Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan conhook.d PLESE HELP


  • Please log in to reply

#1
mblankgpb

mblankgpb

    New Member

  • Member
  • Pip
  • 1 posts
my brand new computer (running vista) seems to have been infected with conhook.d, and windows defender can't get rid of it. i am not too computery, and would really appreciate it if someone would help me get rid of it!

my DSS logs:

Deckard's System Scanner v20071014.68
Run by Paul on 2008-04-05 16:01:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
15: 2008-04-05 22:55:54 UTC - RP35 - Windows Defender Checkpoint
14: 2008-04-05 21:45:04 UTC - RP33 - Installed AdwareAlert
13: 2008-04-05 21:18:11 UTC - RP32 - Windows Defender Checkpoint
12: 2008-04-05 19:44:08 UTC - RP30 - ComboFix created restore point
11: 2008-04-05 19:30:33 UTC - RP29 - ComboFix created restore point


-- First Restore Point --
1: 2008-04-04 22:22:40 UTC - RP18 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-05 16:02:49
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Paul\Documents\Final Draft 7\Final Draft.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Paul\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...amp;ibd=0080325
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Paul\AppData\Local\Temp\yayaWNfe.dll,c
O4 - HKCU\..\Run: [BMf5980c90] Rundll32.exe "C:\Users\Paul\AppData\Local\Temp\yrdkakgh.dll",s
O4 - HKCU\..\Run: [f6ab3f0c] rundll32.exe "C:\Users\Paul\AppData\Local\Temp\vnmntuxd.dll",b
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Paul\AppData\Local\Temp\htoxkmof.dll",run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\AEstSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 9110 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-05 15:42:35 494 --a------ C:\Windows\Tasks\AdwareAlert Scheduled Scan.job


