Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Cannot get rid of Limewire

  • 09-03-2008 6:21pm
    #1
    Registered Users, Registered Users 2 Posts: 122 ✭✭


    I heard that Limewire is spyware, so I uninstalled it, yet somehow it is still in my system, because every so often this messsage pops up [IMG]http://[/img]3fcf0d9309.jpg

    I have done a lot of googling about this issue, and I have gone into the registry and there are no lime wire files in there and I have tried various spyware removal programmes, but still no joy. This is DOING MY HEAD IN!!!!!! Can anyone help!!!??? :confused:


    (For some reason the image wont show, here is a link http://www.freeimagehosting.net/image.php?3fcf0d9309.jpg )


Comments

  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Do this

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


  • Registered Users, Registered Users 2 Posts: 122 ✭✭Quarrybaby


    Thanks for the help, done the above


    main.txt reads

    Deckard's System Scanner v20071014.68
    Run by Lorraine on 2008-03-09 21:09:05
    Computer is in Normal Mode.

    -- Last 5 Restore Point(s) --
    5: 2008-03-09 12:47:01 UTC - RP54 - Installed Ad-Aware 2007
    4: 2008-03-09 12:16:51 UTC - RP53 - RESTORE POINT LIMEWIRE
    3: 2008-03-02 11:46:48 UTC - RP52 - Installed Microsoft Office Professional Edition 2003
    2: 2008-02-28 18:47:28 UTC - RP51 - Windows Update
    1: 2008-02-22 20:54:07 UTC - RP40 - Removed Microsoft Works


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Lorraine.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:12:48, on 09/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Kontiki\KService.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Lorraine\Desktop\dss.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Lorraine.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg1.mail.yahoo.com/dc/launch?.rand=d1v3tk30cpmr4
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=3080118
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 14352 bytes

    -- File Associations

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    All drivers whitelisted.


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

    S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


    -- Device Manager: Disabled

    No disabled devices found.


    -- Scheduled Tasks

    2008-01-18 00:38:29 348 --a
    C:\Windows\Tasks\McQcTask.job
    2008-01-18 00:38:29 356 --a
    C:\Windows\Tasks\McDefragTask.job


    -- Files created between 2008-02-09 and 2008-03-09

    2008-03-09 21:11:56 0 d
    C:\Program Files\Trend Micro
    2008-03-09 12:47:35 0 d
    C:\Program Files\Lavasoft
    2008-03-09 12:47:34 0 d
    C:\Users\All Users\Lavasoft
    2008-03-09 12:46:12 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-08 14:17:35 0 d
    C:\Users\All Users\Spybot - Search & Destroy
    2008-03-08 13:55:59 0 d
    C:\Program Files\Spyware Doctor
    2008-03-02 17:34:03 2560 --a
    C:\Windows\_MSRSTRT.EXE
    2008-03-02 11:50:07 0 d
    C:\Program Files\Microsoft ActiveSync
    2008-03-02 11:48:06 0 d
    C:\Windows\PCHEALTH
    2008-03-02 11:48:06 0 d
    C:\Program Files\Microsoft.NET
    2008-03-02 11:45:12 0 dr-h
    C:\MSOCache
    2008-02-28 22:18:03 0 d
    C:\Program Files\iPod
    2008-02-28 22:17:53 0 d
    C:\Program Files\iTunes
    2008-02-28 22:14:42 0 d
    C:\Program Files\LimeWire
    2008-02-23 10:28:44 0 d
    C:\Program Files\Conduit
    2008-02-23 10:28:43 0 d
    C:\Program Files\isoHunt
    2008-02-22 20:50:16 0 d
    C:\Program Files\Common Files\PX Storage Engine
    2008-02-22 20:50:03 0 d
    C:\Program Files\DivX
    2008-02-21 02:05:44 3596288 --a
    C:\Windows\system32\qt-dx331.dll
    2008-02-21 02:04:16 196608 --a
    C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-02-21 02:04:16 81920 --a
    C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-02-21 02:04:04 802816 --a
    C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-02-21 02:04:04 823296 --a
    C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:04:04 823296 --a
    C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:04:04 682496 --a
    C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:03:24 12288 --a
    C:\Windows\system32\DivXWMPExtType.dll
    2008-02-20 20:41:38 0 d
    C:\Users\All Users\Grisoft
    2008-02-20 20:41:38 0 d
    C:\Users\All Users\avg7
    2008-02-20 19:42:29 0 d
    C:\Program Files\Picasa2
    2008-02-20 19:41:58 0 d
    C:\Windows\system32\runtime
    2008-02-20 19:18:39 0 d-a
    C:\Users\All Users\TEMP
    2008-02-16 11:25:02 0 d
    C:\Program Files\GustoSoft
    2008-02-09 15:26:42 0 d
    C:\Users\All Users\Azureus
    2008-02-09 15:24:51 0 d
    C:\Program Files\Azureus
    2008-02-09 14:23:25 0 d
    C:\Users\All Users\AOL OCP
    2008-02-09 14:23:24 0 d
    C:\Users\All Users\AOL
    2008-02-09 14:22:15 0 d
    C:\Users\All Users\Viewpoint
    2008-02-09 14:22:13 0 d
    C:\Program Files\Viewpoint


    -- Find3M Report

    2008-03-09 21:13:14 0 d
    C:\Users\Lorraine\AppData\Roaming\Azureus
    2008-03-09 14:35:55 12 --a
    C:\Windows\bthservsdp.dat
    2008-03-09 12:46:12 0 d
    C:\Program Files\Common Files
    2008-03-09 10:52:54 0 d
    C:\Users\Lorraine\AppData\Roaming\AVG7
    2008-03-08 13:55:59 0 d
    C:\Users\Lorraine\AppData\Roaming\PC Tools
    2008-03-01 19:50:17 0 d
    C:\Users\Lorraine\AppData\Roaming\LimeWire
    2008-02-22 20:58:31 0 d
    C:\Program Files\Microsoft Works
    2008-02-22 20:51:54 0 d
    C:\Users\Lorraine\AppData\Roaming\DivX
    2008-02-21 22:43:30 0 d
    C:\Users\Lorraine\AppData\Roaming\Media Player Classic
    2008-02-20 20:09:00 0 d
    C:\Program Files\Google
    2008-02-20 20:02:16 0 d
    C:\Program Files\McAfee
    2008-02-19 19:00:58 0 d
    C:\Users\Lorraine\AppData\Roaming\Adobe
    2008-02-16 12:39:50 0 d
    C:\Users\Lorraine\AppData\Roaming\Template
    2008-02-16 12:39:24 0 --a
    C:\Users\Lorraine\AppData\Roaming\wklnhst.dat
    2008-02-16 12:01:58 0 d
    C:\Users\Lorraine\AppData\Roaming\Roxio
    2008-02-16 11:55:26 0 d
    C:\Program Files\Roxio
    2008-02-09 15:37:23 0 d
    C:\Users\Lorraine\AppData\Roaming\yahoo!
    2008-02-09 15:37:13 0 d
    C:\Program Files\Yahoo!
    2008-02-07 22:38:20 0 d
    C:\Users\Lorraine\AppData\Roaming\Apple Computer
    2008-02-07 22:36:41 0 d
    C:\Program Files\Bonjour
    2008-02-07 22:36:22 0 d
    C:\Program Files\QuickTime
    2008-02-07 22:35:12 0 d
    C:\Program Files\Apple Software Update
    2008-02-07 22:33:48 0 d
    C:\Program Files\Common Files\Apple
    2008-01-21 21:56:20 0 d
    C:\Users\Lorraine\AppData\Roaming\Google
    2008-01-21 21:33:39 0 d
    C:\Program Files\Kontiki
    2008-01-21 21:33:35 0 d
    C:\Program Files\Channel4
    2008-01-21 21:27:33 0 d
    C:\Users\Lorraine\AppData\Roaming\CyberLink
    2008-01-21 21:22:29 0 d
    C:\Users\Lorraine\AppData\Roaming\Creative
    2008-01-21 19:59:19 0 d
    C:\Program Files\Windows Mail
    2008-01-21 19:59:17 0 d
    C:\Program Files\Windows Sidebar
    2008-01-21 19:57:12 0 d
    C:\Program Files\Webshots
    2008-01-21 19:57:00 0 d
    C:\Users\Lorraine\AppData\Roaming\Webshots
    2008-01-21 19:49:42 0 d
    C:\Program Files\MSXML 4.0
    2008-01-21 19:22:52 0 d
    C:\Users\Lorraine\AppData\Roaming\Macromedia
    2008-01-21 19:17:47 0 d
    C:\Users\Lorraine\AppData\Roaming\Identities
    2008-01-18 07:56:32 0 d
    C:\Program Files\Synaptics
    2008-01-18 07:50:27 0 d
    C:\Program Files\Windows Calendar
    2008-01-18 07:46:10 0 d
    C:\Program Files\Windows Defender
    2008-01-18 00:36:47 0 d
    C:\Program Files\Dell
    2008-01-18 00:34:35 0 d
    C:\Program Files\CyberLink
    2008-01-18 00:33:19 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-01-18 00:32:51 0 d
    C:\Program Files\Dell Support Center
    2008-01-18 00:32:43 0 d
    C:\Program Files\Common Files\supportsoft
    2008-01-18 00:29:42 0 d
    C:\Program Files\Common Files\McAfee
    2008-01-18 00:29:32 0 d
    C:\Program Files\McAfee.com
    2008-01-18 00:28:45 0 d
    C:\Program Files\Common Files\Adobe
    2008-01-18 00:26:21 0 d
    C:\Program Files\Common Files\Sonic Shared
    2008-01-18 00:24:47 0 d
    C:\Program Files\Common Files\InstallShield
    2008-01-18 00:23:57 0 d
    C:\Program Files\Common Files\SureThing Shared
    2008-01-18 00:23:38 0 d
    C:\Program Files\Common Files\Roxio Shared
    2008-01-18 00:22:18 76 -r-hs---- C:\Windows\CT4CET.bin
    2008-01-18 00:22:01 0 d
    C:\Program Files\Creative
    2008-01-18 00:21:50 0 d
    C:\Program Files\Common Files\Reallusion
    2008-01-18 00:21:25 0 d
    C:\Program Files\Common Files\Creative
    2008-01-18 00:21:08 0 d
    C:\Program Files\Creative Live! Cam
    2008-01-18 00:20:25 0 d
    C:\Program Files\Broadcom
    2008-01-18 00:17:57 0 d
    C:\Program Files\Digital Line Detect
    2008-01-18 00:17:23 0 d
    C:\Program Files\NetWaiting
    2008-01-18 00:16:53 0 d
    C:\Program Files\Modem Diagnostic Tool
    2008-01-18 00:16:26 0 d
    C:\Program Files\Java
    2008-01-18 00:16:26 0 d
    C:\Program Files\Common Files\Java
    2008-01-18 00:04:29 174 --ahs---- C:\Program Files\desktop.ini
    2008-01-18 00:02:47 0 d
    C:\Program Files\CONEXANT
    2008-01-18 00:02:31 0 d
    C:\Program Files\Sigmatel


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
    01/10/2007 13:55 329024 --a
    C:\Program Files\McAfee\MSK\mcapbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [18/01/2008 07:46]
    "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 06:03]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/11/2006 19:06]
    "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [29/08/2007 05:54]
    "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [07/09/2007 18:23]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [26/09/2007 10:47]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [26/09/2007 10:47]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [26/09/2007 10:47]
    "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
    "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [18/01/2008 00:16]
    "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [27/07/2007 16:43]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37]
    "@=" []
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [18/01/2008 00:29]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [01/11/2007 15:39]
    "4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 23:13]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/02/2008 20:45]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [18/01/2008 00:29]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]

    C:\Users\Lorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [21/01/2008 19:57:01]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [18/01/2008 00:17:56]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [18/01/2008 00:20:20]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 20/02/2008 20:42 9216 C:\Windows\System32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ
    WindowsMobile wcescomm rapimgr
    LocalServiceRestricted WcesComm RapiMgr


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-03-09 21:14:37



    and extra.txt


    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft® Windows Vista™ Home Premium (build 6000)
    Architecture: X86; Language: English

    CPU 0: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
    Percentage of Memory in Use: 53%
    Physical Memory (total/avail): 2037.43 MiB / 938.13 MiB
    Pagefile Memory (total/avail): 4295.37 MiB / 2518.22 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1919.64 MiB

    C: is Fixed (NTFS) - 136.43 GiB total, 44.97 GiB free.
    D: is Fixed (NTFS) - 10 GiB total, 5.83 GiB free.
    E: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - ST9160821AS - 149.05 GiB - 4 partitions
    \PARTITION0 - Unknown - 117.63 MiB
    \PARTITION1 - Installable File System - 10 GiB - D:
    \PARTITION2 (bootable) - Installable File System - 136.43 GiB - C:
    \PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB



    -- Security Center

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FW: McAfee Personal Firewall v (McAfee)
    AV: AVG 7.5.518 v7.5.518 (Grisoft)
    AV: McAfee VirusScan v (McAfee) Outdated
    AS: McAfee VirusScan v (McAfee)
    AS: Spyware Doctor v5.5.0.204 (PC Tools)
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Lorraine\AppData\Roaming
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=LORRAINE-PC
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Lorraine
    LOCALAPPDATA=C:\Users\Lorraine\AppData\Local
    LOGONSERVER=\\LORRAINE-PC
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f0d
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
    RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\Lorraine\AppData\Local\Temp
    TMP=C:\Users\Lorraine\AppData\Local\Temp
    USERDOMAIN=Lorraine-PC
    USERNAME=Lorraine
    USERPROFILE=C:\Users\Lorraine
    windir=C:\Windows


    -- User Profiles

    Lorraine


    -- Add/Remove Programs

    --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
    4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
    Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
    Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
    Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
    Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
    Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
    Broadcom Management Programs --> MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
    Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
    Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
    Dell Getting Started Guide --> MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
    Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
    Dell Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
    Dell Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
    Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
    Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Laptop Integrated Webcam Driver (1.03.02.0719) --> C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
    Live! Cam Avatar Creator --> C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
    Live! Cam Avatar v1.0 --> C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
    McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
    MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
    Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
    OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
    Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
    QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
    QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
    Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
    Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
    Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
    Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
    Webshots Toolbar --> C:\Program Files\Webshots\ToolbarUninstall.exe
    Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
    Windows Mobile Device Center Driver Update --> MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}


    -- Application Event Log

    Event Record #/Type1348 / Success
    Event Submitted/Written: 03/09/2008 05:00:41 PM
    Event ID/Source: 5617 / WinMgmt
    Event Description:


    Event Record #/Type1347 / Success
    Event Submitted/Written: 03/09/2008 05:00:36 PM
    Event ID/Source: 5615 / WinMgmt
    Event Description:


    Event Record #/Type1338 / Success
    Event Submitted/Written: 03/09/2008 04:59:39 PM
    Event ID/Source: 902 / Software Licensing Service
    Event Description:
    The Software Licensing service has started.

    Event Record #/Type1329 / Warning
    Event Submitted/Written: 03/09/2008 04:58:31 PM
    Event ID/Source: 6000 / Wlclntfy
    Event Description:
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Event Record #/Type1326 / Warning
    Event Submitted/Written: 03/09/2008 04:58:30 PM
    Event ID/Source: 6000 / Wlclntfy
    Event Description:
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type16568 / Warning
    Event Submitted/Written: 03/09/2008 09:01:09 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Event Record #/Type16567 / Warning
    Event Submitted/Written: 03/09/2008 09:01:08 PM
    Event ID/Source: 4 / bcm4sbxp
    Event Description:
    Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

    Event Record #/Type16556 / Warning
    Event Submitted/Written: 03/09/2008 09:01:07 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CBF915BEB. The following error occurred:
    %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

    Event Record #/Type16550 / Warning
    Event Submitted/Written: 03/09/2008 06:56:34 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Event Record #/Type16549 / Warning
    Event Submitted/Written: 03/09/2008 06:35:50 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



    -- End of Deckard's System Scanner: finished at 2008-03-09 21:14:37


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      C:\Program Files\LimeWire
      C:\Users\Lorraine\AppData\Roaming\LimeWire
      
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      purity
      
    • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    You also have two anti-virus programs, AVG and McAfee, you need to remove one of these.

