Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

System error pop-up

  • 18-02-2008 5:33pm
    #1
    Chucky the tree
    Closed Accounts Posts: 19,341 ✭✭✭✭


    I keep getting the "Your computer was infected by an unknown trojan please dl blah ****ing blah" message.

    I think it's the Zlob Trojan which is conatined in codecs etc etc. I have run Mcafee virus scan, came up blank. Rand spyboy S&D aswell, it supposedly delete everything it found but still it pops up when i open I.E* or my computer.




    *I use firefox but it doesnt appear when i open that, anyone know why? Is it cos IE is ****?


Comments

  • #2
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Do this

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


  • #3
    Chucky the tree
    Closed Accounts Posts: 19,341 ✭✭✭✭Chucky the tree


    link wont work for me. even googling it and when i click on techsupport forum it doesnt work.


    Firefox can't find the server at www.techsupportforum.com.








    * Check the address for typing errors such as
    ww.example.com instead of
    www.example.com

    * If you are unable to load any pages, check your computer's network
    connection.

    * If your computer or network is protected by a firewall or proxy, make sure
    that Firefox is permitted to access the Web.


  • #4
    aidan_walsh
    Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    I've mirrored the file here for you Chucky.


  • #5
    Chucky the tree
    Closed Accounts Posts: 19,341 ✭✭✭✭Chucky the tree


    Cheers Aidan.

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft® Windows Vista™ Home Premium (build 6000)
    Architecture: X86; Language: English

    CPU 0: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
    Percentage of Memory in Use: 40%
    Physical Memory (total/avail): 2045.43 MiB / 1206.92 MiB
    Pagefile Memory (total/avail): 4310.37 MiB / 3318.67 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1910.03 MiB

    C: is Fixed (NTFS) - 220.27 GiB total, 151.04 GiB free.
    D: is Fixed (NTFS) - 10 GiB total, 5.71 GiB free.
    E: is CDROM (UDF)

    \\.\PHYSICALDRIVE0 - SAMSUNG HM250JI - 232.88 GiB - 4 partitions
    \PARTITION0 - Unknown - 117.63 MiB
    \PARTITION1 - Installable File System - 10 GiB - D:
    \PARTITION2 (bootable) - Installable File System - 220.27 GiB - C:
    \PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB



    -- Security Center

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FW: McAfee Personal Firewall v (McAfee)
    AV: McAfee VirusScan v (McAfee)
    AS: McAfee VirusScan v (McAfee) Disabled
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Michael\AppData\Roaming
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=MICHAEL-PC
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Michael
    LOCALAPPDATA=C:\Users\Michael\AppData\Local
    LOGONSERVER=\\MICHAEL-PC
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f0d
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
    RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\Michael\AppData\Local\Temp
    TMP=C:\Users\Michael\AppData\Local\Temp
    USERDOMAIN=Michael-PC
    USERNAME=Michael
    USERPROFILE=C:\Users\Michael
    windir=C:\Windows


    -- User Profiles

    Michael
    postgres


    -- Add/Remove Programs

    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
    Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
    Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
    Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
    Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
    Broadcom Management Programs --> MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
    Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
    Carlospoker --> "C:\Poker\Carlospoker\_SetupPoker.exe" /uninstall
    Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
    DC++ 0.699 --> "C:\Program Files\DC++\uninstall.exe"
    Dell Getting Started Guide --> MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
    Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
    Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
    Dell Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
    Dell Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
    Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
    Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    Laptop Integrated Webcam Driver (1.04.01.1011) --> C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
    Live! Cam Avatar Creator --> C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
    Live! Cam Avatar v1.0 --> C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
    McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
    MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
    Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
    Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
    Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
    NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
    OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
    Poker Grapher --> MsiExec.exe /I{6923B7A5-78CF-4BF7-81C0-9C878443A52D}
    Poker Tracker Version 2.16.03d --> "C:\Program Files\Poker Tracker V2\unins000.exe"
    PokerAce Hud (remove only) --> "C:\Program Files\PokerAce Hud\uninstall.exe"
    PokerEV --> MsiExec.exe /I{2086314A-5129-4545-9026-0989E4BF6D67}
    PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
    PokerStove version 1.21 --> "C:\Program Files\PokerStove\unins000.exe"
    PostgreSQL 8.2 --> MsiExec.exe /I{1F701DBD-1660-4108-B10A-FB435EA63BF0}
    QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
    QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
    Rome - Total War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x9 -removeonly
    Rome Total War - patch 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}\Setup.exe" -l0x9
    Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
    Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
    Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
    WIDCOMM Bluetooth Software 6.0.1.3100 --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
    Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
    Windows Mobile Device Center Driver Update --> MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}


    -- Application Event Log

    Event Record #/Type1555 / Success
    Event Submitted/Written: 02/18/2008 05:17:20 PM
    Event ID/Source: 5617 / WinMgmt
    Event Description:


    Event Record #/Type1554 / Success
    Event Submitted/Written: 02/18/2008 05:17:17 PM
    Event ID/Source: 5615 / WinMgmt
    Event Description:


    Event Record #/Type1546 / Success
    Event Submitted/Written: 02/18/2008 05:16:24 PM
    Event ID/Source: 902 / Software Licensing Service
    Event Description:
    The Software Licensing service has started.

    Event Record #/Type1537 / Warning
    Event Submitted/Written: 02/18/2008 05:15:31 PM
    Event ID/Source: 6000 / Wlclntfy
    Event Description:
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Event Record #/Type1534 / Warning
    Event Submitted/Written: 02/18/2008 05:15:30 PM
    Event ID/Source: 6000 / Wlclntfy
    Event Description:
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type77593 / Warning
    Event Submitted/Written: 02/18/2008 05:16:11 PM
    Event ID/Source: 4 / bcm4sbxp
    Event Description:
    Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

    Event Record #/Type77580 / Error
    Event Submitted/Written: 02/18/2008 04:25:26 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    1084McNASvc{24F616A1-B755-4053-8018-C3425DC8B68A}

    Event Record #/Type77578 / Error
    Event Submitted/Written: 02/18/2008 04:22:44 PM
    Event ID/Source: 7001 / Service Control Manager
    Event Description:
    Network List ServiceNetwork Location Awareness%%1068

    Event Record #/Type77577 / Error
    Event Submitted/Written: 02/18/2008 04:22:44 PM
    Event ID/Source: 7001 / Service Control Manager
    Event Description:
    Network List ServiceNetwork Location Awareness%%1068

    Event Record #/Type77576 / Error
    Event Submitted/Written: 02/18/2008 04:22:44 PM
    Event ID/Source: 7001 / Service Control Manager
    Event Description:
    Network List ServiceNetwork Location Awareness%%1068



    -- End of Deckard's System Scanner: finished at 2008-02-18 18:23:52


  • #6
    Chucky the tree
    Closed Accounts Posts: 19,341 ✭✭✭✭Chucky the tree


    Deckard's System Scanner v20071014.68
    Run by Michael on 2008-02-18 18:19:03
    Computer is in Normal Mode.

    -- Last 5 Restore Point(s) --
    28: 2008-02-18 14:41:52 UTC - RP61 - Installed Windows Media Player Firefox Plugin
    27: 2008-02-16 14:36:57 UTC - RP60 - Scheduled Checkpoint
    26: 2008-02-16 02:13:27 UTC - RP59 - Windows Update
    25: 2008-02-14 00:10:38 UTC - RP58 - Windows Update
    24: 2008-02-12 23:55:14 UTC - RP57 - Windows Update


    -- First Restore Point --
    1: 2008-01-23 21:24:50 UTC - RP25 - Installed Rome - Total War


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Michael.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:22:31 PM, on 2/18/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\Users\Michael\Desktop\dss.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=0080122
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: MS Video Control 1.0 - {2A4601BC-8376-422D-A2FC-DDF0A40570BD} - C:\Windows\msvidc32.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3816084373-2460499903-3959369377-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O23 - Service: McAfee Application Installer Cleanup (0211581203357112) (0211581203357112mcinstcleanup) - Unknown owner - C:\Windows\TEMP\021158~1.EXE (file missing)
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8689 bytes

    -- File Associations

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    All drivers whitelisted.


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
    R2 pgsql-8.2 (PostgreSQL Database Server 8.2) - "c:\program files\postgresql\8.2\bin\pg_ctl.exe" runservice -w -n "pgsql-8.2" -d "c:\program files\postgresql\8.2\data\" <Not Verified; PostgreSQL Global Development Group; PostgreSQL>

    S2 0211581203357112mcinstcleanup (McAfee Application Installer Cleanup (0211581203357112)) - c:\windows\temp\021158~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
    S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


    -- Device Manager: Disabled

    No disabled devices found.


    -- Scheduled Tasks

    2008-01-22 12:18:10 348 --a
    C:\Windows\Tasks\McQcTask.job
    2008-01-22 12:18:10 356 --a
    C:\Windows\Tasks\McDefragTask.job


    -- Files created between 2008-01-18 and 2008-02-18

    2008-02-18 18:21:41 0 d
    C:\Program Files\Trend Micro
    2008-02-18 17:37:23 0 d
    C:\Windows\system32\Kaspersky Lab
    2008-02-18 16:01:12 0 d
    C:\Users\All Users\Spybot - Search & Destroy
    2008-02-18 15:09:28 227328 --a
    C:\Windows\msvidc32.dll <Not Verified; Adobe; >
    2008-02-18 15:09:27 53 --a
    C:\tmp.bat
    2008-02-18 15:08:12 0 d
    C:\Program Files\Universal
    2008-02-15 20:19:27 0 d
    C:\Program Files\Soulseek
    2008-02-15 20:00:20 0 d
    C:\Program Files\DC++
    2008-02-11 01:30:54 0 d
    C:\Program Files\PokerEV
    2008-02-09 20:01:26 0 d
    C:\Live sets
    2008-02-04 22:06:41 0 d
    C:\Program Files\PokerStove
    2008-02-04 16:54:28 0 d
    C:\Program Files\PokerStars
    2008-02-02 01:32:13 1158 --a
    C:\Windows\mozver.dat
    2008-02-02 00:53:10 0 d
    C:\Windows\Sun
    2008-02-01 22:32:50 0 d-a
    C:\Users\All Users\TEMP
    2008-02-01 22:04:33 0 d
    C:\Program Files\Poker Grapher
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Templates
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Start Menu
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\SendTo
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Recent
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\PrintHood
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\NetHood
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\My Documents
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Local Settings
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Cookies
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Application Data
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Videos
    2008-02-01 20:21:52 0 d
    C:\Users\postgres\Saved Games
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Pictures
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Music
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Links
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Favorites
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Downloads
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Documents
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Desktop
    2008-02-01 20:21:52 0 d--h
    C:\Users\postgres\AppData
    2008-02-01 20:21:51 262144 --ahs---- C:\Users\postgres\NTUSER.DAT
    2008-02-01 20:20:29 0 d
    C:\Program Files\PostgreSQL
    2008-02-01 19:28:57 0 d
    C:\Program Files\PokerAce Hud
    2008-01-31 21:49:00 0 d
    C:\Program Files\iPod
    2008-01-31 21:48:58 0 d
    C:\Program Files\iTunes
    2008-01-31 21:48:10 0 d
    C:\Program Files\Bonjour
    2008-01-31 21:47:22 0 d
    C:\Program Files\QuickTime
    2008-01-31 21:47:21 0 d
    C:\Users\All Users\Apple Computer
    2008-01-31 21:46:44 0 d
    C:\Program Files\Apple Software Update
    2008-01-31 21:45:29 0 d
    C:\Program Files\Common Files\Apple
    2008-01-31 21:45:27 0 d
    C:\Users\All Users\Apple
    2008-01-30 22:57:40 0 d
    C:\Program Files\MSXML 4.0
    2008-01-30 19:08:44 0 d
    C:\Program Files\Poker Tracker V2
    2008-01-30 18:50:52 0 d
    C:\Windows\Internet Logs
    2008-01-30 18:45:55 0 --a
    C:\Windows\nsreg.dat
    2008-01-26 15:22:30 0 d
    C:\postgresql-8.2.1-1
    2008-01-26 15:15:55 0 d
    C:\Downloads
    2008-01-26 15:15:35 0 d
    C:\Betting Records
    2008-01-26 15:14:30 0 d
    C:\Poker
    2008-01-26 15:13:29 0 d
    C:\Music
    2008-01-26 15:11:16 0 d
    C:\Poker Tracker V2
    2008-01-26 15:09:43 0 d
    C:\ZyXEL Technology Corporation
    2008-01-23 21:25:07 0 d
    C:\Program Files\The Creative Assembly
    2008-01-23 21:20:26 0 d
    C:\Users\Michael\Bluetooth Software
    2008-01-23 21:19:40 0 dr
    C:\Users\Michael\Searches
    2008-01-23 21:19:30 0 dr
    C:\Users\Michael\Contacts
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Videos
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Templates
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Start Menu
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\SendTo
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Saved Games
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Recent
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\PrintHood
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Pictures
    2008-01-23 21:18:39 1310720 --ahs---- C:\Users\Michael\NTUSER.DAT
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\NetHood
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\My Documents
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Music
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Local Settings
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Links
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Favorites
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Downloads
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Documents
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Desktop
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Cookies
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Application Data
    2008-01-23 21:18:39 0 d--h
    C:\Users\Michael\AppData
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Templates
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Start Menu
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\SendTo
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Recent
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\PrintHood
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\NetHood
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\My Documents
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Local Settings
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Cookies
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Application Data
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Templates
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Start Menu
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Favorites
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Documents
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Desktop
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Application Data
    2008-01-22 19:35:58 0 d
    C:\Program Files\DellTPad
    2008-01-22 19:25:01 0 d
    C:\Windows\Users
    2008-01-22 19:20:41 0 d
    C:\doctemp
    2008-01-22 19:18:51 0 d
    C:\Windows\system32\oem
    2008-01-22 19:18:51 0 d
    C:\Drivers
    2008-01-22 19:18:51 0 d
    C:\DELL
    2008-01-22 12:21:12 0 d
    C:\Users\All Users\NVIDIA
    2008-01-22 12:15:33 0 d
    C:\Program Files\Microsoft Works
    2008-01-22 12:14:46 0 d
    C:\Users\All Users\SupportSoft
    2008-01-22 12:14:26 0 d
    C:\Program Files\Dell Support Center
    2008-01-22 12:13:40 0 d
    C:\Program Files\Common Files\supportsoft
    2008-01-22 12:12:18 143360 --a
    C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
    2008-01-22 12:11:27 0 d
    C:\Program Files\McAfee.com
    2008-01-22 12:11:26 0 d
    C:\Program Files\Common Files\McAfee
    2008-01-22 12:11:25 0 d
    C:\Program Files\McAfee
    2008-01-22 12:11:23 0 d
    C:\Users\All Users\McAfee
    2008-01-22 12:11:16 0 d
    C:\Users\All Users\Google
    2008-01-22 12:11:15 0 d
    C:\Program Files\Google
    2008-01-22 12:10:41 0 d
    C:\Users\All Users\Adobe
    2008-01-22 12:10:37 0 d
    C:\Program Files\Common Files\Adobe
    2008-01-22 12:09:45 0 d
    C:\Users\All Users\Dell
    2008-01-22 12:09:45 0 d
    C:\Users\All Users\CyberLink
    2008-01-22 12:09:35 44544 --a
    C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
    2008-01-22 12:09:24 0 d
    C:\Program Files\CyberLink
    2008-01-22 12:08:15 0 d
    C:\Users\All Users\Roxio
    2008-01-22 12:06:03 0 d
    C:\Program Files\Common Files\SureThing Shared
    2008-01-22 12:06:02 0 d
    C:\Users\All Users\InstallShield
    2008-01-22 12:06:01 0 d
    C:\Program Files\Roxio
    2008-01-22 12:05:51 0 d
    C:\Users\All Users\Sonic
    2008-01-22 12:05:45 0 d
    C:\Program Files\Common Files\Sonic Shared
    2008-01-22 12:05:05 0 d
    C:\Program Files\Common Files\Roxio Shared
    2008-01-22 12:03:52 229376 --a
    C:\Windows\system32\BtwRSupport.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 6.0.1.3100>
    2008-01-22 12:03:32 0 d
    C:\Windows\system32\es-MX
    2008-01-22 12:03:31 0 d
    C:\Windows\system32\es-AR
    2008-01-22 12:03:30 0 d
    C:\Program Files\WIDCOMM
    2008-01-22 12:02:59 76 -r-hs---- C:\Windows\CT4CET.bin
    2008-01-22 12:02:35 0 d
    C:\Documents and Settings
    2008-01-22 12:02:19 0 d
    C:\Program Files\Common Files\Reallusion
    2008-01-22 12:01:52 0 d
    C:\Program Files\Common Files\Creative
    2008-01-22 12:01:33 0 d
    C:\Program Files\Creative Live! Cam
    2008-01-22 12:00:56 0 d
    C:\Program Files\Creative
    2008-01-22 12:00:36 0 d
    C:\Program Files\Broadcom
    2008-01-22 12:00:31 0 d
    C:\Windows\Downloaded Installations
    2008-01-22 11:59:55 0 d
    C:\Program Files\Digital Line Detect
    2008-01-22 11:59:21 0 d
    C:\Program Files\NetWaiting
    2008-01-22 11:59:18 0 d
    C:\Program Files\Modem Diagnostic Tool
    2008-01-22 11:58:31 0 d
    C:\Program Files\Dell
    2008-01-22 11:56:54 0 d
    C:\Windows\java
    2008-01-22 11:56:54 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-01-22 11:56:52 0 d
    C:\Program Files\Common Files\InstallShield
    2008-01-22 11:56:44 0 d
    C:\Program Files\Java
    2008-01-22 11:56:44 0 d
    C:\Program Files\Common Files\Java
    2008-01-22 11:54:31 0 d--hs---- C:\Windows\Installer
    2008-01-22 11:53:23 0 d
    C:\Windows\system32\Macromed
    2008-01-22 11:43:34 12 --a
    C:\Windows\bthservsdp.dat
    2008-01-22 11:42:34 0 d
    C:\Windows\SoftwareDistribution
    2008-01-22 11:42:29 0 d
    C:\Program Files\CONEXANT
    2008-01-22 11:42:13 0 d
    C:\Program Files\Sigmatel
    2008-01-22 11:41:10 0 d--hs---- C:\System Volume Information