-- Files created between 2008-03-05 and 2008-04-05 -----------------------------

2008-04-05 14:49:12 0 d-------- C:\VundoFix Backups
2008-04-05 14:45:22 0 d-------- C:\Program Files\AdwareAlert
2008-04-05 13:34:32 0 d-------- C:\Downloads
2008-04-05 13:21:48 0 d-------- C:\Program Files\FlashGet
2008-04-05 12:55:47 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-05 12:46:06 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-05 12:30:15 68096 --a------ C:\Windows\zip.exe
2008-04-05 12:30:15 49152 --a------ C:\Windows\VFind.exe
2008-04-05 12:30:15 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-05 12:30:15 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-05 12:30:15 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-05 12:30:15 98816 --a------ C:\Windows\sed.exe
2008-04-05 12:30:15 80412 --a------ C:\Windows\grep.exe
2008-04-05 12:30:15 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-05 11:58:54 0 d-------- C:\Program Files\RapidSolution
2008-04-05 11:46:02 0 d-------- C:\Program Files\iPod
2008-04-05 11:45:57 0 d-------- C:\Program Files\iTunes
2008-04-05 11:45:10 0 d-------- C:\Program Files\Bonjour
2008-04-05 11:44:10 0 d-------- C:\Program Files\QuickTime
2008-04-05 11:44:08 0 d-------- C:\Users\All Users\Apple Computer
2008-04-05 11:43:30 0 d-------- C:\Program Files\Apple Software Update
2008-04-05 11:42:43 0 d-------- C:\Program Files\Common Files\Apple
2008-04-05 11:42:42 0 d-------- C:\Users\All Users\Apple
2008-04-05 11:31:55 0 d-------- C:\Program Files\The Holy Bible
2008-04-05 00:39:28 0 d-------- C:\Users\All Users\Viewpoint
2008-04-05 00:39:27 0 d-------- C:\Program Files\Viewpoint
2008-04-05 00:39:15 0 d-------- C:\Users\All Users\AOL
2008-04-05 00:39:15 0 d-------- C:\Users\All Users\AOL OCP
2008-04-05 00:38:58 0 d-------- C:\Program Files\Common Files\AOL
2008-04-05 00:38:38 0 d-------- C:\Program Files\AIM6
2008-04-04 23:25:06 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-04-04 23:23:36 0 d-------- C:\Users\All Users\RapidSolution
2008-04-04 17:32:08 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-04-04 17:32:08 0 d-------- C:\Program Files\Common Files\Napster Shared
2008-04-04 17:31:26 0 d-------- C:\Users\All Users\Napster
2008-04-04 17:31:12 0 d-------- C:\Program Files\Napster
2008-04-04 17:06:33 0 d-------- C:\Users\All Users\Final Draft
2008-04-04 16:53:27 29696 --a------ C:\Windows\system32\VB5StKit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-04 16:53:26 71680 --a------ C:\Windows\ST5UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Videos
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\Templates
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\Start Menu
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\SendTo
2008-04-04 16:44:03 0 d-------- C:\Users\Administrator\Saved Games
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\Recent
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\PrintHood
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Pictures
2008-04-04 16:44:03 262144 --ahs---- C:\Users\Administrator\NTUSER.DAT
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\NetHood
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\My Documents
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Music
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\Local Settings
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Links
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Favorites
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Downloads
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Documents
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Desktop
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\Cookies
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\Application Data
2008-04-04 16:44:03 0 d--h----- C:\Users\Administrator\AppData
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Videos
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\Templates
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\Start Menu
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\SendTo
2008-04-04 15:44:23 0 d-------- C:\Users\Paul Hardy\Saved Games
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\Recent
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\PrintHood
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Pictures
2008-04-04 15:44:23 262144 --ahs---- C:\Users\Paul Hardy\NTUSER.DAT
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\NetHood
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\My Documents
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Music
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\Local Settings
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Links
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Favorites
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Downloads
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Documents
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Desktop
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\Cookies
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\Application Data
2008-04-04 15:44:23 0 d--h----- C:\Users\Paul Hardy\AppData
2008-04-04 15:33:32 0 d-------- C:\Program Files\MSXML 4.0
2008-04-04 14:56:33 0 d-------- C:\Intel
2008-04-04 14:56:20 0 dr------- C:\Users\Paul\Searches
2008-04-04 14:56:13 0 dr------- C:\Users\Paul\Contacts
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Videos
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\Templates
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\Start Menu
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\SendTo
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Saved Games
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\Recent
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\PrintHood
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Pictures
2008-04-04 14:55:45 2359296 --ahs---- C:\Users\Paul\NTUSER.DAT
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\NetHood
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\My Documents
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Music
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\Local Settings
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Links
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Favorites
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Downloads
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Documents
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Desktop
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\Cookies
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\Application Data
2008-04-04 14:55:45 0 d--h----- C:\Users\Paul\AppData
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\Templates
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\Start Menu
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\SendTo
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\Recent
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\PrintHood
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\NetHood
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\My Documents
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\Local Settings
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\Cookies
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\Application Data
2008-04-04 14:52:14 0 d--hs---- C:\Users\All Users\Templates
2008-04-04 14:52:14 0 d--hs---- C:\Users\All Users\Start Menu
2008-04-04 14:52:14 0 d--hs---- C:\Users\All Users\Favorites
2008-04-04 14:52:14 0 d--hs---- C:\Users\All Users\Documents
2008-04-04 14:52:14 0 d--hs---- C:\Users\All Users\Desktop
2008-04-04 14:52:14 0 d--hs---- C:\Users\All Users\Application Data
2008-03-25 03:03:03 0 d-------- C:\Program Files\DellTPad
2008-03-25 02:49:00 0 d-------- C:\Windows\Users
2008-03-25 02:45:17 0 d-------- C:\doctemp
2008-03-25 02:43:10 0 d-------- C:\Windows\system32\oem
2008-03-25 02:43:10 0 d-------- C:\Drivers
2008-03-25 02:43:10 0 d-------- C:\DELL
2008-03-24 19:34:13 0 d-------- C:\Program Files\Microsoft Works
2008-03-24 19:33:50 0 d-------- C:\Users\All Users\Dell
2008-03-24 19:31:49 0 d-------- C:\Users\All Users\CyberLink
2008-03-24 19:31:22 0 d-------- C:\Program Files\CyberLink
2008-03-24 19:31:09 0 d-------- C:\Users\All Users\SupportSoft
2008-03-24 19:30:54 0 d-------- C:\Program Files\Dell Support Center
2008-03-24 19:30:08 0 d-------- C:\Program Files\Common Files\supportsoft
2008-03-24 19:29:15 0 d-------- C:\Users\All Users\Google
2008-03-24 19:29:13 0 d-------- C:\Program Files\Google
2008-03-24 19:28:02 0 d-------- C:\Users\All Users\Roxio
2008-03-24 19:25:48 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-03-24 19:25:46 0 d-------- C:\Users\All Users\InstallShield
2008-03-24 19:25:46 0 d-------- C:\Program Files\Roxio
2008-03-24 19:25:34 0 d-------- C:\Users\All Users\Sonic
2008-03-24 19:25:30 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-24 19:25:04 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-24 19:24:50 126976 --a------ C:\Windows\system32\Imsmudlg.exe <Not Verified; Intel® Corporation; Uninstset Installation Utility>
2008-03-24 19:24:50 0 d-------- C:\Windows\system32\ENU
2008-03-24 19:24:44 0 d-------- C:\Program Files\Intel
2008-03-24 19:19:39 76 -r-hs---- C:\Windows\CT4CET.bin
2008-03-24 19:19:28 0 d-------- C:\Documents and Settings
2008-03-24 19:19:18 0 d-------- C:\Program Files\Common Files\Reallusion
2008-03-24 19:18:43 0 d-------- C:\Program Files\Creative Live! Cam
2008-03-24 19:18:34 0 d-------- C:\Program Files\Dell
2008-03-24 19:18:28 0 d-------- C:\Program Files\Creative
2008-03-24 19:17:46 0 d-------- C:\Program Files\Digital Line Detect
2008-03-24 19:17:20 0 d-------- C:\Program Files\NetWaiting
2008-03-24 19:17:17 0 d-------- C:\Program Files\Modem Diagnostic Tool
2008-03-24 19:17:10 0 d-------- C:\Windows\java
2008-03-24 19:17:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-24 19:17:09 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-24 19:17:02 0 d-------- C:\Program Files\Java
2008-03-24 19:17:02 0 d-------- C:\Program Files\Common Files\Java
2008-03-24 19:17:00 0 d--hs---- C:\Windows\Installer
2008-03-24 19:16:29 0 d-------- C:\Windows\system32\Macromed
2008-03-24 19:09:30 0 d-------- C:\Windows\SoftwareDistribution
2008-03-24 19:08:49 0 d-------- C:\Program Files\CONEXANT
2008-03-24 19:08:36 0 d-------- C:\Program Files\Sigmatel
2008-03-24 19:07:28 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-04-05 15:45:07 0 d-------- C:\Users\Paul\AppData\Roaming\Tunebite
2008-04-05 14:45:37 0 d-------- C:\Users\Paul\AppData\Roaming\AdwareAlert
2008-04-05 11:46:29 0 d-------- C:\Users\Paul\AppData\Roaming\Apple Computer
2008-04-05 11:42:43 0 d-------- C:\Program Files\Common Files
2008-04-05 00:43:16 0 d-------- C:\Users\Paul\AppData\Roaming\acccore
2008-04-04 23:47:42 0 d-------- C:\Users\Paul\AppData\Roaming\WinRAR
2008-04-04 17:32:29 0 d-------- C:\Users\Paul\AppData\Roaming\Roxio
2008-04-04 17:30:03 0 d-------- C:\Users\Paul\AppData\Roaming\InstallShield
2008-04-04 17:06:33 0 d-------- C:\Users\Paul\AppData\Roaming\Final Draft
2008-04-04 16:47:48 0 d-------- C:\Users\Paul\AppData\Roaming\Mozilla
2008-04-04 16:30:11 0 d-------- C:\Program Files\Windows Mail
2008-04-04 15:30:52 0 d-------- C:\Users\Paul\AppData\Roaming\Google
2008-04-04 15:30:19 0 d-------- C:\Users\Paul\AppData\Roaming\Macromedia
2008-04-04 15:29:14 0 d-------- C:\Users\Paul\AppData\Roaming\Template
2008-04-04 15:29:12 0 --a------ C:\Users\Paul\AppData\Roaming\wklnhst.dat
2008-04-04 15:23:18 0 d-------- C:\Users\Paul\AppData\Roaming\Adobe
2008-04-04 14:56:14 0 d-------- C:\Users\Paul\AppData\Roaming\Identities
2008-03-25 02:57:10 0 d-------- C:\Program Files\Windows Calendar
2008-03-25 02:53:37 0 d-------- C:\Program Files\Windows Defender
2008-03-25 02:52:32 0 d-------- C:\Program Files\Windows Sidebar
2008-03-24 19:10:14 174 --ahs---- C:\Program Files\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/25/2008 02:53 AM]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [01/18/2008 04:40 AM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [09/06/2007 11:49 PM]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [08/27/2007 10:51 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [11/12/2007 04:07 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [12/14/2007 08:54 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [12/14/2007 08:53 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [12/14/2007 08:53 PM]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [07/27/2007 02:43 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [03/21/2007 11:00 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 09:37 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [03/24/2008 07:29 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [02/13/2008 05:21 PM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [11/01/2007 01:39 PM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [12/10/2007 02:35 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Tunebite"="C:\Program Files\RapidSolution\Tunebite\Tunebite.exe" [02/28/2008 05:23 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 01:21 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"cmds"="C:\Users\Paul\AppData\Local\Temp\yayaWNfe.dll,c" []
"BMf5980c90"="C:\Users\Paul\AppData\Local\Temp\yrdkakgh.dll,s" []
"f6ab3f0c"="C:\Users\Paul\AppData\Local\Temp\vnmntuxd.dll,b" []
"MS Juan"="C:\Users\Paul\AppData\Local\Temp\htoxkmof.dll,run" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/24/2008 7:18:06 PM]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [9/7/2007 2:27:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97676397-0290-11dd-8ca1-001de04f22f1}]
AutoRun\command- G:\.\MigWiz\migsetup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-05 16:03:59 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 2037.43 MiB / 907.89 MiB
Pagefile Memory (total/avail): 4308.16 MiB / 3093.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.65 MiB