    Reboot and post a new DSS log after that


  • Registered Users, Registered Users 2 Posts: 122 ✭✭Quarrybaby


    Thanks a million, really appreciate this. Done the above, only one notepad window opened this time:


    Deckard's System Scanner v20071014.68
    Run by Lorraine on 2008-03-10 19:44:27
    Computer is in Normal Mode.



    -- HijackThis (run as Lorraine.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:45:11, on 10/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\helppane.exe
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG7\avgw.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Lorraine\Desktop\dss.exe
    \?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Lorraine.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg1.mail.yahoo.com/dc/launch?.rand=d1v3tk30cpmr4
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=3080118
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 14402 bytes

    -- Files created between 2008-02-10 and 2008-03-10

    2008-03-09 21:11:56 0 d
    C:\Program Files\Trend Micro
    2008-03-09 12:47:35 0 d
    C:\Program Files\Lavasoft
    2008-03-09 12:47:34 0 d
    C:\Users\All Users\Lavasoft
    2008-03-09 12:46:12 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-08 14:17:35 0 d
    C:\Users\All Users\Spybot - Search & Destroy
    2008-03-08 13:55:59 0 d
    C:\Program Files\Spyware Doctor
    2008-03-02 17:34:03 2560 --a
    C:\Windows\_MSRSTRT.EXE
    2008-03-02 11:50:07 0 d
    C:\Program Files\Microsoft ActiveSync
    2008-03-02 11:48:06 0 d
    C:\Windows\PCHEALTH
    2008-03-02 11:48:06 0 d
    C:\Program Files\Microsoft.NET
    2008-03-02 11:45:12 0 dr-h
    C:\MSOCache
    2008-02-28 22:18:03 0 d
    C:\Program Files\iPod
    2008-02-28 22:17:53 0 d
    C:\Program Files\iTunes
    2008-02-28 22:14:42 0 d
    C:\Program Files\LimeWire
    2008-02-23 10:28:44 0 d
    C:\Program Files\Conduit
    2008-02-23 10:28:43 0 d
    C:\Program Files\isoHunt
    2008-02-22 20:50:16 0 d
    C:\Program Files\Common Files\PX Storage Engine
    2008-02-22 20:50:03 0 d
    C:\Program Files\DivX
    2008-02-21 02:05:44 3596288 --a
    C:\Windows\system32\qt-dx331.dll
    2008-02-21 02:04:16 196608 --a
    C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-02-21 02:04:16 81920 --a
    C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-02-21 02:04:04 802816 --a
    C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-02-21 02:04:04 823296 --a
    C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:04:04 823296 --a
    C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:04:04 682496 --a
    C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:03:24 12288 --a
    C:\Windows\system32\DivXWMPExtType.dll
    2008-02-20 20:41:38 0 d
    C:\Users\All Users\Grisoft
    2008-02-20 20:41:38 0 d
    C:\Users\All Users\avg7
    2008-02-20 19:42:29 0 d
    C:\Program Files\Picasa2
    2008-02-20 19:41:58 0 d
    C:\Windows\system32\runtime
    2008-02-20 19:18:39 0 d-a
    C:\Users\All Users\TEMP
    2008-02-16 11:25:02 0 d
    C:\Program Files\GustoSoft


    -- Find3M Report

    2008-03-10 19:41:05 0 d
    C:\Users\Lorraine\AppData\Roaming\AVG7
    2008-03-10 19:37:56 12 --a
    C:\Windows\bthservsdp.dat
    2008-03-10 19:37:13 0 d
    C:\Users\Lorraine\AppData\Roaming\Azureus
    2008-03-09 12:46:12 0 d
    C:\Program Files\Common Files
    2008-03-08 13:55:59 0 d
    C:\Users\Lorraine\AppData\Roaming\PC Tools
    2008-02-22 20:58:31 0 d
    C:\Program Files\Microsoft Works
    2008-02-22 20:51:54 0 d
    C:\Users\Lorraine\AppData\Roaming\DivX
    2008-02-21 22:43:30 0 d
    C:\Users\Lorraine\AppData\Roaming\Media Player Classic
    2008-02-20 20:09:00 0 d
    C:\Program Files\Google
    2008-02-20 20:02:16 0 d
    C:\Program Files\McAfee
    2008-02-19 19:00:58 0 d
    C:\Users\Lorraine\AppData\Roaming\Adobe
    2008-02-16 12:39:50 0 d
    C:\Users\Lorraine\AppData\Roaming\Template
    2008-02-16 12:39:24 0 --a
    C:\Users\Lorraine\AppData\Roaming\wklnhst.dat
    2008-02-16 12:01:58 0 d
    C:\Users\Lorraine\AppData\Roaming\Roxio
    2008-02-16 11:55:26 0 d
    C:\Program Files\Roxio
    2008-02-09 15:37:23 0 d
    C:\Users\Lorraine\AppData\Roaming\yahoo!
    2008-02-09 15:37:13 0 d
    C:\Program Files\Yahoo!
    2008-02-09 15:25:08 0 d
    C:\Program Files\Azureus
    2008-02-09 14:22:15 0 d
    C:\Program Files\Viewpoint
    2008-02-07 22:38:20 0 d
    C:\Users\Lorraine\AppData\Roaming\Apple Computer
    2008-02-07 22:36:41 0 d
    C:\Program Files\Bonjour
    2008-02-07 22:36:22 0 d
    C:\Program Files\QuickTime
    2008-02-07 22:35:12 0 d
    C:\Program Files\Apple Software Update
    2008-02-07 22:33:48 0 d
    C:\Program Files\Common Files\Apple
    2008-01-21 21:56:20 0 d
    C:\Users\Lorraine\AppData\Roaming\Google
    2008-01-21 21:33:39 0 d
    C:\Program Files\Kontiki
    2008-01-21 21:33:35 0 d
    C:\Program Files\Channel4
    2008-01-21 21:27:33 0 d
    C:\Users\Lorraine\AppData\Roaming\CyberLink
    2008-01-21 21:22:29 0 d
    C:\Users\Lorraine\AppData\Roaming\Creative
    2008-01-21 19:59:19 0 d
    C:\Program Files\Windows Mail
    2008-01-21 19:59:17 0 d
    C:\Program Files\Windows Sidebar
    2008-01-21 19:57:12 0 d
    C:\Program Files\Webshots
    2008-01-21 19:57:00 0 d
    C:\Users\Lorraine\AppData\Roaming\Webshots
    2008-01-21 19:49:42 0 d
    C:\Program Files\MSXML 4.0
    2008-01-21 19:22:52 0 d
    C:\Users\Lorraine\AppData\Roaming\Macromedia
    2008-01-21 19:17:47 0 d
    C:\Users\Lorraine\AppData\Roaming\Identities
    2008-01-18 07:56:32 0 d
    C:\Program Files\Synaptics
    2008-01-18 07:50:27 0 d
    C:\Program Files\Windows Calendar
    2008-01-18 07:46:10 0 d
    C:\Program Files\Windows Defender
    2008-01-18 00:36:47 0 d
    C:\Program Files\Dell
    2008-01-18 00:34:35 0 d
    C:\Program Files\CyberLink
    2008-01-18 00:33:19 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-01-18 00:32:51 0 d
    C:\Program Files\Dell Support Center
    2008-01-18 00:32:43 0 d
    C:\Program Files\Common Files\supportsoft
    2008-01-18 00:29:42 0 d
    C:\Program Files\Common Files\McAfee
    2008-01-18 00:29:32 0 d
    C:\Program Files\McAfee.com
    2008-01-18 00:28:45 0 d
    C:\Program Files\Common Files\Adobe
    2008-01-18 00:26:21 0 d
    C:\Program Files\Common Files\Sonic Shared
    2008-01-18 00:24:47 0 d
    C:\Program Files\Common Files\InstallShield
    2008-01-18 00:23:57 0 d
    C:\Program Files\Common Files\SureThing Shared
    2008-01-18 00:23:38 0 d
    C:\Program Files\Common Files\Roxio Shared
    2008-01-18 00:22:18 76 -r-hs---- C:\Windows\CT4CET.bin
    2008-01-18 00:22:01 0 d
    C:\Program Files\Creative
    2008-01-18 00:21:50 0 d
    C:\Program Files\Common Files\Reallusion
    2008-01-18 00:21:25 0 d
    C:\Program Files\Common Files\Creative
    2008-01-18 00:21:08 0 d
    C:\Program Files\Creative Live! Cam
    2008-01-18 00:20:25 0 d
    C:\Program Files\Broadcom
    2008-01-18 00:17:57 0 d
    C:\Program Files\Digital Line Detect
    2008-01-18 00:17:23 0 d
    C:\Program Files\NetWaiting
    2008-01-18 00:16:53 0 d
    C:\Program Files\Modem Diagnostic Tool
    2008-01-18 00:16:26 0 d
    C:\Program Files\Java
    2008-01-18 00:16:26 0 d
    C:\Program Files\Common Files\Java
    2008-01-18 00:04:29 174 --ahs---- C:\Program Files\desktop.ini
    2008-01-18 00:02:47 0 d
    C:\Program Files\CONEXANT
    2008-01-18 00:02:31 0 d
    C:\Program Files\Sigmatel