    -- Find3M Report

    2008-02-18 17:16:37 27525 --a
    C:\Users\Michael\AppData\Roaming\nvModes.001
    2008-02-05 01:02:41 27525 --a
    C:\Users\Michael\AppData\Roaming\nvModes.dat
    2008-02-04 16:57:30 6 --ahs---- C:\Users\Michael\AppData\Roaming\desktop.ini
    2008-02-02 01:32:54 0 d
    C:\Users\Michael\AppData\Roaming\Adobe
    2008-02-02 00:52:58 0 d
    C:\Users\Michael\AppData\Roaming\Macromedia
    2008-01-31 21:49:35 0 d
    C:\Users\Michael\AppData\Roaming\Apple Computer
    2008-01-31 21:45:29 0 d
    C:\Program Files\Common Files
    2008-01-31 18:31:05 0 d
    C:\Program Files\Windows Mail
    2008-01-31 18:31:02 0 d
    C:\Program Files\Windows Sidebar
    2008-01-30 18:45:53 0 d
    C:\Users\Michael\AppData\Roaming\Mozilla
    2008-01-30 17:02:21 0 d
    C:\Users\Michael\AppData\Roaming\Google
    2008-01-28 22:43:19 0 d
    C:\Users\Michael\AppData\Roaming\CyberLink
    2008-01-23 21:20:37 0 d
    C:\Users\Michael\AppData\Roaming\Roxio
    2008-01-23 21:19:32 0 d
    C:\Users\Michael\AppData\Roaming\Identities
    2008-01-22 19:30:59 0 d
    C:\Program Files\Windows Calendar
    2008-01-22 19:27:34 0 d
    C:\Program Files\Windows Defender
    2008-01-22 11:44:12 174 --ahs---- C:\Program Files\desktop.ini


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A4601BC-8376-422D-A2FC-DDF0A40570BD}]
    02/18/2008 03:09 PM 227328 --a
    C:\Windows\msvidc32.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
    09/19/2007 06:15 AM 329032 --a
    C:\Program Files\McAfee\MSK\mcapbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/22/2008 07:27 PM]
    "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [09/24/2007 09:27 AM]
    "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [12/03/2007 05:58 AM]
    "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [09/07/2007 06:23 PM]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [09/25/2007 08:40 AM]
    "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [09/25/2007 08:40 AM]
    "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 11:37 AM]
    "@=" []
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 11:35 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 5:55:50 PM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/22/2008 12:00:19 PM]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [1/22/2008 11:59:17 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
    "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
    RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    "C:\Program Files\Dell\MediaDirect\PCMService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ
    WindowsMobile wcescomm rapimgr
    LocalServiceRestricted WcesComm RapiMgr


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a41c32c-c8de-11dc-a314-806e6f6e6963}]
    AutoRun\command- E:\Launch.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-02-18 18:23:52


  • Advertisement
  • #7
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: MS Video Control 1.0 - {2A4601BC-8376-422D-A2FC-DDF0A40570BD} - C:\Windows\msvidc32.dll

    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      C:\Windows\msvidc32.dll 
C:\tmp.bat
E:\Launch.exe
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      purity
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a41c32c-c8de-11dc-a314-806e6f6e6963}
    • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Reboot and post a new DSS log


  • #8
    Chucky the tree
    Closed Accounts Posts: 19,341 ✭✭✭✭Chucky the tree


    Deckard's System Scanner v20071014.68
    Run by Michael on 2008-02-18 19:11:29
    Computer is in Normal Mode.



    -- HijackThis (run as Michael.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:11:31 PM, on 2/18/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\Windows\notepad.exe
    C:\Users\Michael\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=0080122
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3816084373-2460499903-3959369377-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O23 - Service: McAfee Application Installer Cleanup (0211581203357112) (0211581203357112mcinstcleanup) - Unknown owner - C:\Windows\TEMP\021158~1.EXE (file missing)
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8567 bytes