C: is Fixed (NTFS) - 136.5 GiB total, 104.62 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.82 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9160823ASG - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 136.5 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Paul\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PAULBOT
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Paul
LOCALAPPDATA=C:\Users\Paul\AppData\Local
LOGONSERVER=\\PAULBOT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Paul\AppData\Local\Temp
TMP=C:\Users\Paul\AppData\Local\Temp
USERDOMAIN=Paulbot
USERNAME=Paul
USERPROFILE=C:\Users\Paul
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Paul
Paul Hardy (new local)
Administrator (new local)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AdwareAlert --> MsiExec.exe /X{B94DE948-AAF7-48F3-AA8B-1FF399FD8EC9}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Dell Getting Started Guide --> MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
FlashGet(JetCar) --> C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Laptop Integrated Webcam Driver (1.03.02.0719) --> C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator --> C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0 --> C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Music, Photos & Videos Launcher --> MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
Napster --> C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PixiePack Codec Pack --> MsiExec.exe /I{582610B8-E496-4813-993C-4B027173FE38}
Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickSet --> MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Holy Bible KJV Ver.8 --> C:\Windows\ST5UNST.EXE -n "C:\Program Files\The Holy Bible\ST5UNST.LOG"
Tunebite --> MsiExec.exe /I{920C3228-F3F5-4A9B-A5BD-1D9AE41A9EDA}
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type300 / Error
Event Submitted/Written: 04/05/2008 03:55:54 PM
Event ID/Source: 8194 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {99ab47cb-93b4-438d-9fcc-fb28d8c020cc}

Event Record #/Type296 / Error
Event Submitted/Written: 04/05/2008 03:46:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program Explorer.EXE version 6.0.6000.16549 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: cb0
Start Time: 01c8976e79955429
Termination Time: 0

Event Record #/Type294 / Error
Event Submitted/Written: 04/05/2008 03:45:03 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, time stamp 0x47d7134a, faulting module idhijtmi.dll_unloaded, version 0.0.0.0, time stamp 0x092b2f27, exception code 0xc0000005, fault offset 0x03e9140a,
process id 0xe74, application start time 0xfirefox.exe0.

Event Record #/Type285 / Success
Event Submitted/Written: 04/05/2008 03:42:41 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type283 / Success
Event Submitted/Written: 04/05/2008 03:42:41 PM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4706 / Warning
Event Submitted/Written: 04/05/2008 04:02:59 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE04F22F1. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type4701 / Warning
Event Submitted/Written: 04/05/2008 03:59:41 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE04F22F1. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type4686 / Warning
Event Submitted/Written: 04/05/2008 03:55:14 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE04F22F1. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type4680 / Warning
Event Submitted/Written: 04/05/2008 03:47:44 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Paulbot27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Paulbot27 can't undo changes that you allow.

For more information please see the following:
%Paulbot275

Scan ID: {81778C84-93EE-49A3-955A-BE8AE7692082}

User: Paulbot\Paul

Name: %Paulbot271

ID: %Paulbot272

Severity ID: %Paulbot273

Category ID: %Paulbot274

Path Found: %Paulbot276

Alert Type: %Paulbot278

Detection Type: 1.1.1505.02

Event Record #/Type4678 / Warning
Event Submitted/Written: 04/05/2008 03:47:42 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Paulbot27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Paulbot27 can't undo changes that you allow.

For more information please see the following:
%Paulbot275

Scan ID: {ECA4D136-91AF-4B6B-9B95-203E50A08E29}

User: Paulbot\Paul

Name: %Paulbot271

ID: %Paulbot272

Severity ID: %Paulbot273

Category ID: %Paulbot274

Path Found: %Paulbot276

Alert Type: %Paulbot278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-04-05 16:03:59 ------------

my hijackthis! log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:21:59 PM, on 4/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Napster\napster.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Paul\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Paul\AppData\Local\Temp\ddcBUopN.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Paul\AppData\Local\Temp\yayaWNfe.dll,c
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BMf5980c90] Rundll32.exe "C:\Users\Paul\AppData\Local\Temp\bclvxhry.dll",s
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Paul\AppData\Local\Temp\yagydake.dll",run
O4 - HKCU\..\Run: [f6ab3f0c] rundll32.exe "C:\Users\Paul\AppData\Local\Temp\vnmntuxd.dll",b
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP