

#9
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi ezbob,

Your computer looks clean of malware! :) However, one more step. You have 3 anti spyware products running: AVG anti spyware, Windows Defender and SUPERAntiSpyware. This is not a good idea because several anti spyware products reduce your protection and will slow down your system. Please go to Add/Remove programs and remove two of the anti spyware products installed, to your choice.

We also recommend that you install an anti virus in addition to the protection that the anti spyware offers. There are several excellent free anti virus products: AVG Free, AntiVir and more. Click the links to go to their download page.

Please include a new HijackThis log in your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP