Virus ( Maybe ) on my Dell Laptop

robryan · 24-01-2008 12:25PM #1

Hi,
I recently bought a laptop from Dell with McAfee SC preinstalled on the machine. When I 1st got the laptop the 1st time I booted it up I ran a McAfee update to have all the latest definitions installed, but while running the update I got a message from the SC saying that " McAfee encountered an Error updating please uninstall McAfee Security Center and then reinstall it ". So at this point I uninstalled it and when to the McAfee site to download my subscription but when ever I clicked on the button to download the product my browser ( IE + FF ) would say that it could not connect to this site, I have a trail version CD which I got with the Laptop so I reinstalled McAfee from this and all seemed good until I tried to update it and again I got the message saying " McAfee encountered an Error updating please uninstall McAfee Security Center and then reinstall it ". After searching the web for ways to troubleshoot this I found on Microsofts site that there was a virus on the machine ( SmitFraud ). To get this fixed I had to reflush the IP Stack and the in the properties of the TCP/IP there was IP Addresses entered into the DNS Server Address so I had to click on the radio buttn " Obtain DNS Server address automatically ". After doing this I can now run windows updates and my McAfee is updating fine now, however now when I do a search on Google using either IE 7 or FireFox and then click on the link in the search results I get redirected to a site other than the site I want. A site the I have been redirected to quite a bit is one called " daytotals " and it looks like a sex site even though my search could have been for Football or Cars.

If anyone has seen this or knows how I get get my browsers working without constantly getting redirected to smut I would love to hear from you

Laptop Details :

Model : Dell Inspirion 1720
OS : Windows Vista Home Premium
Browsers : I have both IE and FF installed.
AV : McAfee Security Center + Windows Defender

Best Regards
Rob

ActorSeeksJob · 24-01-2008 01:28PM

Do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

robryan · 24-01-2008 06:02PM

Thanks for the Reply!!!

I ran the Tool to scan my laptop and here are the 2 txt files you need.

extra.txt :

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

-- System Information

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 893.39 MiB / 188.86 MiB
Pagefile Memory (total/avail): 2045.63 MiB / 1093.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.21 MiB

C: is Fixed (NTFS) - 136.44 GiB total, 104.77 GiB free.

is Fixed (NTFS) - 10 GiB total, 5.95 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1637GSX SCSI Disk Device - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 109.79 MiB
\PARTITION1 - Installable File System - 10 GiB -

\PARTITION2 (bootable) - Installable File System - 136.44 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB

-- Security Center

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\\Program Files\\BitTorrent\\bittorrent.exe"="F:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

-- Environment Variables

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\bob\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BOB-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\bob
LOCALAPPDATA=C:\Users\bob\AppData\Local
LOGONSERVER=\\BOB-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6801
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\bob\AppData\Local\Temp
TMP=C:\Users\bob\AppData\Local\Temp
USERDOMAIN=bob-PC
USERNAME=bob
USERPROFILE=C:\Users\bob
windir=C:\Windows

-- User Profiles

bob
Grainne (new local, net ready)

-- Add/Remove Programs

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> F:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9
ATI PCI Express (3GIO) Filter Driver --> C:\Program Files\InstallShield Installation Information\{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}\Setup.exe -runfromtemp -l0x0009 -removeonly
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Boylepoker.com --> C:\MICROG~1\Poker\BOYLES~1\BOYLES~1\UNWISE.EXE C:\MICROG~1\Poker\BOYLES~1\BOYLES~1\INSTALL.LOG
Broadcom Management Programs --> MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Catalyst Control Center - Branding --> MsiExec.exe /I{EFBE2318-89B7-4A5F-8912-23DB04761C31}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Dell Getting Started Guide --> MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> F:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> F:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> F:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> F:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> F:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drive Manager --> "C:\Program Files\InstallShield Installation Information\{48B0F38D-1913-44F3-99AA-D4C55A2B038E}\setup.exe" -runfromtemp -l0x0409 -removeonly
Drive Manager --> MsiExec.exe /I{48B0F38D-1913-44F3-99AA-D4C55A2B038E}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Paddy Power Poker --> "C:\Poker\Paddy Power Poker\_SetupPoker[1].exe" /uninstall
QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Total Commander (Remove or Repair) --> c:\totalcmd\tcuninst.exe
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WebPAM --> C:\Program Files\InstallShield Installation Information\{EDC5E937-F707-4241-BB2F-111C4B83FF2C}\setup.exe -runfromtemp -l0x0409
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

-- Application Event Log

Event Record #/Type9834 / Success
Event Submitted/Written: 01/24/2008 05:40:28 PM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type9833 / Success
Event Submitted/Written: 01/24/2008 05:40:20 PM
Event ID/Source: 5615 / WinMgmt
Event Description:

Event Record #/Type9825 / Success
Event Submitted/Written: 01/24/2008 05:39:14 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type9816 / Warning
Event Submitted/Written: 01/24/2008 01:02:03 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3472873205-2394879787-2826684974-1000_Classes:
Process 960 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3472873205-2394879787-2826684974-1000_CLASSES

Event Record #/Type9815 / Warning
Event Submitted/Written: 01/24/2008 01:01:59 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3472873205-2394879787-2826684974-1000:
Process 960 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3472873205-2394879787-2826684974-1000

-- Security Event Log

No Errors/Warnings found.

-- System Event Log

Event Record #/Type16479 / Warning
Event Submitted/Written: 01/24/2008 05:56:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%bob-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %bob-PC27 can't undo changes that you allow.

For more information please see the following:
%bob-PC275

Scan ID: {63A516F1-7F1A-4407-B955-4B70715E8519}

User: bob-PC\bob

Name: %bob-PC271

ID: %bob-PC272

Severity ID: %bob-PC273

Category ID: %bob-PC274

Path Found: %bob-PC276

Alert Type: %bob-PC278

Detection Type: 1.1.1505.02

Event Record #/Type16478 / Warning
Event Submitted/Written: 01/24/2008 05:56:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%bob-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %bob-PC27 can't undo changes that you allow.

For more information please see the following:
%bob-PC275

Scan ID: {41829F4D-0A1F-4535-B43E-9701F0FFEED1}

User: bob-PC\bob

Name: %bob-PC271

ID: %bob-PC272

Severity ID: %bob-PC273

Category ID: %bob-PC274

Path Found: %bob-PC276

Alert Type: %bob-PC278

Detection Type: 1.1.1505.02

Event Record #/Type16477 / Warning
Event Submitted/Written: 01/24/2008 05:56:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%bob-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %bob-PC27 can't undo changes that you allow.

For more information please see the following:
%bob-PC275

Scan ID: {52360A45-9B78-4070-9224-E08585002F5D}

User: bob-PC\bob

Name: %bob-PC271

ID: %bob-PC272

Severity ID: %bob-PC273

Category ID: %bob-PC274

Path Found: %bob-PC276

Alert Type: %bob-PC278

Detection Type: 1.1.1505.02

Event Record #/Type16476 / Warning
Event Submitted/Written: 01/24/2008 05:56:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%bob-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %bob-PC27 can't undo changes that you allow.

For more information please see the following:
%bob-PC275

Scan ID: {66338C19-4609-4729-AF0E-792B3641C932}

User: bob-PC\bob

Name: %bob-PC271

ID: %bob-PC272

Severity ID: %bob-PC273

Category ID: %bob-PC274

Path Found: %bob-PC276

Alert Type: %bob-PC278

Detection Type: 1.1.1505.02

Event Record #/Type16473 / Warning
Event Submitted/Written: 01/24/2008 05:47:14 PM
Event ID/Source: 16393 / Microsoft-Windows-Bits-Client
Event Description:
2147747073

-- End of Deckard's System Scanner: finished at 2008-01-24 17:57:42

main.txt :

Deckard's System Scanner v20071014.68
Run by bob on 2008-01-24 17:52:06
Computer is in Normal Mode.

-- Last 5 Restore Point(s) --
29: 2008-01-23 19:36:19 UTC - RP76 - Windows Update
28: 2008-01-22 18:12:46 UTC - RP75 - Windows Defender Checkpoint
27: 2008-01-21 21:12:19 UTC - RP73 - Windows Update
26: 2008-01-21 20:23:33 UTC - RP72 - Windows Defender Checkpoint
25: 2008-01-21 20:02:19 UTC - RP70 - Windows Update

-- First Restore Point --
1: 2007-12-10 13:58:16 UTC - RP31 - Installed Google Desktop Plugin - Lottery Results

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 79% (more than 75%).
Total Physical Memory: 894 MiB (1024 MiB recommended).

-- HijackThis Clone

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-24 17:56:01
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Windows\System32\conime.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Users\bob\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/webhp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: The egodktf - {82EA267C-402D-4DB6-A2B8-EBF03D385CC1} - C:\Windows\egodktf.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [dmhvf.exe] C:\Windows\system32\dmhvf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [dmuix.tmp] C:\Windows\system32\dmuix.tmp
O4 - HKCU\..\Run: [dmbkj.tmp] C:\Windows\system32\dmbkj.tmp
O4 - HKCU\..\Run: [dmgms.tmp] C:\Windows\system32\dmgms.tmp
O4 - HKCU\..\Run: [dmbhc.tmp] C:\Windows\system32\dmbhc.tmp
O4 - HKCU\..\Run: [dmqtf.tmp] C:\Windows\system32\dmqtf.tmp
O4 - HKCU\..\Run: [dmeik.tmp] C:\Windows\system32\dmeik.tmp
O4 - HKCU\..\Run: [dmati.tmp] C:\Windows\system32\dmati.tmp
O4 - HKCU\..\Run: [dmorn.tmp] C:\Windows\system32\dmorn.tmp
O4 - HKCU\..\Run: [dmoys.tmp] C:\Windows\system32\dmoys.tmp
O4 - HKCU\..\Run: [dmqto.tmp] C:\Windows\system32\dmqto.tmp
O4 - HKCU\..\Run: [dmydq.tmp] C:\Windows\system32\dmydq.tmp
O4 - HKCU\..\Run: [dmrnr.tmp] C:\Windows\system32\dmrnr.tmp
O4 - HKCU\..\Run: [dmddh.tmp] C:\Windows\system32\dmddh.tmp
O4 - HKCU\..\Run: [dmgqs.tmp] C:\Windows\system32\dmgqs.tmp
O4 - HKCU\..\Run: [dmntc.tmp] C:\Windows\system32\dmntc.tmp
O4 - HKCU\..\Run: [dmsxr.tmp] C:\Windows\system32\dmsxr.tmp
O4 - HKCU\..\Run: [dmcmk.tmp] C:\Windows\system32\dmcmk.tmp
O4 - HKCU\..\Run: [dmiae.tmp] C:\Windows\system32\dmiae.tmp
O4 - HKCU\..\Run: [dmsup.tmp] C:\Windows\system32\dmsup.tmp
O4 - HKCU\..\Run: [dmjvq.tmp] C:\Windows\system32\dmjvq.tmp
O4 - HKCU\..\Run: [dmhnz.tmp] C:\Windows\system32\dmhnz.tmp
O4 - HKCU\..\Run: [dmdxp.tmp] C:\Windows\system32\dmdxp.tmp
O4 - HKCU\..\Run: [dmslw.tmp] C:\Windows\system32\dmslw.tmp
O4 - HKCU\..\Run: [dmjzx.tmp] C:\Windows\system32\dmjzx.tmp
O4 - HKCU\..\Run: [dmtmn.tmp] C:\Windows\system32\dmtmn.tmp
O4 - HKCU\..\Run: [dmuxi.tmp] C:\Windows\system32\dmuxi.tmp
O4 - HKCU\..\Run: [dmpyo.tmp] C:\Windows\system32\dmpyo.tmp
O4 - HKCU\..\Run: [dmwuc.tmp] C:\Windows\system32\dmwuc.tmp
O4 - HKCU\..\Run: [dmaqg.tmp] C:\Windows\system32\dmaqg.tmp
O4 - HKCU\..\Run: [dmeih.tmp] C:\Windows\system32\dmeih.tmp
O4 - HKCU\..\Run: [dmrfs.tmp] C:\Windows\system32\dmrfs.tmp
O4 - HKCU\..\Run: [dmkjl.tmp] C:\Windows\system32\dmkjl.tmp
O4 - HKCU\..\Run: [dmstj.tmp] C:\Windows\system32\dmstj.tmp
O4 - HKCU\..\Run: [dmidv.tmp] C:\Windows\system32\dmidv.tmp
O4 - HKCU\..\Run: [dmazu.tmp] C:\Windows\system32\dmazu.tmp
O4 - HKCU\..\Run: [dmltm.tmp] C:\Windows\system32\dmltm.tmp
O4 - HKCU\..\Run: [dmtym.tmp] C:\Windows\system32\dmtym.tmp
O4 - HKCU\..\Run: [dmypu.tmp] C:\Windows\system32\dmypu.tmp
O4 - HKCU\..\Run: [dmqxb.tmp] C:\Windows\system32\dmqxb.tmp
O4 - HKCU\..\Run: [dmkot.tmp] C:\Windows\system32\dmkot.tmp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dmqvo.tmp] C:\Windows\system32\dmqvo.tmp
O4 - HKCU\..\Run: [dmbhz.tmp] C:\Windows\system32\dmbhz.tmp
O4 - HKCU\..\Run: [dmvuu.tmp] C:\Windows\system32\dmvuu.tmp
O4 - HKCU\..\Run: [dmejn.tmp] C:\Windows\system32\dmejn.tmp
O4 - HKCU\..\Run: [dmwei.tmp] C:\Windows\system32\dmwei.tmp
O4 - HKCU\..\Run: [dmfpn.tmp] C:\Windows\system32\dmfpn.tmp
O4 - HKCU\..\Run: [dmrur.tmp] C:\Windows\system32\dmrur.tmp
O4 - HKCU\..\Run: [dmqjo.tmp] C:\Windows\system32\dmqjo.tmp
O4 - HKCU\..\Run: [dmmzz.tmp] C:\Windows\system32\dmmzz.tmp
O4 - HKCU\..\Run: [dmaqo.tmp] C:\Windows\system32\dmaqo.tmp
O4 - HKCU\..\Run: [dmdsh.tmp] C:\Windows\system32\dmdsh.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Boylepoker.com Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Microgaming\Poker\boylesportspokercomMPP\MPPoker.exe
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{6D502F37-04A6-4155-84E3-57B37CA6FB6D}: NameServer = 85.255.115.6,85.255.112.81
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.81
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.81
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0117971201196858) (0117971201196858mcinstcleanup) - Unknown owner - C:\Windows\TEMP\011797~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\AEstSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: ATI WebPAM (ATIWebPAM) - Unknown owner - C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe

--
End of file - 14514 bytes

-- File Associations

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

S3 NTPASp50 (NTPASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\ntpasp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ATIWebPAM (ATI WebPAM) - "c:\program files\ati\webpam\jetty\extra\win32\wrapper.exe" -s wrapper.conf
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 0117971201196858mcinstcleanup (McAfee Application Installer Cleanup (0117971201196858)) - c:\windows\temp\011797~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

-- Device Manager: Disabled

No disabled devices found.

-- Scheduled Tasks

2008-01-19 13:38:28 328 --a

C:\Windows\Tasks\McQcTask.job
2008-01-19 13:38:28 336 --a

C:\Windows\Tasks\McDefragTask.job

-- Files created between 2007-12-24 and 2008-01-24

2008-01-22 17:40:45 0 d

C:\Program Files\SiteAdvisor
2008-01-20 03:14:59 81920 --a

C:\Windows\fknxwqf.exe
2008-01-20 03:14:59 172032 --a

C:\Windows\egodktf.dll <Not Verified; ; egodktf Module>
2008-01-20 00:47:02 0 d

C:\Program Files\Trend Micro
2008-01-20 00:06:39 0 d

C:\Program Files\iPod
2008-01-20 00:02:22 0 d

C:\Program Files\QuickTime
2008-01-18 22:07:17 143360 --a

C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-01-18 22:03:31 0 d

C:\Program Files\McAfee.com
2008-01-18 22:03:20 0 d

C:\Program Files\Common Files\McAfee
2008-01-18 22:03:10 0 d

C:\Program Files\McAfee
2008-01-16 23:37:42 0 d

C:\photos
2008-01-04 00:49:06 0 d

C:\Program Files\Apple Software Update
2008-01-04 00:47:26 0 d

C:\Program Files\Common Files\Apple
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Templates
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Start Menu
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\SendTo
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Recent
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\PrintHood
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\NetHood
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\My Documents
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Local Settings
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Cookies
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Application Data
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Videos
2007-12-29 14:52:03 0 d

C:\Users\Grainne\Saved Games
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Pictures
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Music
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Links
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Favorites
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Downloads
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Documents
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Desktop
2007-12-29 14:52:03 0 d--h

C:\Users\Grainne\AppData
2007-12-29 14:52:02 1572864 --ahs---- C:\Users\Grainne\ntuser.dat
2007-12-28 19:33:23 53248

n--- C:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2007-12-28 19:32:17 0 d

C:\Program Files\Audible
2007-12-28 19:23:09 0 d--h

C:\Program Files\Creative Installation Information
2007-12-28 19:23:05 0 d

C:\Program Files\Creative
2007-12-28 18:35:49 107520 --a

C:\Windows\system32\UnCasino5.exe <Not Verified; ; UnCasino Application>
2007-12-28 18:33:32 93184 --a

C:\Windows\system32\UnPoker.exe <Not Verified; ; UnCasino Application>
2007-12-28 04:39:00 0 d

C:\Program Files\DNA
2007-12-28 04:25:50 0 d

C:\Program Files\Common Files\PX Storage Engine
2007-12-28 04:16:31 0 d

C:\FireFox Downloads
2007-12-27 14:34:27 545 --a

C:\Windows\UC.PIF
2007-12-27 14:34:27 545 --a

C:\Windows\RAR.PIF
2007-12-27 14:34:27 545 --a

C:\Windows\PKZIP.PIF
2007-12-27 14:34:26 545 --a

C:\Windows\PKUNZIP.PIF
2007-12-27 14:34:26 545 --a

C:\Windows\NOCLOSE.PIF
2007-12-27 14:34:26 545 --a

C:\Windows\LHA.PIF
2007-12-27 14:34:26 545 --a

C:\Windows\ARJ.PIF
2007-12-27 14:34:26 0 d

C:\totalcmd
2007-12-27 14:22:58 0 d

C:\Program Files\VideoLAN
2007-12-26 13:49:06 0 d

C:\External Hard Drive
2007-12-26 13:22:14 0 d

C:\Program Files\Seagate

-- Find3M Report

2008-01-22 17:40:45 0 d

C:\Users\bob\AppData\Roaming\SiteAdvisor
2008-01-21 23:40:27 0 d

C:\Program Files\Windows Mail
2008-01-21 21:14:37 0 d

C:\Program Files\Windows Sidebar
2008-01-20 22:36:42 0 d

C:\Users\bob\AppData\Roaming\dvdcss
2008-01-20 18:12:15 120 --a

C:\Users\bob\AppData\Roaming\wklnhst.dat
2008-01-20 17:50:57 0 d

C:\Users\bob\AppData\Roaming\Template
2008-01-18 22:03:20 0 d

C:\Program Files\Common Files
2008-01-12 12:45:55 0 d

C:\Users\bob\AppData\Roaming\Creative
2008-01-08 22:19:25 6413 --a

C:\Users\bob\AppData\Roaming\UserTile.png
2008-01-08 22:19:25 0 d

C:\Users\bob\AppData\Roaming\PeerNetworking
2008-01-05 19:28:10 0 d

C:\Users\bob\AppData\Roaming\Microgaming
2008-01-04 00:53:56 0 d

C:\Users\bob\AppData\Roaming\Apple Computer
2008-01-03 14:10:02 0 d--h

C:\Program Files\InstallShield Installation Information
2007-12-28 23:45:13 0 d

C:\Users\bob\AppData\Roaming\BitTorrent
2007-12-28 16:17:29 0 d

C:\Users\bob\AppData\Roaming\Roxio
2007-12-28 16:17:19 0 d

C:\Users\bob\AppData\Roaming\DivX
2007-12-27 14:36:51 0 d

C:\Users\bob\AppData\Roaming\GHISLER
2007-12-27 14:25:10 0 d

C:\Users\bob\AppData\Roaming\vlc
2007-12-16 23:59:58 0 d

C:\Users\bob\AppData\Roaming\Adobe
2007-12-16 22:52:44 0 --a

C:\Windows\nsreg.dat
2007-12-16 22:52:31 0 d

C:\Users\bob\AppData\Roaming\Mozilla
2007-12-16 13:51:27 0 d

C:\Users\bob\AppData\Roaming\Real
2007-12-16 13:49:46 0 d

C:\Program Files\Common Files\xing shared
2007-12-16 13:49:27 0 d

C:\Program Files\Common Files\Real
2007-12-16 13:48:59 0 d

C:\Program Files\Real
2007-12-15 14:17:31 0 d

C:\Users\bob\AppData\Roaming\McAfee
2007-12-09 17:59:11 0 d

C:\Users\bob\AppData\Roaming\acccore
2007-12-09 17:54:02 0 d

C:\Program Files\AIM6
2007-12-09 17:53:26 0 d

C:\Program Files\Viewpoint
2007-12-09 17:49:52 0 d

C:\Program Files\Common Files\AOL
2007-12-08 03:10:09 67647 --a

C:\Windows\system32\dmtjl.exe
2007-12-08 03:10:09 67647 --a

C:\Windows\system32\dmhvf.exe
2007-12-08 03:02:56 0 d

C:\Program Files\MSXML 4.0
2007-12-08 00:24:42 0 d

C:\Users\bob\AppData\Roaming\Google
2007-12-08 00:23:52 0 d

C:\Program Files\Google
2007-12-06 21:26:12 0 d

C:\Users\bob\AppData\Roaming\Macromedia
2007-12-06 20:48:24 0 d

C:\Program Files\Netopia
2007-12-04 01:33:18 802816 --a

C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-04 01:33:18 823296 --a

C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-04 01:33:18 823296 --a

C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-04 01:33:16 682496 --a

C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-11-30 23:11:38 0 d

C:\Users\bob\AppData\Roaming\CyberLink
2007-11-30 23:08:55 0 d

C:\Program Files\Roxio
2007-11-30 19:26:28 0 d

C:\Users\bob\AppData\Roaming\ATI
2007-11-30 19:24:36 0 d

C:\Users\bob\AppData\Roaming\Identities
2007-11-29 22:30:28 3596288 --a

C:\Windows\system32\qt-dx331.dll
2007-11-29 22:28:24 196608 --a

C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-11-29 22:28:24 81920 --a

C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-29 07:02:39 0 d

C:\Program Files\DellTPad
2007-11-29 06:55:59 0 d

C:\Program Files\Windows Calendar
2007-11-29 06:52:46 0 d

C:\Program Files\Windows Defender
2007-11-28 23:48:35 0 d

C:\Program Files\Dell
2007-11-28 23:48:02 0 d

C:\Program Files\Microsoft Works
2007-11-28 23:46:50 0 d

C:\Program Files\Dell Support Center
2007-11-28 23:46:39 0 d

C:\Program Files\Common Files\supportsoft
2007-11-28 23:41:28 0 d

C:\Program Files\Common Files\Adobe
2007-11-28 23:40:18 0 d

C:\Program Files\CyberLink
2007-11-28 23:37:46 0 d

C:\Program Files\Common Files\Sonic Shared
2007-11-28 23:35:49 0 d

C:\Program Files\Common Files\InstallShield
2007-11-28 23:34:58 0 d

C:\Program Files\Common Files\SureThing Shared
2007-11-28 23:34:33 0 d

C:\Program Files\Common Files\Roxio Shared
2007-11-28 23:33:12 0 d

C:\Program Files\AMD
2007-11-28 23:32:56 0 d

C:\Program Files\Broadcom
2007-11-28 23:29:45 0 d

C:\Program Files\ATI
2007-11-28 23:26:45 0 d

C:\Program Files\ATI Technologies
2007-11-28 23:24:07 0 d

C:\Program Files\Digital Line Detect
2007-11-28 23:23:36 0 d

C:\Program Files\NetWaiting
2007-11-28 23:23:00 0 d

C:\Program Files\Modem Diagnostic Tool
2007-11-28 23:22:30 0 d

C:\Program Files\Java
2007-11-28 23:22:29 0 d

C:\Program Files\Common Files\Java
2007-11-28 23:11:27 174 --ahs---- C:\Program Files\desktop.ini
2007-11-28 23:09:21 0 d