    -- Files created between 2008-01-18 and 2008-02-18

    2008-02-18 18:21:41 0 d
    C:\Program Files\Trend Micro
    2008-02-18 17:37:23 0 d
    C:\Windows\system32\Kaspersky Lab
    2008-02-18 16:01:12 0 d
    C:\Users\All Users\Spybot - Search & Destroy
    2008-02-18 15:09:27 53 --a
    C:\tmp.bat
    2008-02-18 15:08:12 0 d
    C:\Program Files\Universal
    2008-02-15 20:19:27 0 d
    C:\Program Files\Soulseek
    2008-02-15 20:00:20 0 d
    C:\Program Files\DC++
    2008-02-11 01:30:54 0 d
    C:\Program Files\PokerEV
    2008-02-09 20:01:26 0 d
    C:\Live sets
    2008-02-04 22:06:41 0 d
    C:\Program Files\PokerStove
    2008-02-04 16:54:28 0 d
    C:\Program Files\PokerStars
    2008-02-02 01:32:13 1158 --a
    C:\Windows\mozver.dat
    2008-02-02 00:53:10 0 d
    C:\Windows\Sun
    2008-02-01 22:32:50 0 d-a
    C:\Users\All Users\TEMP
    2008-02-01 22:04:33 0 d
    C:\Program Files\Poker Grapher
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Templates
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Start Menu
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\SendTo
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Recent
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\PrintHood
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\NetHood
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\My Documents
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Local Settings
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Cookies
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Application Data
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Videos
    2008-02-01 20:21:52 0 d
    C:\Users\postgres\Saved Games
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Pictures
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Music
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Links
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Favorites
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Downloads
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Documents
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Desktop
    2008-02-01 20:21:52 0 d--h
    C:\Users\postgres\AppData
    2008-02-01 20:21:51 262144 --ahs---- C:\Users\postgres\NTUSER.DAT
    2008-02-01 20:20:29 0 d
    C:\Program Files\PostgreSQL
    2008-02-01 19:28:57 0 d
    C:\Program Files\PokerAce Hud
    2008-01-31 21:49:00 0 d
    C:\Program Files\iPod
    2008-01-31 21:48:58 0 d
    C:\Program Files\iTunes
    2008-01-31 21:48:10 0 d
    C:\Program Files\Bonjour
    2008-01-31 21:47:22 0 d
    C:\Program Files\QuickTime
    2008-01-31 21:47:21 0 d
    C:\Users\All Users\Apple Computer
    2008-01-31 21:46:44 0 d
    C:\Program Files\Apple Software Update
    2008-01-31 21:45:29 0 d
    C:\Program Files\Common Files\Apple
    2008-01-31 21:45:27 0 d
    C:\Users\All Users\Apple
    2008-01-30 22:57:40 0 d
    C:\Program Files\MSXML 4.0
    2008-01-30 19:08:44 0 d
    C:\Program Files\Poker Tracker V2
    2008-01-30 18:50:52 0 d
    C:\Windows\Internet Logs
    2008-01-30 18:45:55 0 --a
    C:\Windows\nsreg.dat
    2008-01-26 15:22:30 0 d
    C:\postgresql-8.2.1-1
    2008-01-26 15:15:55 0 d
    C:\Downloads
    2008-01-26 15:15:35 0 d
    C:\Betting Records
    2008-01-26 15:14:30 0 d
    C:\Poker
    2008-01-26 15:13:29 0 d
    C:\Music
    2008-01-26 15:11:16 0 d
    C:\Poker Tracker V2
    2008-01-26 15:09:43 0 d
    C:\ZyXEL Technology Corporation
    2008-01-23 21:25:07 0 d
    C:\Program Files\The Creative Assembly
    2008-01-23 21:20:26 0 d
    C:\Users\Michael\Bluetooth Software
    2008-01-23 21:19:40 0 dr
    C:\Users\Michael\Searches
    2008-01-23 21:19:30 0 dr
    C:\Users\Michael\Contacts
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Videos
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Templates
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Start Menu
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\SendTo
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Saved Games
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Recent
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\PrintHood
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Pictures
    2008-01-23 21:18:39 1310720 --ahs---- C:\Users\Michael\NTUSER.DAT
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\NetHood
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\My Documents
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Music
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Local Settings
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Links
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Favorites
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Downloads
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Documents
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Desktop
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Cookies
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Application Data
    2008-01-23 21:18:39 0 d--h
    C:\Users\Michael\AppData
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Templates
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Start Menu
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\SendTo
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Recent
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\PrintHood
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\NetHood
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\My Documents
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Local Settings
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Cookies
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Application Data
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Templates
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Start Menu
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Favorites
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Documents
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Desktop
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Application Data
    2008-01-22 19:35:58 0 d
    C:\Program Files\DellTPad
    2008-01-22 19:25:01 0 d
    C:\Windows\Users
    2008-01-22 19:20:41 0 d
    C:\doctemp
    2008-01-22 19:18:51 0 d
    C:\Windows\system32\oem
    2008-01-22 19:18:51 0 d
    C:\Drivers
    2008-01-22 19:18:51 0 d
    C:\DELL
    2008-01-22 12:21:12 0 d
    C:\Users\All Users\NVIDIA
    2008-01-22 12:15:33 0 d
    C:\Program Files\Microsoft Works
    2008-01-22 12:14:46 0 d
    C:\Users\All Users\SupportSoft
    2008-01-22 12:14:26 0 d
    C:\Program Files\Dell Support Center
    2008-01-22 12:13:40 0 d
    C:\Program Files\Common Files\supportsoft
    2008-01-22 12:12:18 143360 --a
    C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
    2008-01-22 12:11:27 0 d
    C:\Program Files\McAfee.com
    2008-01-22 12:11:26 0 d
    C:\Program Files\Common Files\McAfee
    2008-01-22 12:11:25 0 d
    C:\Program Files\McAfee
    2008-01-22 12:11:23 0 d
    C:\Users\All Users\McAfee
    2008-01-22 12:11:16 0 d
    C:\Users\All Users\Google
    2008-01-22 12:11:15 0 d
    C:\Program Files\Google
    2008-01-22 12:10:41 0 d
    C:\Users\All Users\Adobe
    2008-01-22 12:10:37 0 d
    C:\Program Files\Common Files\Adobe
    2008-01-22 12:09:45 0 d
    C:\Users\All Users\Dell
    2008-01-22 12:09:45 0 d
    C:\Users\All Users\CyberLink
    2008-01-22 12:09:35 44544 --a
    C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
    2008-01-22 12:09:24 0 d
    C:\Program Files\CyberLink
    2008-01-22 12:08:15 0 d
    C:\Users\All Users\Roxio
    2008-01-22 12:06:03 0 d
    C:\Program Files\Common Files\SureThing Shared
    2008-01-22 12:06:02 0 d
    C:\Users\All Users\InstallShield
    2008-01-22 12:06:01 0 d
    C:\Program Files\Roxio
    2008-01-22 12:05:51 0 d
    C:\Users\All Users\Sonic
    2008-01-22 12:05:45 0 d
    C:\Program Files\Common Files\Sonic Shared
    2008-01-22 12:05:05 0 d
    C:\Program Files\Common Files\Roxio Shared
    2008-01-22 12:03:52 229376 --a
    C:\Windows\system32\BtwRSupport.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 6.0.1.3100>
    2008-01-22 12:03:32 0 d
    C:\Windows\system32\es-MX
    2008-01-22 12:03:31 0 d
    C:\Windows\system32\es-AR
    2008-01-22 12:03:30 0 d
    C:\Program Files\WIDCOMM
    2008-01-22 12:02:59 76 -r-hs---- C:\Windows\CT4CET.bin
    2008-01-22 12:02:35 0 d
    C:\Documents and Settings
    2008-01-22 12:02:19 0 d
    C:\Program Files\Common Files\Reallusion
    2008-01-22 12:01:52 0 d
    C:\Program Files\Common Files\Creative
    2008-01-22 12:01:33 0 d
    C:\Program Files\Creative Live! Cam
    2008-01-22 12:00:56 0 d
    C:\Program Files\Creative
    2008-01-22 12:00:36 0 d
    C:\Program Files\Broadcom
    2008-01-22 12:00:31 0 d
    C:\Windows\Downloaded Installations
    2008-01-22 11:59:55 0 d
    C:\Program Files\Digital Line Detect
    2008-01-22 11:59:21 0 d
    C:\Program Files\NetWaiting
    2008-01-22 11:59:18 0 d
    C:\Program Files\Modem Diagnostic Tool
    2008-01-22 11:58:31 0 d
    C:\Program Files\Dell
    2008-01-22 11:56:54 0 d
    C:\Windows\java
    2008-01-22 11:56:54 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-01-22 11:56:52 0 d
    C:\Program Files\Common Files\InstallShield
    2008-01-22 11:56:44 0 d
    C:\Program Files\Java
    2008-01-22 11:56:44 0 d
    C:\Program Files\Common Files\Java
    2008-01-22 11:54:31 0 d--hs---- C:\Windows\Installer
    2008-01-22 11:53:23 0 d
    C:\Windows\system32\Macromed
    2008-01-22 11:43:34 12 --a
    C:\Windows\bthservsdp.dat
    2008-01-22 11:42:34 0 d
    C:\Windows\SoftwareDistribution
    2008-01-22 11:42:29 0 d
    C:\Program Files\CONEXANT
    2008-01-22 11:42:13 0 d
    C:\Program Files\Sigmatel
    2008-01-22 11:41:10 0 d--hs---- C:\System Volume Information