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
    01/10/2007 13:55 329024 --a
    C:\Program Files\McAfee\MSK\mcapbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [18/01/2008 07:46]
    "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 06:03]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/11/2006 19:06]
    "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [29/08/2007 05:54]
    "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [07/09/2007 18:23]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [26/09/2007 10:47]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [26/09/2007 10:47]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [26/09/2007 10:47]
    "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
    "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [18/01/2008 00:16]
    "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [27/07/2007 16:43]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37]
    "@=" []
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [18/01/2008 00:29]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [01/11/2007 15:39]
    "4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 23:13]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/02/2008 20:45]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [18/01/2008 00:29]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]

    C:\Users\Lorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [21/01/2008 19:57:01]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [18/01/2008 00:17:56]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [18/01/2008 00:20:20]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 20/02/2008 20:42 9216 C:\Windows\System32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ
    WindowsMobile wcescomm rapimgr
    LocalServiceRestricted WcesComm RapiMgr


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-03-10 19:46:52


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Please run the OTMoveIt2 by OldTimer again.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      C:\Program Files\LimeWire
      
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      purity
      
    • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



    Download RegSearch to your desktop

    http://www.xs4all.nl/~fstaal01/regsearch-us.html

    Unzip it to it's own folder and run it. Under the box that has "Enter search strings(case independent) and click ok", put LimeWire in there. Click ok and let it run. It will produce a log for you, paste that here with a new DSS log


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 122 ✭✭Quarrybaby


    copied from move it


    Folder move failed. C:\Program Files\LimeWire\lib scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\LimeWire scheduled to be moved on reboot.
    [Custom Input]
    < purity >

    OTMoveIt2 v1.0.21 log created on 03102008_215410


    rebooting now...



    Windows Registry Editor Version 5.00

    ; Registry Search 2.0 by Bobbi Flekman © 2005
    ; Version: 2.0.5.0

    ; Results at 10/03/2008 22:11:59 for strings:
    ; 'limewire'
    ; Strings excluded from search:
    ; (None)
    ; Search in:
    ; Registry Keys Registry Values Registry Data
    ; HKEY_LOCAL_MACHINE HKEY_USERS


    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{56AA388E-050A-4223-B216-FD9F2E049E12}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\\Program Files\\LimeWire\\LimeWire.exe|Name=LimeWire|Edge=FALSE|"
    "{3B2BE5E6-E7C6-42D1-83BE-5CDBAA0021D7}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\\Program Files\\LimeWire\\LimeWire.exe|Name=LimeWire|Edge=FALSE|"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{56AA388E-050A-4223-B216-FD9F2E049E12}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\\Program Files\\LimeWire\\LimeWire.exe|Name=LimeWire|Edge=FALSE|"
    "{3B2BE5E6-E7C6-42D1-83BE-5CDBAA0021D7}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\\Program Files\\LimeWire\\LimeWire.exe|Name=LimeWire|Edge=FALSE|"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{56AA388E-050A-4223-B216-FD9F2E049E12}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\\Program Files\\LimeWire\\LimeWire.exe|Name=LimeWire|Edge=FALSE|"
    "{3B2BE5E6-E7C6-42D1-83BE-5CDBAA0021D7}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\\Program Files\\LimeWire\\LimeWire.exe|Name=LimeWire|Edge=FALSE|"

    [HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire]

    [HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire]
    @=&quot;LimeWire"
    "DefaultIcon"="\"C:\\Program Files\\LimeWire\\LimeWire.exe\",0"
    "Description"="LimeWire"
    "ShellExecute"="\"C:\\Program Files\\LimeWire\\LimeWire.exe\" \"%URL\""

    [HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire\Type]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b852404d_0]
    @=&quot;{0.0.0.00000000}.{7c639760-17b5-47b4-88e9-22d7490e36e4}|\\Device\\HarddiskVolume3\\Program Files\\LimeWire\\LimeWire.exe%b{00000000-0000-0000-0000-000000000000}"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d630d90a_0]
    @=&quot;{0.0.0.00000000}.{4a595190-5741-4a77-bc5f-0d4e20a3f206}|\\Device\\HarddiskVolume3\\Program Files\\LimeWire\\LimeWire.exe%b{00000000-0000-0000-0000-000000000000}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
    "C:\\Users\\Lorraine\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\6O08F2DN\\LimeWireWin[1].exe"=dword:00000001
    "C:\\Users\\Lorraine\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RT55HZM4\\LimeWireWin[1].exe"=dword:00000001

    [HKEY_CURRENT_USER\Software\Classes\.torrent]
    @=&quot;LimeWire"

    [HKEY_CURRENT_USER\Software\Classes\LimeWire]

    [HKEY_CURRENT_USER\Software\Classes\LimeWire]
    @=&quot;LimeWire Torrent"

    [HKEY_CURRENT_USER\Software\Classes\LimeWire\DefaultIcon]

    [HKEY_CURRENT_USER\Software\Classes\LimeWire\DefaultIcon]
    @=&quot;C:\\Program Files\\LimeWire\\LimeWire.exe,1"

    [HKEY_CURRENT_USER\Software\Classes\LimeWire\shell]

    [HKEY_CURRENT_USER\Software\Classes\LimeWire\shell\open]

    [HKEY_CURRENT_USER\Software\Classes\LimeWire\shell\open\command]

    [HKEY_CURRENT_USER\Software\Classes\LimeWire\shell\open\command]
    @=&quot;\"C:\\Program Files\\LimeWire\\LimeWire.exe\" \"%1\""

    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="LimeWire"

    [HKEY_CURRENT_USER\Software\Classes\magnet\DefaultIcon]
    @=&quot;\"C:\\Program Files\\LimeWire\\LimeWire.exe\",0"

    [HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command]
    @=&quot;\"C:\\Program Files\\LimeWire\\LimeWire.exe\" \"%1\""

    ; End Of The Log...


    dss txt


    Deckard's System Scanner v20071014.68
    Run by Lorraine on 2008-03-10 22:16:21
    Computer is in Normal Mode.



    -- HijackThis (run as Lorraine.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:16:48, on 10/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\ehome\ehmsas.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Kontiki\KService.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Users\Lorraine\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Lorraine.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg1.mail.yahoo.com/dc/launch?.rand=d1v3tk30cpmr4
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=3080118
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 14340 bytes

    -- Files created between 2008-02-10 and 2008-03-10

    2008-03-09 21:11:56 0 d
    C:\Program Files\Trend Micro
    2008-03-09 12:47:35 0 d
    C:\Program Files\Lavasoft
    2008-03-09 12:47:34 0 d
    C:\Users\All Users\Lavasoft
    2008-03-09 12:46:12 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-08 14:17:35 0 d
    C:\Users\All Users\Spybot - Search & Destroy
    2008-03-08 13:55:59 0 d
    C:\Program Files\Spyware Doctor
    2008-03-02 17:34:03 2560 --a
    C:\Windows\_MSRSTRT.EXE
    2008-03-02 11:50:07 0 d
    C:\Program Files\Microsoft ActiveSync
    2008-03-02 11:48:06 0 d
    C:\Windows\PCHEALTH
    2008-03-02 11:48:06 0 d
    C:\Program Files\Microsoft.NET
    2008-03-02 11:45:12 0 dr-h
    C:\MSOCache
    2008-02-28 22:18:03 0 d
    C:\Program Files\iPod
    2008-02-28 22:17:53 0 d
    C:\Program Files\iTunes
    2008-02-28 22:14:42 0 d
    C:\Program Files\LimeWire
    2008-02-23 10:28:44 0 d
    C:\Program Files\Conduit
    2008-02-23 10:28:43 0 d
    C:\Program Files\isoHunt
    2008-02-22 20:50:16 0 d
    C:\Program Files\Common Files\PX Storage Engine
    2008-02-22 20:50:03 0 d
    C:\Program Files\DivX
    2008-02-21 02:05:44 3596288 --a
    C:\Windows\system32\qt-dx331.dll
    2008-02-21 02:04:16 196608 --a
    C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-02-21 02:04:16 81920 --a
    C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-02-21 02:04:04 802816 --a
    C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-02-21 02:04:04 823296 --a
    C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:04:04 823296 --a
    C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:04:04 682496 --a
    C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:03:24 12288 --a
    C:\Windows\system32\DivXWMPExtType.dll
    2008-02-20 20:41:38 0 d
    C:\Users\All Users\Grisoft
    2008-02-20 20:41:38 0 d
    C:\Users\All Users\avg7
    2008-02-20 19:42:29 0 d
    C:\Program Files\Picasa2
    2008-02-20 19:41:58 0 d
    C:\Windows\system32\runtime
    2008-02-20 19:18:39 0 d-a
    C:\Users\All Users\TEMP
    2008-02-16 11:25:02 0 d
    C:\Program Files\GustoSoft


    -- Find3M Report

    2008-03-10 21:56:39 12 --a
    C:\Windows\bthservsdp.dat
    2008-03-10 19:41:05 0 d
    C:\Users\Lorraine\AppData\Roaming\AVG7
    2008-03-10 19:37:13 0 d
    C:\Users\Lorraine\AppData\Roaming\Azureus
    2008-03-09 12:46:12 0 d
    C:\Program Files\Common Files
    2008-03-08 13:55:59 0 d
    C:\Users\Lorraine\AppData\Roaming\PC Tools
    2008-02-22 20:58:31 0 d
    C:\Program Files\Microsoft Works
    2008-02-22 20:51:54 0 d
    C:\Users\Lorraine\AppData\Roaming\DivX
    2008-02-21 22:43:30 0 d
    C:\Users\Lorraine\AppData\Roaming\Media Player Classic
    2008-02-20 20:09:00 0 d
    C:\Program Files\Google
    2008-02-20 20:02:16 0 d
    C:\Program Files\McAfee
    2008-02-19 19:00:58 0 d
    C:\Users\Lorraine\AppData\Roaming\Adobe
    2008-02-16 12:39:50 0 d
    C:\Users\Lorraine\AppData\Roaming\Template
    2008-02-16 12:39:24 0 --a
    C:\Users\Lorraine\AppData\Roaming\wklnhst.dat
    2008-02-16 12:01:58 0 d
    C:\Users\Lorraine\AppData\Roaming\Roxio
    2008-02-16 11:55:26 0 d
    C:\Program Files\Roxio
    2008-02-09 15:37:23 0 d
    C:\Users\Lorraine\AppData\Roaming\yahoo!
    2008-02-09 15:37:13 0 d
    C:\Program Files\Yahoo!
    2008-02-09 15:25:08 0 d
    C:\Program Files\Azureus
    2008-02-09 14:22:15 0 d
    C:\Program Files\Viewpoint
    2008-02-07 22:38:20 0 d
    C:\Users\Lorraine\AppData\Roaming\Apple Computer
    2008-02-07 22:36:41 0 d
    C:\Program Files\Bonjour
    2008-02-07 22:36:22 0 d
    C:\Program Files\QuickTime
    2008-02-07 22:35:12 0 d
    C:\Program Files\Apple Software Update
    2008-02-07 22:33:48 0 d
    C:\Program Files\Common Files\Apple
    2008-01-21 21:56:20 0 d
    C:\Users\Lorraine\AppData\Roaming\Google
    2008-01-21 21:33:39 0 d
    C:\Program Files\Kontiki
    2008-01-21 21:33:35 0 d
    C:\Program Files\Channel4
    2008-01-21 21:27:33 0 d
    C:\Users\Lorraine\AppData\Roaming\CyberLink
    2008-01-21 21:22:29 0 d
    C:\Users\Lorraine\AppData\Roaming\Creative
    2008-01-21 19:59:19 0 d
    C:\Program Files\Windows Mail
    2008-01-21 19:59:17 0 d
    C:\Program Files\Windows Sidebar
    2008-01-21 19:57:12 0 d
    C:\Program Files\Webshots
    2008-01-21 19:57:00 0 d
    C:\Users\Lorraine\AppData\Roaming\Webshots
    2008-01-21 19:49:42 0 d
    C:\Program Files\MSXML 4.0
    2008-01-21 19:22:52 0 d
    C:\Users\Lorraine\AppData\Roaming\Macromedia
    2008-01-21 19:17:47 0 d
    C:\Users\Lorraine\AppData\Roaming\Identities
    2008-01-18 07:56:32 0 d
    C:\Program Files\Synaptics
    2008-01-18 07:50:27 0 d
    C:\Program Files\Windows Calendar
    2008-01-18 07:46:10 0 d
    C:\Program Files\Windows Defender
    2008-01-18 00:36:47 0 d
    C:\Program Files\Dell
    2008-01-18 00:34:35 0 d
    C:\Program Files\CyberLink
    2008-01-18 00:33:19 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-01-18 00:32:51 0 d
    C:\Program Files\Dell Support Center
    2008-01-18 00:32:43 0 d
    C:\Program Files\Common Files\supportsoft
    2008-01-18 00:29:42 0 d
    C:\Program Files\Common Files\McAfee
    2008-01-18 00:29:32 0 d
    C:\Program Files\McAfee.com
    2008-01-18 00:28:45 0 d
    C:\Program Files\Common Files\Adobe
    2008-01-18 00:26:21 0 d
    C:\Program Files\Common Files\Sonic Shared
    2008-01-18 00:24:47 0 d
    C:\Program Files\Common Files\InstallShield
    2008-01-18 00:23:57 0 d
    C:\Program Files\Common Files\SureThing Shared
    2008-01-18 00:23:38 0 d
    C:\Program Files\Common Files\Roxio Shared
    2008-01-18 00:22:18 76 -r-hs---- C:\Windows\CT4CET.bin
    2008-01-18 00:22:01 0 d
    C:\Program Files\Creative
    2008-01-18 00:21:50 0 d
    C:\Program Files\Common Files\Reallusion
    2008-01-18 00:21:25 0 d
    C:\Program Files\Common Files\Creative
    2008-01-18 00:21:08 0 d
    C:\Program Files\Creative Live! Cam
    2008-01-18 00:20:25 0 d
    C:\Program Files\Broadcom
    2008-01-18 00:17:57 0 d
    C:\Program Files\Digital Line Detect
    2008-01-18 00:17:23 0 d
    C:\Program Files\NetWaiting
    2008-01-18 00:16:53 0 d
    C:\Program Files\Modem Diagnostic Tool
    2008-01-18 00:16:26 0 d
    C:\Program Files\Java
    2008-01-18 00:16:26 0 d
    C:\Program Files\Common Files\Java
    2008-01-18 00:04:29 174 --ahs---- C:\Program Files\desktop.ini
    2008-01-18 00:02:47 0 d
    C:\Program Files\CONEXANT
    2008-01-18 00:02:31 0 d
    C:\Program Files\Sigmatel


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
    01/10/2007 13:55 329024 --a
    C:\Program Files\McAfee\MSK\mcapbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [18/01/2008 07:46]
    "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 06:03]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/11/2006 19:06]
    "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [29/08/2007 05:54]
    "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [07/09/2007 18:23]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [26/09/2007 10:47]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [26/09/2007 10:47]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [26/09/2007 10:47]
    "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
    "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [18/01/2008 00:16]
    "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [27/07/2007 16:43]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37]
    "@=" []
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [18/01/2008 00:29]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [01/11/2007 15:39]
    "4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 23:13]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/02/2008 20:45]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [18/01/2008 00:29]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]

    C:\Users\Lorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [21/01/2008 19:57:01]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [18/01/2008 00:17:56]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [18/01/2008 00:20:20]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 20/02/2008 20:42 9216 C:\Windows\System32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ
    WindowsMobile wcescomm rapimgr
    LocalServiceRestricted WcesComm RapiMgr


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-03-10 22:18:14


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Backup Your Registry with ERUNT
    • Please use the following link and scroll down to ERUNT and download it.
      http://aumha.org/freeware/freeware.php
    • For version with the Installer:
      Use the setup program to install ERUNT on your computer
    • For the zipped version:
      Unzip all the files into a folder of your choice.
    Click Erunt.exe to backup your registry to the folder of your choice.