C:\Program Files\CONEXANT
2007-11-28 23:09:01 0 d

C:\Program Files\Sigmatel
2007-11-28 21:52:32 12288 --a

C:\Windows\system32\DivXWMPExtType.dll

-- Registry Dump

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19/09/2007 06:15 329032 --a

c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [29/11/2007 06:52]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 06:03]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [24/09/2007 09:27]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [07/09/2007 18:23]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [28/11/2007 23:22]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37]
"@=" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [16/04/2007 16:10]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [28/11/2007 23:42]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [09/10/2007 18:57]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [02/11/2006 12:35]
"dmhvf.exe"="C:\Windows\system32\dmhvf.exe" [08/12/2007 03:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [16/12/2007 13:48]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [09/10/2007 16:21]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 15:27]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [24/08/2007 21:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [09/10/2007 18:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/10/2007 15:20]
"dmuix.tmp"="C:\Windows\system32\dmuix.tmp" []
"dmbkj.tmp"="C:\Windows\system32\dmbkj.tmp" []
"dmgms.tmp"="C:\Windows\system32\dmgms.tmp" []
"dmbhc.tmp"="C:\Windows\system32\dmbhc.tmp" []
"dmqtf.tmp"="C:\Windows\system32\dmqtf.tmp" []
"dmeik.tmp"="C:\Windows\system32\dmeik.tmp" []
"dmati.tmp"="C:\Windows\system32\dmati.tmp" []
"dmorn.tmp"="C:\Windows\system32\dmorn.tmp" []
"dmoys.tmp"="C:\Windows\system32\dmoys.tmp" []
"dmqto.tmp"="C:\Windows\system32\dmqto.tmp" []
"dmydq.tmp"="C:\Windows\system32\dmydq.tmp" []
"dmrnr.tmp"="C:\Windows\system32\dmrnr.tmp" []
"dmddh.tmp"="C:\Windows\system32\dmddh.tmp" []
"dmgqs.tmp"="C:\Windows\system32\dmgqs.tmp" []
"dmntc.tmp"="C:\Windows\system32\dmntc.tmp" []
"dmsxr.tmp"="C:\Windows\system32\dmsxr.tmp" []
"dmcmk.tmp"="C:\Windows\system32\dmcmk.tmp" []
"dmiae.tmp"="C:\Windows\system32\dmiae.tmp" []
"dmsup.tmp"="C:\Windows\system32\dmsup.tmp" []
"dmjvq.tmp"="C:\Windows\system32\dmjvq.tmp" []
"dmhnz.tmp"="C:\Windows\system32\dmhnz.tmp" []
"dmdxp.tmp"="C:\Windows\system32\dmdxp.tmp" []
"dmslw.tmp"="C:\Windows\system32\dmslw.tmp" []
"dmjzx.tmp"="C:\Windows\system32\dmjzx.tmp" []
"dmtmn.tmp"="C:\Windows\system32\dmtmn.tmp" []
"dmuxi.tmp"="C:\Windows\system32\dmuxi.tmp" []
"dmpyo.tmp"="C:\Windows\system32\dmpyo.tmp" []
"dmwuc.tmp"="C:\Windows\system32\dmwuc.tmp" []
"dmaqg.tmp"="C:\Windows\system32\dmaqg.tmp" []
"dmeih.tmp"="C:\Windows\system32\dmeih.tmp" []
"dmrfs.tmp"="C:\Windows\system32\dmrfs.tmp" []
"dmkjl.tmp"="C:\Windows\system32\dmkjl.tmp" []
"dmstj.tmp"="C:\Windows\system32\dmstj.tmp" []
"dmidv.tmp"="C:\Windows\system32\dmidv.tmp" []
"dmazu.tmp"="C:\Windows\system32\dmazu.tmp" []
"dmltm.tmp"="C:\Windows\system32\dmltm.tmp" []
"dmtym.tmp"="C:\Windows\system32\dmtym.tmp" []
"dmypu.tmp"="C:\Windows\system32\dmypu.tmp" []
"dmqxb.tmp"="C:\Windows\system32\dmqxb.tmp" []
"dmkot.tmp"="C:\Windows\system32\dmkot.tmp" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]
"dmqvo.tmp"="C:\Windows\system32\dmqvo.tmp" []
"dmbhz.tmp"="C:\Windows\system32\dmbhz.tmp" []
"dmvuu.tmp"="C:\Windows\system32\dmvuu.tmp" []
"dmejn.tmp"="C:\Windows\system32\dmejn.tmp" []
"dmwei.tmp"="C:\Windows\system32\dmwei.tmp" []
"dmfpn.tmp"="C:\Windows\system32\dmfpn.tmp" []
"dmrur.tmp"="C:\Windows\system32\dmrur.tmp" []
"dmqjo.tmp"="C:\Windows\system32\dmqjo.tmp" []
"dmmzz.tmp"="C:\Windows\system32\dmmzz.tmp" []
"dmaqo.tmp"="C:\Windows\system32\dmaqo.tmp" []
"dmdsh.tmp"="C:\Windows\system32\dmdsh.tmp" []

C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WkCalRem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [05/06/2006 09:18:54]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [28/11/2007 23:24:07]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [28/11/2007 23:32:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-01-24 17:57:42

Cheers
RB

ActorSeeksJob · 24-01-2008 06:29PM

Yep definitely malware

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
Under Additional Scans check the box beside Reg - Disabled MS Config Items.
Under Rootkit Search change that to Yes.
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

robryan · 24-01-2008 06:44PM

Hi,
Here is the scan report in this thread and I have also attached the txt file

[codebox]
WinPFind35 logfile created on: 24/01/2008 18:34:30
WinPFind35U Version Beta36 Folder = C:\Users\bob\Desktop\WinPFind35u
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16575)

893.39 Mb Total Physical Memory | 108.99 Mb Available Physical Memory | 12.20% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.85% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.44 Gb Total Space | 104.76 Gb Free Space | 76.78% Space Free | Partition Type: NTFS
Drive

| 10.00 Gb Total Space | 5.95 Gb Free Space | 59.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: BOB-PC
Current User Name: bob
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4167 | Size = 593920 bytes | Modified Date = 14/08/2007 08:40:52 | Attr = ]
ati2evxx.exe -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4167 | Size = 593920 bytes | Modified Date = 14/08/2007 08:40:52 | Attr = ]
apoint.exe -> %ProgramFiles%\DellTPad\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 7.0.101.204 | Size = 159744 bytes | Modified Date = 24/09/2007 09:27:30 | Attr = ]
sttray.exe -> %ProgramFiles%\Sigmatel\C-Major Audio\WDM\sttray.exe -> IDT, Inc. [Ver = 1.0.5609.0 nd652 cp1 | Size = 405504 bytes | Modified Date = 07/09/2007 18:23:36 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 77824 bytes | Modified Date = 28/11/2007 23:22:33 | Attr = ]
roxwatchtray9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 221184 bytes | Modified Date = 05/11/2006 11:22:16 | Attr = ]
pcmservice.exe -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 16/04/2007 16:10:26 | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.708.19688 | Size = 1838592 bytes | Modified Date = 28/11/2007 23:42:08 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4279 | Size = 185896 bytes | Modified Date = 16/12/2007 13:48:53 | Attr = ]
maxmenumgrbasics.exe -> %ProgramFiles%\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe -> Maxtor Corporation [Ver = 2, 2, 0, 6 | Size = 169328 bytes | Modified Date = 09/10/2007 16:21:06 | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 03/08/2007 22:33:14 | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.exe -> [Ver = | Size = 36640 bytes | Modified Date = 24/08/2007 21:57:48 | Attr = ]
sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 18:56:24 | Attr = ]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 04/10/2007 15:20:54 | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 03/11/2006 18:02:14 | Attr = ]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 8, 0, 11, 0 | Size = 1125088 bytes | Modified Date = 20/02/2007 13:01:12 | Attr = ]
wkcalrem.exe -> %CommonProgramFiles%\microsoft shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 8.05.0818.0 | Size = 21504 bytes | Modified Date = 05/06/2006 09:18:54 | Attr = ]
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 29/09/2006 09:57:30 | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.708.19688 | Size = 1838592 bytes | Modified Date = 28/11/2007 23:42:08 | Attr = ]
ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 29/09/2006 09:57:36 | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 25/05/2007 17:16:08 | Attr = ]
aestsrv.exe -> %System32%\AEstSrv.exe -> Andrea Electronics Corporation [Ver = 1.0.32.2 | Size = 73728 bytes | Modified Date = 29/08/2007 21:25:16 | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 14:09:16 | Attr = ]
wrapper.exe -> %ProgramFiles%\ATI\WebPAM\jetty\extra\win32\Wrapper.exe -> [Ver = | Size = 110592 bytes | Modified Date = 29/09/2003 08:30:08 | Attr = ]
syncservicesbasics.exe -> %ProgramFiles%\Seagate\Basics\Service\SyncServicesBasics.exe -> Seagate Technology LLC [Ver = 4, 0, 3, 1 | Size = 124280 bytes | Modified Date = 09/10/2007 16:21:02 | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 15/08/2007 12:36:04 | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 24/07/2007 12:02:14 | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 18/07/2007 15:54:42 | Attr = ]
java.exe -> %ProgramFiles%\ATI\WebPAM\_jvm\bin\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 14/12/2006 17:04:04 | Attr = ]
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.0.214.0 | Size = 23880 bytes | Modified Date = 24/08/2007 04:00:40 | Attr = ]
roxwatch9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 05/11/2006 11:13:00 | Attr = ]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 23/01/2008 19:29:09 | Attr = ]
sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 18:56:30 | Attr = ]
stacsv.exe -> %System32%\stacsv.exe -> IDT, Inc. [Ver = 1.0.5609.0 nd652 cp1 | Size = 102400 bytes | Modified Date = 07/09/2007 18:25:12 | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 21:38:08 | Attr = ]
xaudio.exe -> %System32%\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 05/08/2006 00:39:20 | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 04/08/2007 03:08:06 | Attr = ]
roxmediadb9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 880640 bytes | Modified Date = 05/11/2006 11:15:12 | Attr = ]
hidfind.exe -> %ProgramFiles%\DellTPad\hidfind.exe -> Alps Electric Co., Ltd. [Ver = 7.0.0.26 | Size = 40960 bytes | Modified Date = 24/09/2007 09:27:38 | Attr = ]
apntex.exe -> %ProgramFiles%\DellTPad\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 7.0.1.27 | Size = 49152 bytes | Modified Date = 24/09/2007 09:27:28 | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 22/07/2007 20:15:18 | Attr = ]
cpshelprunner.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 10752 bytes | Modified Date = 05/11/2006 10:55:48 | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 25/07/2007 01:41:52 | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 28/11/2007 19:11:50 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 306688 bytes | Modified Date = 24/01/2008 12:47:38 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AESTFilters) Andrea ST Filters Service [Win32_Own | Auto | Running] -> %System32%\AEstSrv.exe -> Andrea Electronics Corporation [Ver = 1.0.32.2 | Size = 73728 bytes | Modified Date = 29/08/2007 21:25:16 | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 14:09:16 | Attr = ]
(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4167 | Size = 593920 bytes | Modified Date = 14/08/2007 08:40:52 | Attr = ]
(ATIWebPAM) ATI WebPAM [Win32_Own | Auto | Running] -> %ProgramFiles%\ATI\WebPAM\jetty\extra\win32\Wrapper.exe -> [Ver = | Size = 110592 bytes | Modified Date = 29/09/2003 08:30:08 | Attr = ]
(Basics Service) Basics Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Seagate\Basics\Service\SyncServicesBasics.exe -> Seagate Technology LLC [Ver = 4, 0, 3, 1 | Size = 124280 bytes | Modified Date = 09/10/2007 16:21:02 | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.708.19688 | Size = 1838592 bytes | Modified Date = 28/11/2007 23:42:08 | Attr = ]
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 28/11/2007 23:42:02 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 03:24:18 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 03:22:44 | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 04/08/2007 03:08:06 | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 22/07/2007 20:15:18 | Attr = ]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 25/07/2007 03:16:16 | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 15/08/2007 12:36:04 | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 25/07/2007 01:41:52 | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 18/07/2007 15:54:42 | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(MSK80Service) McAfee Anti-Spam Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.0.214.0 | Size = 23880 bytes | Modified Date = 24/08/2007 04:00:40 | Attr = ]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 880640 bytes | Modified Date = 05/11/2006 11:15:12 | Attr = ]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 05/11/2006 11:13:00 | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 23/01/2008 19:29:09 | Attr = ]
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 18:56:30 | Attr = ]
(STacSV) SigmaTel Audio Service [Win32_Own | Auto | Running] -> %System32%\stacsv.exe -> IDT, Inc. [Ver = 1.0.5609.0 nd652 cp1 | Size = 102400 bytes | Modified Date = 07/09/2007 18:25:12 | Attr = ]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.447 | Size = 73728 bytes | Modified Date = 14/09/2006 14:54:34 | Attr = ]
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 21:38:08 | Attr = ]
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %System32%\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 05/08/2006 00:39:20 | Attr = ]
(0117971201196858mcinstcleanup) McAfee Application Installer Cleanup (0117971201196858) [Win32_Own | Auto | Stopped] -> %SystemRoot%\TEMP\011797~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 03:06:32 | Attr = ]
Apoint -> %ProgramFiles%\DellTPad\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 7.0.101.204 | Size = 159744 bytes | Modified Date = 24/09/2007 09:27:30 | Attr = ]
basicsmssmenu -> %ProgramFiles%\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe -> Maxtor Corporation [Ver = 2, 2, 0, 6 | Size = 169328 bytes | Modified Date = 09/10/2007 16:21:06 | Attr = ]
dmhvf.exe -> %System32%\dmhvf.exe -> [Ver = | Size = 67647 bytes | Modified Date = 08/12/2007 03:10:09 | Attr = ]
dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe -> [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 09/10/2007 18:57:14 | Attr = ]
ECenter -> %SystemDrive%\DELL\E-Center\EULALauncher.exe -> [Ver = 1.0.2699.18652 | Size = 17920 bytes | Modified Date = 25/05/2007 06:03:00 | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.708.19688 | Size = 1838592 bytes | Modified Date = 28/11/2007 23:42:08 | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 03/10/2006 11:37:04 | Attr = ]
iTunesHelper -> F:\Program Files\iTunes\iTunesHelper.exe -> File not found
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 03/08/2007 22:33:14 | Attr = ]
PCMService -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 16/04/2007 16:10:26 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 10/01/2008 15:27:36 | Attr = ]
RoxWatchTray -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 221184 bytes | Modified Date = 05/11/2006 11:22:16 | Attr = ]
SigmatelSysTrayApp -> C-Major Audio\WDM\sttray.exe -> File not found
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.exe -> [Ver = | Size = 36640 bytes | Modified Date = 24/08/2007 21:57:48 | Attr = ]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -> [Ver = | Size = 90112 bytes | Modified Date = 10/11/2006 12:35:24 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 77824 bytes | Modified Date = 28/11/2007 23:22:33 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4279 | Size = 185896 bytes | Modified Date = 16/12/2007 13:48:53 | Attr = ]
Windows Defender -> MSASCui.exe -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 04/10/2007 15:20:54 | Attr = ]
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 18:56:24 | Attr = ]
dmaqg.tmp -> %System32%\dmaqg.tmp -> File not found
dmaqo.tmp -> %System32%\dmaqo.tmp -> File not found
dmati.tmp -> %System32%\dmati.tmp -> File not found
dmazu.tmp -> %System32%\dmazu.tmp -> File not found
dmbhc.tmp -> %System32%\dmbhc.tmp -> File not found
dmbhz.tmp -> %System32%\dmbhz.tmp -> File not found
dmbkj.tmp -> %System32%\dmbkj.tmp -> File not found
dmcmk.tmp -> %System32%\dmcmk.tmp -> File not found
dmddh.tmp -> %System32%\dmddh.tmp -> File not found
dmdsh.tmp -> %System32%\dmdsh.tmp -> File not found
dmdxp.tmp -> %System32%\dmdxp.tmp -> File not found
dmeih.tmp -> %System32%\dmeih.tmp -> File not found
dmeik.tmp -> %System32%\dmeik.tmp -> File not found
dmejn.tmp -> %System32%\dmejn.tmp -> File not found
dmfpn.tmp -> %System32%\dmfpn.tmp -> File not found
dmgms.tmp -> %System32%\dmgms.tmp -> File not found
dmgqs.tmp -> %System32%\dmgqs.tmp -> File not found
dmhnz.tmp -> %System32%\dmhnz.tmp -> File not found
dmiae.tmp -> %System32%\dmiae.tmp -> File not found
dmidv.tmp -> %System32%\dmidv.tmp -> File not found
dmjvq.tmp -> %System32%\dmjvq.tmp -> File not found
dmjzx.tmp -> %System32%\dmjzx.tmp -> File not found
dmkjl.tmp -> %System32%\dmkjl.tmp -> File not found
dmkot.tmp -> %System32%\dmkot.tmp -> File not found
dmltm.tmp -> %System32%\dmltm.tmp -> File not found
dmmzz.tmp -> %System32%\dmmzz.tmp -> File not found
dmntc.tmp -> %System32%\dmntc.tmp -> File not found
dmorn.tmp -> %System32%\dmorn.tmp -> File not found
dmoys.tmp -> %System32%\dmoys.tmp -> File not found
dmpyo.tmp -> %System32%\dmpyo.tmp -> File not found
dmqjo.tmp -> %System32%\dmqjo.tmp -> File not found
dmqtf.tmp -> %System32%\dmqtf.tmp -> File not found
dmqto.tmp -> %System32%\dmqto.tmp -> File not found
dmqvo.tmp -> %System32%\dmqvo.tmp -> File not found
dmqxb.tmp -> %System32%\dmqxb.tmp -> File not found
dmrfs.tmp -> %System32%\dmrfs.tmp -> File not found
dmrnr.tmp -> %System32%\dmrnr.tmp -> File not found
dmrur.tmp -> %System32%\dmrur.tmp -> File not found
dmslw.tmp -> %System32%\dmslw.tmp -> File not found
dmstj.tmp -> %System32%\dmstj.tmp -> File not found
dmsup.tmp -> %System32%\dmsup.tmp -> File not found
dmsxr.tmp -> %System32%\dmsxr.tmp -> File not found
dmtmn.tmp -> %System32%\dmtmn.tmp -> File not found
dmtym.tmp -> %System32%\dmtym.tmp -> File not found
dmuix.tmp -> %System32%\dmuix.tmp -> File not found
dmuxi.tmp -> %System32%\dmuxi.tmp -> File not found
dmvuu.tmp -> %System32%\dmvuu.tmp -> File not found
dmwei.tmp -> %System32%\dmwei.tmp -> File not found
dmwuc.tmp -> %System32%\dmwuc.tmp -> File not found
dmydq.tmp -> %System32%\dmydq.tmp -> File not found
dmypu.tmp -> %System32%\dmypu.tmp -> File not found
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.708.19688 | Size = 145408 bytes | Modified Date = 28/11/2007 23:42:08 | Attr = ]
*MultiFile Done* -> ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction -> 2 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 ->
< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
::1 localhost -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.ie/webhp ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
GD [:Range = 127.0.0.1] -> http = Local intranet | ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 04/12/2007 21:02:24 | Attr = ]
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.522 | Size = 370296 bytes | Modified Date = 16/12/2007 13:49:32 | Attr = ]
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\MSK\mcapbho.dll [McAfee Phishing Filter] -> [Ver = | Size = 329032 bytes | Modified Date = 19/09/2007 06:15:26 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 501384 bytes | Modified Date = 28/11/2007 23:22:33 | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 24/10/2007 05:51:28 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 12068 | Size = 2554688 bytes | Modified Date = 28/11/2007 23:42:01 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 28/11/2007 23:42:03 | Attr = ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Dell\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.2.0.3 | Size = 98304 bytes | Modified Date = 09/11/2006 09:56:48 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [McAfee SiteAdvisor] -> [Ver = | Size = 927008 bytes | Modified Date = 04/12/2007 21:02:24 | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 12068 | Size = 2554688 bytes | Modified Date = 28/11/2007 23:42:01 | Attr = R ]
{82EA267C-402D-4DB6-A2B8-EBF03D385CC1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\egodktf.dll [The egodktf] -> [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Modified Date = 20/01/2008 00:40:20 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 12068 | Size = 2554688 bytes | Modified Date = 28/11/2007 23:42:01 | Attr = R ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0\bin\npjpi160.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 132744 bytes | Modified Date = 28/11/2007 23:22:33 | Attr = ]
{F313D2F6-B79E-4654-BC77-D14C93FC8947}:Exec -> %SystemDrive%\Microgaming\Poker\boylesportspokercomMPP\MPPoker.exe [Boylepoker.com Poker] -> Microgaming [Ver = 2, 38, 0, 0 | Size = 13312 bytes | Modified Date = 22/10/2007 08:57:36 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuStatusBar [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6D502F37-04A6-4155-84E3-57B37CA6FB6D} -> 85.255.115.6,85.255.112.81 (Broadcom 440x 10/100 Integrated Controller) ->
{90581678-320E-4F2A-821D-0716E9055882} -> (Dell Wireless 1390 WLAN Mini-Card) ->
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 04/12/2007 21:02:24 | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] ->

[Registry - Additional Scans - Non-Microsoft Only]

[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 24/01/2008 17:51:27 | Attr = ]
External Hard Drive -> %SystemDrive%\External Hard Drive -> [Folder | Created Date = 26/12/2007 13:49:06 | Attr = ]
FireFox Downloads -> %SystemDrive%\FireFox Downloads -> [Folder | Created Date = 28/12/2007 04:16:31 | Attr = ]
photos -> %SystemDrive%\photos -> [Folder | Created Date = 16/01/2008 23:37:42 | Attr = ]
totalcmd -> %SystemDrive%\totalcmd -> [Folder | Created Date = 27/12/2007 14:34:26 | Attr = ]
mfeavfk.sys -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 79304 bytes | Created Date = 18/01/2008 22:04:49 | Attr = ]
mfebopk.sys -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 35240 bytes | Created Date = 18/01/2008 22:04:49 | Attr = ]
mfehidk.sys -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 201288 bytes | Created Date = 18/01/2008 22:04:49 | Attr = ]
mferkdk.sys -> %System32%\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 33800 bytes | Created Date = 18/01/2008 22:04:55 | Attr = ]
mfesmfk.sys -> %System32%\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Created Date = 18/01/2008 22:04:49 | Attr = ]
Mpfp.sys -> %System32%\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 125728 bytes | Created Date = 18/01/2008 22:04:36 | Attr = ]
audiopid.vxd -> %System32%\audiopid.vxd -> [Ver = | Size = 7062 bytes | Created Date = 28/12/2007 19:34:29 | Attr = ]
awrdscdc.ax -> %System32%\awrdscdc.ax -> Audible, Inc. [Ver = 5, 0, 0, 5 | Size = 417792 bytes | Created Date = 28/12/2007 19:32:52 | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 11637 bytes | Created Date = 18/01/2008 22:10:17 | Attr = ]
dunzip32.dll -> %System32%\dunzip32.dll -> Inner Media, Inc. [Ver = 5.00.06 | Size = 143360 bytes | Created Date = 18/01/2008 22:07:17 | Attr = ]
GameUXLegacyGDFs.dll -> %System32%\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Created Date = 21/01/2008 21:15:35 | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Created Date = 10/01/2008 15:27:44 | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Created Date = 10/01/2008 15:27:46 | Attr = ]
UnCasino5.exe -> %System32%\UnCasino5.exe -> [Ver = 1, 0, 0, 1 | Size = 107520 bytes | Created Date = 28/12/2007 18:35:49 | Attr = ]
UnPoker.exe -> %System32%\UnPoker.exe -> [Ver = 1, 0, 0, 1 | Size = 93184 bytes | Created Date = 28/12/2007 18:33:32 | Attr = ]
ARJ.PIF -> %SystemRoot%\ARJ.PIF -> [Ver = | Size = 545 bytes | Created Date = 27/12/2007 14:34:26 | Attr = ]
Ctregrun.exe -> %SystemRoot%\Ctregrun.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 53248 bytes | Created Date = 28/12/2007 19:33:23 | Attr = ]
egodktf.dll -> %SystemRoot%\egodktf.dll -> [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Created Date = 20/01/2008 03:14:59 | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 24/01/2008 17:53:08 | Attr = ]
fknxwqf.exe -> %SystemRoot%\fknxwqf.exe -> [Ver = | Size = 81920 bytes | Created Date = 20/01/2008 03:14:59 | Attr = ]
LHA.PIF -> %SystemRoot%\LHA.PIF -> [Ver = | Size = 545 bytes | Created Date = 27/12/2007 14:34:26 | Attr = ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 155192386 bytes | Created Date = 06/01/2008 01:56:11 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 06/01/2008 01:56:29 | Attr = ]
NOCLOSE.PIF -> %SystemRoot%\NOCLOSE.PIF -> [Ver = | Size = 545 bytes | Created Date = 27/12/2007 14:34:26 | Attr = ]
PKUNZIP.PIF -> %SystemRoot%\PKUNZIP.PIF -> [Ver = | Size = 545 bytes | Created Date = 27/12/2007 14:34:26 | Attr = ]
PKZIP.PIF -> %SystemRoot%\PKZIP.PIF -> [Ver = | Size = 545 bytes | Created Date = 27/12/2007 14:34:27 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 20/01/2008 00:07:31 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 20/01/2008 00:07:31 | Attr = H ]
RAR.PIF -> %SystemRoot%\RAR.PIF -> [Ver = | Size = 545 bytes | Created Date = 27/12/2007 14:34:27 | Attr = ]
UC.PIF -> %SystemRoot%\UC.PIF -> [Ver = | Size = 545 bytes | Created Date = 27/12/2007 14:34:27 | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 336 bytes | Created Date = 18/01/2008 22:03:57 | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 328 bytes | Created Date = 18/01/2008 22:03:53 | Attr = ]

[Files/Folders - Modified Within 30 days]
$Recycle.Bin -> %SystemDrive%\$Recycle.Bin -> [Folder | Modified Date = 29/12/2007 16:07:45 | Attr = HS]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 24/01/2008 17:51:27 | Attr = ]
External Hard Drive -> %SystemDrive%\External Hard Drive -> [Folder | Modified Date = 26/12/2007 13:49:58 | Attr = ]
Firefox -> %SystemDrive%\Firefox -> [Folder | Modified Date = 20/01/2008 16:43:46 | Attr = ]
FireFox Downloads -> %SystemDrive%\FireFox Downloads -> [Folder | Modified Date = 24/01/2008 18:32:05 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 937431040 bytes | Modified Date = 24/01/2008 17:39:02 | Attr = HS]
photos -> %SystemDrive%\photos -> [Folder | Modified Date = 20/01/2008 16:42:53 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 22/01/2008 17:40:45 | Attr = R ]
ProgramData -> %AllUsersAppData% -> [Folder | Modified Date = 22/01/2008 17:40:45 | Attr = H ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 23/01/2008 19:37:03 | Attr = HS]
totalcmd -> %SystemDrive%\totalcmd -> [Folder | Modified Date = 27/12/2007 14:35:06 | Attr = ]
Users -> %SystemDrive%\Users -> [Folder | Modified Date = 03/01/2008 14:11:20 | Attr = R ]
Windows -> %SystemRoot% -> [Folder | Modified Date = 24/01/2008 17:53:08 | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 02/01/2008 13:01:45 | Attr = ]
Msft_User_WpdFs_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 02/01/2008 13:01:45 | Attr = H ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 28/12/2007 19:42:45 | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3472 bytes | Modified Date = 24/01/2008 17:39:14 | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3472 bytes | Modified Date = 24/01/2008 17:39:14 | Attr = H ]
awrdscdc.ax -> %System32%\awrdscdc.ax -> Audible, Inc. [Ver = 5, 0, 0, 5 | Size = 417792 bytes | Modified Date = 28/12/2007 19:32:52 | Attr = ]
catroot -> %System32%\catroot -> [Folder | Modified Date = 22/01/2008 00:09:47 | Attr = ]
catroot2 -> %System32%\catroot2 -> [Folder | Modified Date = 21/01/2008 21:15:29 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 22/01/2008 03:46:14 | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 11637 bytes | Modified Date = 24/01/2008 17:44:59 | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 21/01/2008 23:40:17 | Attr = ]
GameUXLegacyGDFs.dll -> %System32%\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 21/01/2008 21:15:35 | Attr = ]
migration -> %System32%\migration -> [Folder | Modified Date = 21/01/2008 23:40:20 | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 208 bytes | Modified Date = 21/01/2008 21:50:42 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 108526 bytes | Modified Date = 10/01/2008 21:55:48 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 623342 bytes | Modified Date = 10/01/2008 21:55:48 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 716948 bytes | Modified Date = 10/01/2008 21:55:48 | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Modified Date = 10/01/2008 15:27:44 | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Modified Date = 10/01/2008 15:27:46 | Attr = ]
spool -> %System32%\spool -> [Folder | Modified Date = 22/01/2008 03:46:04 | Attr = ]
Tasks -> %System32%\Tasks -> [Folder | Modified Date = 20/01/2008 16:01:03 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 22/01/2008 03:45:56 | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 21/01/2008 23:39:14 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 24/01/2008 17:39:07 | Attr = S]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 26/12/2007 13:20:55 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 24/01/2008 17:55:31 | Attr = S]
egodktf.dll -> %SystemRoot%\egodktf.dll -> [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Modified Date = 20/01/2008 00:40:20 | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 24/01/2008 17:53:08 | Attr = ]
fknxwqf.exe -> %SystemRoot%\fknxwqf.exe -> [Ver = | Size = 81920 bytes | Modified Date = 20/01/2008 00:40:22 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 22/01/2008 03:46:04 | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 20/01/2008 00:07:29 | Attr = HS]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 155192386 bytes | Modified Date = 06/01/2008 01:56:29 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 06/01/2008 01:56:29 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 29/12/2007 16:07:53 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 20/01/2008 00:07:31 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 20/01/2008 00:07:31 | Attr = H ]
registration -> %SystemRoot%\registration -> [Folder | Modified Date = 22/01/2008 03:45:56 | Attr = ]
rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 21/01/2008 21:14:45 | Attr = ]
System32 -> %System32% -> [Folder | Modified Date = 21/01/2008 23:40:12 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 22/01/2008 03:46:04 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 24/01/2008 18:33:31 | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 22/01/2008 00:09:34 | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 336 bytes | Modified Date = 19/01/2008 13:38:28 | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 328 bytes | Modified Date = 19/01/2008 13:38:28 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 24/01/2008 17:39:11 | Attr = H ]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\]
"CacheSizeInMB"=dword:00000000
"CacheStatus"=dword:00000002
"USBVersion"=dword:00020000
"ReadSpeedKBs"=dword:000003b9
"WriteSpeedKBs"=dword:00000000
"PhysicalDeviceSizeMB"=dword:00074709
"RecommendedCacheSizeMB"=dword:00000000
"HasSlowRegions"=dword:00000000
"DoRetestDevice"=dword:00000000
"DeviceStatus"=dword:00000004
"LastTestedTime"=hex(b):b4,48,b9,0e,96,48,c8,01
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\ProgramData\CyberLink\CLDShowX.ini:Update.CL 2560 bytes
scan completed successfully
hidden files: 1

< End of report >
[/codebox]

ActorSeeksJob · 24-01-2008 07:06PM

Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YN -> (0117971201196858mcinstcleanup) McAfee Application Installer Cleanup (0117971201196858) [Win32_Own | Auto | Stopped] -> %SystemRoot%\TEMP\011797~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> iTunesHelper -> F:\Program Files\iTunes\iTunesHelper.exe
YN -> SigmatelSysTrayApp -> C-Major Audio\WDM\sttray.exe
YN -> Windows Defender -> MSASCui.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> dmaqg.tmp -> %System32%\dmaqg.tmp
YN -> dmaqo.tmp -> %System32%\dmaqo.tmp
YN -> dmati.tmp -> %System32%\dmati.tmp
YN -> dmazu.tmp -> %System32%\dmazu.tmp
YN -> dmbhc.tmp -> %System32%\dmbhc.tmp
YN -> dmbhz.tmp -> %System32%\dmbhz.tmp
YN -> dmbkj.tmp -> %System32%\dmbkj.tmp
YN -> dmcmk.tmp -> %System32%\dmcmk.tmp
YN -> dmddh.tmp -> %System32%\dmddh.tmp
YN -> dmdsh.tmp -> %System32%\dmdsh.tmp
YN -> dmdxp.tmp -> %System32%\dmdxp.tmp
YN -> dmeih.tmp -> %System32%\dmeih.tmp
YN -> dmeik.tmp -> %System32%\dmeik.tmp
YN -> dmejn.tmp -> %System32%\dmejn.tmp
YN -> dmfpn.tmp -> %System32%\dmfpn.tmp
YN -> dmgms.tmp -> %System32%\dmgms.tmp
YN -> dmgqs.tmp -> %System32%\dmgqs.tmp
YN -> dmhnz.tmp -> %System32%\dmhnz.tmp
YN -> dmiae.tmp -> %System32%\dmiae.tmp
YN -> dmidv.tmp -> %System32%\dmidv.tmp
YN -> dmjvq.tmp -> %System32%\dmjvq.tmp
YN -> dmjzx.tmp -> %System32%\dmjzx.tmp
YN -> dmkjl.tmp -> %System32%\dmkjl.tmp
YN -> dmkot.tmp -> %System32%\dmkot.tmp
YN -> dmltm.tmp -> %System32%\dmltm.tmp
YN -> dmmzz.tmp -> %System32%\dmmzz.tmp
YN -> dmntc.tmp -> %System32%\dmntc.tmp
YN -> dmorn.tmp -> %System32%\dmorn.tmp
YN -> dmoys.tmp -> %System32%\dmoys.tmp
YN -> dmpyo.tmp -> %System32%\dmpyo.tmp
YN -> dmqjo.tmp -> %System32%\dmqjo.tmp
YN -> dmqtf.tmp -> %System32%\dmqtf.tmp
YN -> dmqto.tmp -> %System32%\dmqto.tmp
YN -> dmqvo.tmp -> %System32%\dmqvo.tmp
YN -> dmqxb.tmp -> %System32%\dmqxb.tmp
YN -> dmrfs.tmp -> %System32%\dmrfs.tmp
YN -> dmrnr.tmp -> %System32%\dmrnr.tmp
YN -> dmrur.tmp -> %System32%\dmrur.tmp
YN -> dmslw.tmp -> %System32%\dmslw.tmp
YN -> dmstj.tmp -> %System32%\dmstj.tmp
YN -> dmsup.tmp -> %System32%\dmsup.tmp
YN -> dmsxr.tmp -> %System32%\dmsxr.tmp
YN -> dmtmn.tmp -> %System32%\dmtmn.tmp
YN -> dmtym.tmp -> %System32%\dmtym.tmp
YN -> dmuix.tmp -> %System32%\dmuix.tmp
YN -> dmuxi.tmp -> %System32%\dmuxi.tmp
YN -> dmvuu.tmp -> %System32%\dmvuu.tmp
YN -> dmwei.tmp -> %System32%\dmwei.tmp
YN -> dmwuc.tmp -> %System32%\dmwuc.tmp
YN -> dmydq.tmp -> %System32%\dmydq.tmp
YN -> dmypu.tmp -> %System32%\dmypu.tmp
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> {82EA267C-402D-4DB6-A2B8-EBF03D385CC1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\egodktf.dll [The egodktf]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuStatusBar [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
YY -> egodktf.dll -> %SystemRoot%\egodktf.dll
YY -> fknxwqf.exe -> %SystemRoot%\fknxwqf.exe
[Files/Folders - Modified Within 30 days]
YY -> egodktf.dll -> %SystemRoot%\egodktf.dll
YY -> fknxwqf.exe -> %SystemRoot%\fknxwqf.exe
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Also post a new DSS log