    -- Find3M Report

    2008-02-18 19:08:18 27525 --a
    C:\Users\Michael\AppData\Roaming\nvModes.001
    2008-02-05 01:02:41 27525 --a
    C:\Users\Michael\AppData\Roaming\nvModes.dat
    2008-02-04 16:57:30 6 --ahs---- C:\Users\Michael\AppData\Roaming\desktop.ini
    2008-02-02 01:32:54 0 d
    C:\Users\Michael\AppData\Roaming\Adobe
    2008-02-02 00:52:58 0 d
    C:\Users\Michael\AppData\Roaming\Macromedia
    2008-01-31 21:49:35 0 d
    C:\Users\Michael\AppData\Roaming\Apple Computer
    2008-01-31 21:45:29 0 d
    C:\Program Files\Common Files
    2008-01-31 18:31:05 0 d
    C:\Program Files\Windows Mail
    2008-01-31 18:31:02 0 d
    C:\Program Files\Windows Sidebar
    2008-01-30 18:45:53 0 d
    C:\Users\Michael\AppData\Roaming\Mozilla
    2008-01-30 17:02:21 0 d
    C:\Users\Michael\AppData\Roaming\Google
    2008-01-28 22:43:19 0 d
    C:\Users\Michael\AppData\Roaming\CyberLink
    2008-01-23 21:20:37 0 d
    C:\Users\Michael\AppData\Roaming\Roxio
    2008-01-23 21:19:32 0 d
    C:\Users\Michael\AppData\Roaming\Identities
    2008-01-22 19:30:59 0 d
    C:\Program Files\Windows Calendar
    2008-01-22 19:27:34 0 d
    C:\Program Files\Windows Defender
    2008-01-22 11:44:12 174 --ahs---- C:\Program Files\desktop.ini


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
    09/19/2007 06:15 AM 329032 --a
    C:\Program Files\McAfee\MSK\mcapbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/22/2008 07:27 PM]
    "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [09/24/2007 09:27 AM]
    "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [12/03/2007 05:58 AM]
    "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [09/07/2007 06:23 PM]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [09/25/2007 08:40 AM]
    "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [09/25/2007 08:40 AM]
    "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 11:37 AM]
    "@=" []
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 11:35 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 5:55:50 PM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/22/2008 12:00:19 PM]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [1/22/2008 11:59:17 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
    "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
    RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    "C:\Program Files\Dell\MediaDirect\PCMService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ
    WindowsMobile wcescomm rapimgr
    LocalServiceRestricted WcesComm RapiMgr


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-02-18 19:12:03


    The pop-up is gone, i presume i am good to go now?


  • #9
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Delete this file

    C:\tmp.bat


    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


    Also post a new DSS log and tell me how your PC is running


  • #10
    Chucky the tree
    Closed Accounts Posts: 19,341 ✭✭✭✭Chucky the tree


    ****,forgot too post the resuls last time. :o I'll do the malware bit now.


  • #11
    Chucky the tree
    Closed Accounts Posts: 19,341 ✭✭✭✭Chucky the tree


    Malwarebytes' Anti-Malware 1.03
    Database version: 374

    Scan type: Quick Scan
    Objects scanned: 24685
    Time elapsed: 3 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 6
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\msvidc32.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{2a4601bc-8376-422d-a2fc-ddf0a40570bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\msvidc32.Video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\msvidc32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    Do i just delete the C:/temp.bat file manually?


  • Advertisement
  • #12
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Yes just go ahead and delete it if it is there

    Then reboot and post a new DSS log and tell me how your PC is running


  • #13
    Chucky the tree
    Closed Accounts Posts: 19,341 ✭✭✭✭Chucky the tree


    Deckard's System Scanner v20071014.68
    Run by Michael on 2008-02-18 20:51:53
    Computer is in Normal Mode.



    -- HijackThis (run as Michael.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:52:10 PM, on 2/18/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Users\Michael\Desktop\dss.exe
    C:\Windows\system32\conime.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=0080122
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3816084373-2460499903-3959369377-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O23 - Service: McAfee Application Installer Cleanup (0211581203357112) (0211581203357112mcinstcleanup) - Unknown owner - C:\Windows\TEMP\021158~1.EXE (file missing)
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8543 bytes

    -- Files created between 2008-01-18 and 2008-02-18

    2008-02-18 20:07:06 0 d
    C:\Users\All Users\Malwarebytes
    2008-02-18 20:07:05 0 d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-02-18 18:21:41 0 d
    C:\Program Files\Trend Micro
    2008-02-18 17:37:23 0 d
    C:\Windows\system32\Kaspersky Lab
    2008-02-18 16:01:12 0 d
    C:\Users\All Users\Spybot - Search & Destroy
    2008-02-18 15:08:12 0 d
    C:\Program Files\Universal
    2008-02-15 20:19:27 0 d
    C:\Program Files\Soulseek
    2008-02-15 20:00:20 0 d
    C:\Program Files\DC++
    2008-02-11 01:30:54 0 d
    C:\Program Files\PokerEV
    2008-02-09 20:01:26 0 d
    C:\Live sets
    2008-02-04 22:06:41 0 d
    C:\Program Files\PokerStove
    2008-02-04 16:54:28 0 d
    C:\Program Files\PokerStars
    2008-02-02 01:32:13 1158 --a
    C:\Windows\mozver.dat
    2008-02-02 00:53:10 0 d
    C:\Windows\Sun
    2008-02-01 22:32:50 0 d-a
    C:\Users\All Users\TEMP
    2008-02-01 22:04:33 0 d
    C:\Program Files\Poker Grapher
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Templates
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Start Menu
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\SendTo
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Recent
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\PrintHood
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\NetHood
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\My Documents
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Local Settings
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Cookies
    2008-02-01 20:21:54 0 d--hs---- C:\Users\postgres\Application Data
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Videos
    2008-02-01 20:21:52 0 d
    C:\Users\postgres\Saved Games
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Pictures
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Music
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Links
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Favorites
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Downloads
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Documents
    2008-02-01 20:21:52 0 dr
    C:\Users\postgres\Desktop
    2008-02-01 20:21:52 0 d--h
    C:\Users\postgres\AppData
    2008-02-01 20:21:51 262144 --ahs---- C:\Users\postgres\NTUSER.DAT
    2008-02-01 20:20:29 0 d
    C:\Program Files\PostgreSQL
    2008-02-01 19:28:57 0 d
    C:\Program Files\PokerAce Hud
    2008-01-31 21:49:00 0 d
    C:\Program Files\iPod
    2008-01-31 21:48:58 0 d
    C:\Program Files\iTunes
    2008-01-31 21:48:10 0 d
    C:\Program Files\Bonjour
    2008-01-31 21:47:22 0 d
    C:\Program Files\QuickTime
    2008-01-31 21:47:21 0 d
    C:\Users\All Users\Apple Computer
    2008-01-31 21:46:44 0 d
    C:\Program Files\Apple Software Update
    2008-01-31 21:45:29 0 d
    C:\Program Files\Common Files\Apple
    2008-01-31 21:45:27 0 d
    C:\Users\All Users\Apple
    2008-01-30 22:57:40 0 d
    C:\Program Files\MSXML 4.0
    2008-01-30 19:08:44 0 d
    C:\Program Files\Poker Tracker V2
    2008-01-30 18:50:52 0 d
    C:\Windows\Internet Logs
    2008-01-30 18:45:55 0 --a
    C:\Windows\nsreg.dat
    2008-01-26 15:22:30 0 d
    C:\postgresql-8.2.1-1
    2008-01-26 15:15:55 0 d
    C:\Downloads
    2008-01-26 15:15:35 0 d
    C:\Betting Records
    2008-01-26 15:14:30 0 d
    C:\Poker
    2008-01-26 15:13:29 0 d
    C:\Music
    2008-01-26 15:11:16 0 d
    C:\Poker Tracker V2
    2008-01-26 15:09:43 0 d
    C:\ZyXEL Technology Corporation
    2008-01-23 21:25:07 0 d
    C:\Program Files\The Creative Assembly
    2008-01-23 21:20:26 0 d
    C:\Users\Michael\Bluetooth Software
    2008-01-23 21:19:40 0 dr
    C:\Users\Michael\Searches
    2008-01-23 21:19:30 0 dr
    C:\Users\Michael\Contacts
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Videos
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Templates
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Start Menu
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\SendTo
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Saved Games
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Recent
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\PrintHood
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Pictures
    2008-01-23 21:18:39 1310720 --ahs---- C:\Users\Michael\NTUSER.DAT
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\NetHood
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\My Documents
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Music
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Local Settings
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Links
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Favorites
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Downloads
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Documents
    2008-01-23 21:18:39 0 dr
    C:\Users\Michael\Desktop
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Cookies
    2008-01-23 21:18:39 0 d--hs---- C:\Users\Michael\Application Data
    2008-01-23 21:18:39 0 d--h
    C:\Users\Michael\AppData
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Templates
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Start Menu
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\SendTo
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Recent
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\PrintHood
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\NetHood
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\My Documents
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Local Settings
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Cookies
    2008-01-23 21:08:18 0 d--hs---- C:\Users\Default\Application Data
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Templates
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Start Menu
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Favorites
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Documents
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Desktop
    2008-01-23 21:08:18 0 d--hs---- C:\Users\All Users\Application Data
    2008-01-22 19:35:58 0 d
    C:\Program Files\DellTPad
    2008-01-22 19:25:01 0 d
    C:\Windows\Users
    2008-01-22 19:20:41 0 d
    C:\doctemp
    2008-01-22 19:18:51 0 d
    C:\Windows\system32\oem
    2008-01-22 19:18:51 0 d
    C:\Drivers
    2008-01-22 19:18:51 0 d
    C:\DELL
    2008-01-22 12:21:12 0 d
    C:\Users\All Users\NVIDIA
    2008-01-22 12:15:33 0 d
    C:\Program Files\Microsoft Works
    2008-01-22 12:14:46 0 d
    C:\Users\All Users\SupportSoft
    2008-01-22 12:14:26 0 d
    C:\Program Files\Dell Support Center
    2008-01-22 12:13:40 0 d
    C:\Program Files\Common Files\supportsoft
    2008-01-22 12:12:18 143360 --a
    C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
    2008-01-22 12:11:27 0 d
    C:\Program Files\McAfee.com
    2008-01-22 12:11:26 0 d
    C:\Program Files\Common Files\McAfee
    2008-01-22 12:11:25 0 d
    C:\Program Files\McAfee
    2008-01-22 12:11:23 0 d
    C:\Users\All Users\McAfee
    2008-01-22 12:11:16 0 d
    C:\Users\All Users\Google
    2008-01-22 12:11:15 0 d
    C:\Program Files\Google
    2008-01-22 12:10:41 0 d
    C:\Users\All Users\Adobe
    2008-01-22 12:10:37 0 d
    C:\Program Files\Common Files\Adobe
    2008-01-22 12:09:45 0 d
    C:\Users\All Users\Dell
    2008-01-22 12:09:45 0 d
    C:\Users\All Users\CyberLink
    2008-01-22 12:09:35 44544 --a
    C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
    2008-01-22 12:09:24 0 d
    C:\Program Files\CyberLink
    2008-01-22 12:08:15 0 d
    C:\Users\All Users\Roxio
    2008-01-22 12:06:03 0 d
    C:\Program Files\Common Files\SureThing Shared
    2008-01-22 12:06:02 0 d
    C:\Users\All Users\InstallShield
    2008-01-22 12:06:01 0 d
    C:\Program Files\Roxio
    2008-01-22 12:05:51 0 d
    C:\Users\All Users\Sonic
    2008-01-22 12:05:45 0 d
    C:\Program Files\Common Files\Sonic Shared
    2008-01-22 12:05:05 0 d
    C:\Program Files\Common Files\Roxio Shared
    2008-01-22 12:03:52 229376 --a
    C:\Windows\system32\BtwRSupport.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 6.0.1.3100>
    2008-01-22 12:03:32 0 d
    C:\Windows\system32\es-MX
    2008-01-22 12:03:31 0 d
    C:\Windows\system32\es-AR
    2008-01-22 12:03:30 0 d
    C:\Program Files\WIDCOMM
    2008-01-22 12:02:59 76 -r-hs---- C:\Windows\CT4CET.bin
    2008-01-22 12:02:35 0 d
    C:\Documents and Settings
    2008-01-22 12:02:19 0 d
    C:\Program Files\Common Files\Reallusion
    2008-01-22 12:01:52 0 d
    C:\Program Files\Common Files\Creative
    2008-01-22 12:01:33 0 d
    C:\Program Files\Creative Live! Cam
    2008-01-22 12:00:56 0 d
    C:\Program Files\Creative
    2008-01-22 12:00:36 0 d
    C:\Program Files\Broadcom
    2008-01-22 12:00:31 0 d
    C:\Windows\Downloaded Installations
    2008-01-22 11:59:55 0 d
    C:\Program Files\Digital Line Detect
    2008-01-22 11:59:21 0 d
    C:\Program Files\NetWaiting
    2008-01-22 11:59:18 0 d
    C:\Program Files\Modem Diagnostic Tool
    2008-01-22 11:58:31 0 d
    C:\Program Files\Dell
    2008-01-22 11:56:54 0 d
    C:\Windows\java
    2008-01-22 11:56:54 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-01-22 11:56:52 0 d
    C:\Program Files\Common Files\InstallShield
    2008-01-22 11:56:44 0 d
    C:\Program Files\Java
    2008-01-22 11:56:44 0 d
    C:\Program Files\Common Files\Java
    2008-01-22 11:54:31 0 d--hs---- C:\Windows\Installer
    2008-01-22 11:53:23 0 d
    C:\Windows\system32\Macromed
    2008-01-22 11:43:34 12 --a
    C:\Windows\bthservsdp.dat
    2008-01-22 11:42:34 0 d
    C:\Windows\SoftwareDistribution
    2008-01-22 11:42:29 0 d
    C:\Program Files\CONEXANT
    2008-01-22 11:42:13 0 d
    C:\Program Files\Sigmatel
    2008-01-22 11:41:10 0 d--hs---- C:\System Volume Information