    Note: to restore your registry, go to the folder and start ERDNT.exe



    Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.
    Windows Registry Editor Version 5.00
    
    [-HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire]
    
    [HKEY_CURRENT_USER\Software\Classes\.torrent]
    "@"=-
    
    [-HKEY_CURRENT_USER\Software\Classes\LimeWire]
    
    [HKEY_CURRENT_USER\Software\Classes\magnet\DefaultIcon]
    "@"=-
    
    [HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command]
    "@"=-
    


    Then double click on the fix.reg file, when it prompts to merge click "Yes".



    Then do the OTMoveIt step again and post a new DSS log


  • Registered Users, Registered Users 2 Posts: 122 ✭✭Quarrybaby


    Move it log:

    Folder move failed. C:\Program Files\LimeWire\lib scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\LimeWire scheduled to be moved on reboot.
    File/Folder C:\Users\Lorraine\AppData\Roaming\LimeWire not found.
    [Custom Input]
    < purity >

    OTMoveIt2 v1.0.21 log created on 03112008_203304



    rebooting ....


  • Registered Users, Registered Users 2 Posts: 122 ✭✭Quarrybaby


    Deckard's System Scanner v20071014.68
    Run by Lorraine on 2008-03-11 21:58:48
    Computer is in Normal Mode.



    -- HijackThis (run as Lorraine.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:58:53, on 11/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Kontiki\KService.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Lorraine\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Lorraine.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg1.mail.yahoo.com/dc/launch?.rand=d1v3tk30cpmr4
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=3080118
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 14457 bytes

    -- Files created between 2008-02-11 and 2008-03-11

    2008-03-09 21:11:56 0 d
    C:\Program Files\Trend Micro
    2008-03-09 12:47:35 0 d
    C:\Program Files\Lavasoft
    2008-03-09 12:47:34 0 d
    C:\Users\All Users\Lavasoft
    2008-03-09 12:46:12 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-08 14:17:35 0 d
    C:\Users\All Users\Spybot - Search & Destroy
    2008-03-08 13:55:59 0 d
    C:\Program Files\Spyware Doctor
    2008-03-02 17:34:03 2560 --a
    C:\Windows\_MSRSTRT.EXE
    2008-03-02 11:50:07 0 d
    C:\Program Files\Microsoft ActiveSync
    2008-03-02 11:48:06 0 d
    C:\Windows\PCHEALTH
    2008-03-02 11:48:06 0 d
    C:\Program Files\Microsoft.NET
    2008-03-02 11:45:12 0 dr-h
    C:\MSOCache
    2008-02-28 22:18:03 0 d
    C:\Program Files\iPod
    2008-02-28 22:17:53 0 d
    C:\Program Files\iTunes
    2008-02-28 22:14:42 0 d
    C:\Program Files\LimeWire
    2008-02-23 10:28:44 0 d
    C:\Program Files\Conduit
    2008-02-23 10:28:43 0 d
    C:\Program Files\isoHunt
    2008-02-22 20:50:16 0 d
    C:\Program Files\Common Files\PX Storage Engine
    2008-02-22 20:50:03 0 d
    C:\Program Files\DivX
    2008-02-21 02:05:44 3596288 --a
    C:\Windows\system32\qt-dx331.dll
    2008-02-21 02:04:16 196608 --a
    C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-02-21 02:04:16 81920 --a
    C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-02-21 02:04:04 802816 --a
    C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-02-21 02:04:04 823296 --a
    C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:04:04 823296 --a
    C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:04:04 682496 --a
    C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:03:24 12288 --a
    C:\Windows\system32\DivXWMPExtType.dll
    2008-02-20 20:41:38 0 d
    C:\Users\All Users\Grisoft
    2008-02-20 20:41:38 0 d
    C:\Users\All Users\avg7
    2008-02-20 19:42:29 0 d
    C:\Program Files\Picasa2
    2008-02-20 19:41:58 0 d
    C:\Windows\system32\runtime
    2008-02-20 19:18:39 0 d-a
    C:\Users\All Users\TEMP
    2008-02-16 11:25:02 0 d
    C:\Program Files\GustoSoft


    -- Find3M Report

    2008-03-11 21:34:06 0 d
    C:\Users\Lorraine\AppData\Roaming\AVG7
    2008-03-11 21:31:24 12 --a
    C:\Windows\bthservsdp.dat
    2008-03-10 19:37:13 0 d
    C:\Users\Lorraine\AppData\Roaming\Azureus
    2008-03-09 12:46:12 0 d
    C:\Program Files\Common Files
    2008-03-08 13:55:59 0 d
    C:\Users\Lorraine\AppData\Roaming\PC Tools
    2008-02-22 20:58:31 0 d
    C:\Program Files\Microsoft Works
    2008-02-22 20:51:54 0 d
    C:\Users\Lorraine\AppData\Roaming\DivX
    2008-02-21 22:43:30 0 d
    C:\Users\Lorraine\AppData\Roaming\Media Player Classic
    2008-02-20 20:09:00 0 d
    C:\Program Files\Google
    2008-02-20 20:02:16 0 d
    C:\Program Files\McAfee
    2008-02-19 19:00:58 0 d
    C:\Users\Lorraine\AppData\Roaming\Adobe
    2008-02-16 12:39:50 0 d
    C:\Users\Lorraine\AppData\Roaming\Template
    2008-02-16 12:39:24 0 --a
    C:\Users\Lorraine\AppData\Roaming\wklnhst.dat
    2008-02-16 12:01:58 0 d
    C:\Users\Lorraine\AppData\Roaming\Roxio
    2008-02-16 11:55:26 0 d
    C:\Program Files\Roxio
    2008-02-09 15:37:23 0 d
    C:\Users\Lorraine\AppData\Roaming\yahoo!
    2008-02-09 15:37:13 0 d
    C:\Program Files\Yahoo!
    2008-02-09 15:25:08 0 d
    C:\Program Files\Azureus
    2008-02-09 14:22:15 0 d
    C:\Program Files\Viewpoint
    2008-02-07 22:38:20 0 d
    C:\Users\Lorraine\AppData\Roaming\Apple Computer
    2008-02-07 22:36:41 0 d
    C:\Program Files\Bonjour
    2008-02-07 22:36:22 0 d
    C:\Program Files\QuickTime
    2008-02-07 22:35:12 0 d
    C:\Program Files\Apple Software Update
    2008-02-07 22:33:48 0 d
    C:\Program Files\Common Files\Apple
    2008-01-21 21:56:20 0 d
    C:\Users\Lorraine\AppData\Roaming\Google
    2008-01-21 21:33:39 0 d
    C:\Program Files\Kontiki
    2008-01-21 21:33:35 0 d
    C:\Program Files\Channel4
    2008-01-21 21:27:33 0 d
    C:\Users\Lorraine\AppData\Roaming\CyberLink
    2008-01-21 21:22:29 0 d
    C:\Users\Lorraine\AppData\Roaming\Creative
    2008-01-21 19:59:19 0 d
    C:\Program Files\Windows Mail
    2008-01-21 19:59:17 0 d
    C:\Program Files\Windows Sidebar
    2008-01-21 19:57:12 0 d
    C:\Program Files\Webshots
    2008-01-21 19:57:00 0 d
    C:\Users\Lorraine\AppData\Roaming\Webshots
    2008-01-21 19:49:42 0 d
    C:\Program Files\MSXML 4.0
    2008-01-21 19:22:52 0 d
    C:\Users\Lorraine\AppData\Roaming\Macromedia
    2008-01-21 19:17:47 0 d
    C:\Users\Lorraine\AppData\Roaming\Identities
    2008-01-18 07:56:32 0 d
    C:\Program Files\Synaptics
    2008-01-18 07:50:27 0 d
    C:\Program Files\Windows Calendar
    2008-01-18 07:46:10 0 d
    C:\Program Files\Windows Defender
    2008-01-18 00:36:47 0 d
    C:\Program Files\Dell
    2008-01-18 00:34:35 0 d
    C:\Program Files\CyberLink
    2008-01-18 00:33:19 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-01-18 00:32:51 0 d
    C:\Program Files\Dell Support Center
    2008-01-18 00:32:43 0 d
    C:\Program Files\Common Files\supportsoft
    2008-01-18 00:29:42 0 d
    C:\Program Files\Common Files\McAfee
    2008-01-18 00:29:32 0 d
    C:\Program Files\McAfee.com
    2008-01-18 00:28:45 0 d
    C:\Program Files\Common Files\Adobe
    2008-01-18 00:26:21 0 d
    C:\Program Files\Common Files\Sonic Shared
    2008-01-18 00:24:47 0 d
    C:\Program Files\Common Files\InstallShield
    2008-01-18 00:23:57 0 d
    C:\Program Files\Common Files\SureThing Shared
    2008-01-18 00:23:38 0 d
    C:\Program Files\Common Files\Roxio Shared
    2008-01-18 00:22:18 76 -r-hs---- C:\Windows\CT4CET.bin
    2008-01-18 00:22:01 0 d
    C:\Program Files\Creative
    2008-01-18 00:21:50 0 d
    C:\Program Files\Common Files\Reallusion
    2008-01-18 00:21:25 0 d
    C:\Program Files\Common Files\Creative
    2008-01-18 00:21:08 0 d
    C:\Program Files\Creative Live! Cam
    2008-01-18 00:20:25 0 d
    C:\Program Files\Broadcom
    2008-01-18 00:17:57 0 d
    C:\Program Files\Digital Line Detect
    2008-01-18 00:17:23 0 d
    C:\Program Files\NetWaiting
    2008-01-18 00:16:53 0 d
    C:\Program Files\Modem Diagnostic Tool
    2008-01-18 00:16:26 0 d
    C:\Program Files\Java
    2008-01-18 00:16:26 0 d
    C:\Program Files\Common Files\Java
    2008-01-18 00:04:29 174 --ahs---- C:\Program Files\desktop.ini
    2008-01-18 00:02:47 0 d
    C:\Program Files\CONEXANT
    2008-01-18 00:02:31 0 d
    C:\Program Files\Sigmatel


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
    01/10/2007 13:55 329024 --a
    C:\Program Files\McAfee\MSK\mcapbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [18/01/2008 07:46]
    "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 06:03]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/11/2006 19:06]
    "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [29/08/2007 05:54]
    "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [07/09/2007 18:23]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [26/09/2007 10:47]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [26/09/2007 10:47]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [26/09/2007 10:47]
    "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
    "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [18/01/2008 00:16]
    "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [27/07/2007 16:43]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37]
    "@=" []
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [18/01/2008 00:29]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [01/11/2007 15:39]
    "4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 23:13]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/02/2008 20:45]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [18/01/2008 00:29]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]

    C:\Users\Lorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20/10/2005 12:04:08]
    Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [21/01/2008 19:57:01]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [18/01/2008 00:17:56]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [18/01/2008 00:20:20]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 20/02/2008 20:42 9216 C:\Windows\System32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ
    WindowsMobile wcescomm rapimgr
    LocalServiceRestricted WcesComm RapiMgr


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-03-11 21:59:54


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
    Folders to delete:
    C:\Program Files\LimeWire

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh DSS log by using Add/Reply


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 122 ✭✭Quarrybaby


    Hi,

    when i open the avenger i dont see:

    Under "Script file to execute" choose "Input Script Manually".
    Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    Click Done
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.


    this is what opens:
    screenshotmx6.th.jpg


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    See "Input script here", put this there

    Folders to delete:
    C:\Program Files\LimeWire

    Then click Execute

    Then follow any prompts, reboot, and post a new DSS Log


  • Registered Users, Registered Users 2 Posts: 122 ✭✭Quarrybaby


    When i rebooted i got this message errorrf2.th.jpg


    avenger log:



    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    Folder "C:\Program Files\LimeWire" deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.



    DSS LOG:

    Deckard's System Scanner v20071014.68
    Run by Lorraine on 2008-03-13 18:59:30
    Computer is in Normal Mode.



    -- HijackThis (run as Lorraine.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:00:00, on 13/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Kontiki\KService.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\Grisoft\AVG7\avgw.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\mspaint.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\Users\Lorraine\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Lorraine.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg1.mail.yahoo.com/dc/launch?.rand=d1v3tk30cpmr4
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=3080118
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 14472 bytes

    -- Files created between 2008-02-13 and 2008-03-13

    2008-03-09 21:11:56 0 d
    C:\Program Files\Trend Micro
    2008-03-09 12:47:35 0 d
    C:\Program Files\Lavasoft
    2008-03-09 12:47:34 0 d
    C:\Users\All Users\Lavasoft
    2008-03-09 12:46:12 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-08 14:17:35 0 d
    C:\Users\All Users\Spybot - Search & Destroy
    2008-03-08 13:55:59 0 d
    C:\Program Files\Spyware Doctor
    2008-03-02 17:34:03 2560 --a
    C:\Windows\_MSRSTRT.EXE
    2008-03-02 11:50:07 0 d
    C:\Program Files\Microsoft ActiveSync
    2008-03-02 11:48:06 0 d
    C:\Windows\PCHEALTH
    2008-03-02 11:48:06 0 d
    C:\Program Files\Microsoft.NET
    2008-03-02 11:45:12 0 dr-h
    C:\MSOCache
    2008-02-28 22:18:03 0 d
    C:\Program Files\iPod
    2008-02-28 22:17:53 0 d
    C:\Program Files\iTunes
    2008-02-23 10:28:44 0 d
    C:\Program Files\Conduit
    2008-02-23 10:28:43 0 d
    C:\Program Files\isoHunt
    2008-02-22 20:50:16 0 d
    C:\Program Files\Common Files\PX Storage Engine
    2008-02-22 20:50:03 0 d
    C:\Program Files\DivX
    2008-02-21 02:05:44 3596288 --a
    C:\Windows\system32\qt-dx331.dll
    2008-02-21 02:04:16 196608 --a
    C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-02-21 02:04:16 81920 --a
    C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-02-21 02:04:04 802816 --a
    C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-02-21 02:04:04 823296 --a
    C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:04:04 823296 --a
    C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:04:04 682496 --a
    C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:03:24 12288 --a
    C:\Windows\system32\DivXWMPExtType.dll
    2008-02-20 20:41:38 0 d
    C:\Users\All Users\Grisoft
    2008-02-20 20:41:38 0 d
    C:\Users\All Users\avg7
    2008-02-20 19:42:29 0 d
    C:\Program Files\Picasa2
    2008-02-20 19:41:58 0 d
    C:\Windows\system32\runtime
    2008-02-20 19:18:39 0 d-a
    C:\Users\All Users\TEMP
    2008-02-16 11:25:02 0 d
    C:\Program Files\GustoSoft


    -- Find3M Report

    2008-03-13 18:55:55 0 d
    C:\Users\Lorraine\AppData\Roaming\AVG7
    2008-03-13 18:51:31 12 --a
    C:\Windows\bthservsdp.dat
    2008-03-10 19:37:13 0 d
    C:\Users\Lorraine\AppData\Roaming\Azureus
    2008-03-09 12:46:12 0 d
    C:\Program Files\Common Files
    2008-03-08 13:55:59 0 d
    C:\Users\Lorraine\AppData\Roaming\PC Tools
    2008-02-22 20:58:31 0 d
    C:\Program Files\Microsoft Works
    2008-02-22 20:51:54 0 d
    C:\Users\Lorraine\AppData\Roaming\DivX
    2008-02-21 22:43:30 0 d
    C:\Users\Lorraine\AppData\Roaming\Media Player Classic
    2008-02-20 20:09:00 0 d
    C:\Program Files\Google
    2008-02-20 20:02:16 0 d
    C:\Program Files\McAfee
    2008-02-19 19:00:58 0 d
    C:\Users\Lorraine\AppData\Roaming\Adobe
    2008-02-16 12:39:50 0 d
    C:\Users\Lorraine\AppData\Roaming\Template
    2008-02-16 12:39:24 0 --a
    C:\Users\Lorraine\AppData\Roaming\wklnhst.dat
    2008-02-16 12:01:58 0 d
    C:\Users\Lorraine\AppData\Roaming\Roxio
    2008-02-16 11:55:26 0 d
    C:\Program Files\Roxio
    2008-02-09 15:37:23 0 d
    C:\Users\Lorraine\AppData\Roaming\yahoo!
    2008-02-09 15:37:13 0 d
    C:\Program Files\Yahoo!
    2008-02-09 15:25:08 0 d
    C:\Program Files\Azureus
    2008-02-09 14:22:15 0 d
    C:\Program Files\Viewpoint
    2008-02-07 22:38:20 0 d
    C:\Users\Lorraine\AppData\Roaming\Apple Computer
    2008-02-07 22:36:41 0 d
    C:\Program Files\Bonjour
    2008-02-07 22:36:22 0 d
    C:\Program Files\QuickTime
    2008-02-07 22:35:12 0 d
    C:\Program Files\Apple Software Update
    2008-02-07 22:33:48 0 d
    C:\Program Files\Common Files\Apple
    2008-01-21 21:56:20 0 d
    C:\Users\Lorraine\AppData\Roaming\Google
    2008-01-21 21:33:39 0 d
    C:\Program Files\Kontiki
    2008-01-21 21:33:35 0 d
    C:\Program Files\Channel4
    2008-01-21 21:27:33 0 d
    C:\Users\Lorraine\AppData\Roaming\CyberLink
    2008-01-21 21:22:29 0 d
    C:\Users\Lorraine\AppData\Roaming\Creative
    2008-01-21 19:59:19 0 d
    C:\Program Files\Windows Mail
    2008-01-21 19:59:17 0 d
    C:\Program Files\Windows Sidebar
    2008-01-21 19:57:12 0 d
    C:\Program Files\Webshots
    2008-01-21 19:57:00 0 d
    C:\Users\Lorraine\AppData\Roaming\Webshots
    2008-01-21 19:49:42 0 d
    C:\Program Files\MSXML 4.0
    2008-01-21 19:22:52 0 d
    C:\Users\Lorraine\AppData\Roaming\Macromedia
    2008-01-21 19:17:47 0 d
    C:\Users\Lorraine\AppData\Roaming\Identities
    2008-01-18 07:56:32 0 d
    C:\Program Files\Synaptics
    2008-01-18 07:50:27 0 d
    C:\Program Files\Windows Calendar
    2008-01-18 07:46:10 0 d
    C:\Program Files\Windows Defender
    2008-01-18 00:36:47 0 d
    C:\Program Files\Dell
    2008-01-18 00:34:35 0 d
    C:\Program Files\CyberLink
    2008-01-18 00:33:19 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-01-18 00:32:51 0 d
    C:\Program Files\Dell Support Center
    2008-01-18 00:32:43 0 d
    C:\Program Files\Common Files\supportsoft
    2008-01-18 00:29:42 0 d
    C:\Program Files\Common Files\McAfee
    2008-01-18 00:29:32 0 d
    C:\Program Files\McAfee.com
    2008-01-18 00:28:45 0 d
    C:\Program Files\Common Files\Adobe
    2008-01-18 00:26:21 0 d
    C:\Program Files\Common Files\Sonic Shared
    2008-01-18 00:24:47 0 d
    C:\Program Files\Common Files\InstallShield
    2008-01-18 00:23:57 0 d
    C:\Program Files\Common Files\SureThing Shared
    2008-01-18 00:23:38 0 d
    C:\Program Files\Common Files\Roxio Shared
    2008-01-18 00:22:18 76 -r-hs---- C:\Windows\CT4CET.bin
    2008-01-18 00:22:01 0 d
    C:\Program Files\Creative
    2008-01-18 00:21:50 0 d
    C:\Program Files\Common Files\Reallusion
    2008-01-18 00:21:25 0 d
    C:\Program Files\Common Files\Creative
    2008-01-18 00:21:08 0 d
    C:\Program Files\Creative Live! Cam
    2008-01-18 00:20:25 0 d
    C:\Program Files\Broadcom
    2008-01-18 00:17:57 0 d
    C:\Program Files\Digital Line Detect
    2008-01-18 00:17:23 0 d
    C:\Program Files\NetWaiting
    2008-01-18 00:16:53 0 d
    C:\Program Files\Modem Diagnostic Tool
    2008-01-18 00:16:26 0 d
    C:\Program Files\Java
    2008-01-18 00:16:26 0 d
    C:\Program Files\Common Files\Java
    2008-01-18 00:04:29 174 --ahs---- C:\Program Files\desktop.ini
    2008-01-18 00:02:47 0 d
    C:\Program Files\CONEXANT
    2008-01-18 00:02:31 0 d
    C:\Program Files\Sigmatel


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
    01/10/2007 13:55 329024 --a
    C:\Program Files\McAfee\MSK\mcapbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [18/01/2008 07:46]
    "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 06:03]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/11/2006 19:06]
    "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [29/08/2007 05:54]
    "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [07/09/2007 18:23]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [26/09/2007 10:47]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [26/09/2007 10:47]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [26/09/2007 10:47]
    "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
    "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [18/01/2008 00:16]
    "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [27/07/2007 16:43]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37]
    "@=" []
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [18/01/2008 00:29]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [01/11/2007 15:39]
    "4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 23:13]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/02/2008 20:45]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [18/01/2008 00:29]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]

    C:\Users\Lorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20/10/2005 12:04:08]
    Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [21/01/2008 19:57:01]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [18/01/2008 00:17:56]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [18/01/2008 00:20:20]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 20/02/2008 20:42 9216 C:\Windows\System32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ
    WindowsMobile wcescomm rapimgr
    LocalServiceRestricted WcesComm RapiMgr


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-03-13 19:01:23


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    That seems to have done it.

    Have you found any other traces of LimeWire on your PC ? Any other problems ?


  • Registered Users, Registered Users 2 Posts: 122 ✭✭Quarrybaby


    Oh my god you are a genius!!!!! Seriously thanks a million, that crap would have been on my laptop forever if it wasnt for u!!!!! Appreciated the nice easy instructions too!! So u must be in IT then....???

    No more problems at the mo, but i'll know who to ask if when I do;)


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Few things for you to do
    • Make sure you have an Internet Connection.
    • Double-click OTMoveIt2.exe to run it.
    • Click on the CleanUp! button
    • A list of tool components used in the Cleanup of malware will be downloaded.
    • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
    • Click Yes to beging the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



    You now need to update your Java and remove your older versions.

    Please follow these steps to remove older version Java components.

    * Click Start > Control Panel.
    * Click Add/Remove Programs.
    * Check any item with Java Runtime Environment (JRE) in the name.
    * Click the Remove or Change/Remove button.

    Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
    here



    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type

    cleanmgr

    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.


    Thats it :)


  • Registered Users, Registered Users 2 Posts: 122 ✭✭Quarrybaby


    I get an 'access denied' message when i click on CleanUp!


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    No worries, you can go on with the rest of the steps

    Make sure you delete all the tools that we used.


  • Registered Users, Registered Users 2 Posts: 122 ✭✭Quarrybaby


    when i type into run i get the message 'windows cannot find %SystemRoot%\System32\restore\rstrui.exe'


    Sorry, i'll have ur head recked!!!


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Sorry about, that forgot you were on Vista

    You need to make a new system restore point, not sure how you do that for Vista. Follow the steps in this link to create a new system restore point

    http://articles.techrepublic.com.com/5100-10877_11-6159394.html


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 122 ✭✭Quarrybaby


    Hey,

    Have done all that now, sorted, thanks. One thing I have noticed though... the icons for battery power and wireless network connection have dissapeared from my system tray...????? do you think this is related do anything I have been doing over the past few days??


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Nope

    Not sure why that is though


  • Registered Users, Registered Users 2 Posts: 891 ✭✭✭rejkin


    can you not just re activate them in the toolbar properties?


  • Registered Users, Registered Users 2 Posts: 122 ✭✭Quarrybaby


    rejkin wrote: »
    can you not just re activate them in the toolbar properties?

    Yes well I had tried that but no joy, I googled and came up with a programme that tunes up your computer and restores any missing icons.... apparently it happens ofter enough on laptops for some reason...


Advertisement