    -- Find3M Report

    2008-02-18 20:50:58 27525 --a
    C:\Users\Michael\AppData\Roaming\nvModes.001
    2008-02-18 20:11:28 0 d
    C:\Program Files\Common Files
    2008-02-18 20:07:10 0 d
    C:\Users\Michael\AppData\Roaming\Malwarebytes
    2008-02-05 01:02:41 27525 --a
    C:\Users\Michael\AppData\Roaming\nvModes.dat
    2008-02-04 16:57:30 6 --ahs---- C:\Users\Michael\AppData\Roaming\desktop.ini
    2008-02-02 01:32:54 0 d
    C:\Users\Michael\AppData\Roaming\Adobe
    2008-02-02 00:52:58 0 d
    C:\Users\Michael\AppData\Roaming\Macromedia
    2008-01-31 21:49:35 0 d
    C:\Users\Michael\AppData\Roaming\Apple Computer
    2008-01-31 18:31:05 0 d
    C:\Program Files\Windows Mail
    2008-01-31 18:31:02 0 d
    C:\Program Files\Windows Sidebar
    2008-01-30 18:45:53 0 d
    C:\Users\Michael\AppData\Roaming\Mozilla
    2008-01-30 17:02:21 0 d
    C:\Users\Michael\AppData\Roaming\Google
    2008-01-28 22:43:19 0 d
    C:\Users\Michael\AppData\Roaming\CyberLink
    2008-01-23 21:20:37 0 d
    C:\Users\Michael\AppData\Roaming\Roxio
    2008-01-23 21:19:32 0 d
    C:\Users\Michael\AppData\Roaming\Identities
    2008-01-22 19:30:59 0 d
    C:\Program Files\Windows Calendar
    2008-01-22 19:27:34 0 d
    C:\Program Files\Windows Defender
    2008-01-22 11:44:12 174 --ahs---- C:\Program Files\desktop.ini


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
    09/19/2007 06:15 AM 329032 --a
    C:\Program Files\McAfee\MSK\mcapbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/22/2008 07:27 PM]
    "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [09/24/2007 09:27 AM]
    "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [12/03/2007 05:58 AM]
    "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [09/07/2007 06:23 PM]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [09/25/2007 08:40 AM]
    "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [09/25/2007 08:40 AM]
    "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 11:37 AM]
    "@=" []
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 11:35 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 5:55:50 PM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/22/2008 12:00:19 PM]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [1/22/2008 11:59:17 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
    "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
    RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    "C:\Program Files\Dell\MediaDirect\PCMService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ
    WindowsMobile wcescomm rapimgr
    LocalServiceRestricted WcesComm RapiMgr


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-02-18 20:52:54



    PC seems fine cant notice it running any slower then normal.


  • #14
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Few things to do
    • Make sure you have an Internet Connection.
    • Double-click OTMoveIt2.exe to run it.
    • Click on the CleanUp! button
    • A list of tool components used in the Cleanup of malware will be downloaded.
    • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
    • Click Yes to beging the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


    You now need to update your Java and remove your older versions.

    Please follow these steps to remove older version Java components.

    * Click Start > Control Panel.
    * Click Add/Remove Programs.
    * Check any item with Java Runtime Environment (JRE) in the name.
    * Click the Remove or Change/Remove button.

    Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
    here



    Below I have included a number of recommendations for how to protect your computer against malware infections.

    * Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

    * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
    SpywareBlaster protects against bad ActiveX
    IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
    Have a look at this tutorial for IE-Spyad here

    * SpywareGuard offers realtime protection from spyware installation attempts.

    Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
    Here

    Thank you for your patience, and performing all of the procedures requested.


  • #15
    Chucky the tree
    Closed Accounts Posts: 19,341 ✭✭✭✭Chucky the tree


    Fantasic stuff ASJ. I use spybot already and firefox already but i'll get on too the rest of the stuff now.


    Great job again, thanks.


Advertisement