robryan · 24-01-2008 07:40PM

Hi,
I copied the quoted text into WinPFind35u.exe and when it started the fixed but when it got to the stage to empty temp folders I got this error " List index out of bounds ( 121 ) ". Did I need to check specific options before I ran the scan.

RB

ActorSeeksJob · 24-01-2008 07:58PM

No you don't need to check anything

Try this fix instead, it looks the same but isn't

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YN -> (0117971201196858mcinstcleanup) McAfee Application Installer Cleanup (0117971201196858) [Win32_Own | Auto | Stopped] -> %SystemRoot%\TEMP\011797~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> iTunesHelper -> F:\Program Files\iTunes\iTunesHelper.exe
YN -> SigmatelSysTrayApp -> C-Major Audio\WDM\sttray.exe
YN -> Windows Defender -> MSASCui.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> dmaqg.tmp -> %System32%\dmaqg.tmp
YN -> dmaqo.tmp -> %System32%\dmaqo.tmp
YN -> dmati.tmp -> %System32%\dmati.tmp
YN -> dmazu.tmp -> %System32%\dmazu.tmp
YN -> dmbhc.tmp -> %System32%\dmbhc.tmp
YN -> dmbhz.tmp -> %System32%\dmbhz.tmp
YN -> dmbkj.tmp -> %System32%\dmbkj.tmp
YN -> dmcmk.tmp -> %System32%\dmcmk.tmp
YN -> dmddh.tmp -> %System32%\dmddh.tmp
YN -> dmdsh.tmp -> %System32%\dmdsh.tmp
YN -> dmdxp.tmp -> %System32%\dmdxp.tmp
YN -> dmeih.tmp -> %System32%\dmeih.tmp
YN -> dmeik.tmp -> %System32%\dmeik.tmp
YN -> dmejn.tmp -> %System32%\dmejn.tmp
YN -> dmfpn.tmp -> %System32%\dmfpn.tmp
YN -> dmgms.tmp -> %System32%\dmgms.tmp
YN -> dmgqs.tmp -> %System32%\dmgqs.tmp
YN -> dmhnz.tmp -> %System32%\dmhnz.tmp
YN -> dmiae.tmp -> %System32%\dmiae.tmp
YN -> dmidv.tmp -> %System32%\dmidv.tmp
YN -> dmjvq.tmp -> %System32%\dmjvq.tmp
YN -> dmjzx.tmp -> %System32%\dmjzx.tmp
YN -> dmkjl.tmp -> %System32%\dmkjl.tmp
YN -> dmkot.tmp -> %System32%\dmkot.tmp
YN -> dmltm.tmp -> %System32%\dmltm.tmp
YN -> dmmzz.tmp -> %System32%\dmmzz.tmp
YN -> dmntc.tmp -> %System32%\dmntc.tmp
YN -> dmorn.tmp -> %System32%\dmorn.tmp
YN -> dmoys.tmp -> %System32%\dmoys.tmp
YN -> dmpyo.tmp -> %System32%\dmpyo.tmp
YN -> dmqjo.tmp -> %System32%\dmqjo.tmp
YN -> dmqtf.tmp -> %System32%\dmqtf.tmp
YN -> dmqto.tmp -> %System32%\dmqto.tmp
YN -> dmqvo.tmp -> %System32%\dmqvo.tmp
YN -> dmqxb.tmp -> %System32%\dmqxb.tmp
YN -> dmrfs.tmp -> %System32%\dmrfs.tmp
YN -> dmrnr.tmp -> %System32%\dmrnr.tmp
YN -> dmrur.tmp -> %System32%\dmrur.tmp
YN -> dmslw.tmp -> %System32%\dmslw.tmp
YN -> dmstj.tmp -> %System32%\dmstj.tmp
YN -> dmsup.tmp -> %System32%\dmsup.tmp
YN -> dmsxr.tmp -> %System32%\dmsxr.tmp
YN -> dmtmn.tmp -> %System32%\dmtmn.tmp
YN -> dmtym.tmp -> %System32%\dmtym.tmp
YN -> dmuix.tmp -> %System32%\dmuix.tmp
YN -> dmuxi.tmp -> %System32%\dmuxi.tmp
YN -> dmvuu.tmp -> %System32%\dmvuu.tmp
YN -> dmwei.tmp -> %System32%\dmwei.tmp
YN -> dmwuc.tmp -> %System32%\dmwuc.tmp
YN -> dmydq.tmp -> %System32%\dmydq.tmp
YN -> dmypu.tmp -> %System32%\dmypu.tmp
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> {82EA267C-402D-4DB6-A2B8-EBF03D385CC1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\egodktf.dll [The egodktf]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuStatusBar [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
YY -> egodktf.dll -> %SystemRoot%\egodktf.dll
YY -> fknxwqf.exe -> %SystemRoot%\fknxwqf.exe
[Files/Folders - Modified Within 30 days]
YY -> egodktf.dll -> %SystemRoot%\egodktf.dll
YY -> fknxwqf.exe -> %SystemRoot%\fknxwqf.exe
[Start Explorer]
[Reboot]

Then post a new DSS log

robryan · 24-01-2008 08:16PM

No error this time here is the main.txt file I got when I ran DSS.exe, also I never got a file after I ran WinPFind35u.exe I got a reboot machine dlg

DSS:

Deckard's System Scanner v20071014.68
Run by bob on 2008-01-24 20:11:35
Computer is in Normal Mode.

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 894 MiB (1024 MiB recommended).

-- HijackThis Clone

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-24 20:12:05
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Windows\System32\conime.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\bob\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/webhp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [dmhvf.exe] C:\Windows\system32\dmhvf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dmqsa.tmp] C:\Windows\system32\dmqsa.tmp
O4 - HKCU\..\Run: [dmbze.tmp] C:\Windows\system32\dmbze.tmp
O4 - HKCU\..\Run: [dmxhl.tmp] C:\Windows\system32\dmxhl.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Boylepoker.com Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Microgaming\Poker\boylesportspokercomMPP\MPPoker.exe
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{6D502F37-04A6-4155-84E3-57B37CA6FB6D}: NameServer = 85.255.115.6,85.255.112.81
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.81
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.81
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0117971201196858) (0117971201196858mcinstcleanup) - Unknown owner - C:\Windows\TEMP\011797~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\AEstSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: ATI WebPAM (ATIWebPAM) - Unknown owner - C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe

--
End of file - 11218 bytes

-- Files created between 2007-12-24 and 2008-01-24

2008-01-22 17:40:45 0 d

C:\Program Files\SiteAdvisor
2008-01-20 00:47:02 0 d

C:\Program Files\Trend Micro
2008-01-20 00:06:39 0 d

C:\Program Files\iPod
2008-01-20 00:02:22 0 d

C:\Program Files\QuickTime
2008-01-18 22:07:17 143360 --a

C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-01-18 22:03:31 0 d

C:\Program Files\McAfee.com
2008-01-18 22:03:20 0 d

C:\Program Files\Common Files\McAfee
2008-01-18 22:03:10 0 d

C:\Program Files\McAfee
2008-01-16 23:37:42 0 d

C:\photos
2008-01-04 00:49:06 0 d

C:\Program Files\Apple Software Update
2008-01-04 00:47:26 0 d

C:\Program Files\Common Files\Apple
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Templates
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Start Menu
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\SendTo
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Recent
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\PrintHood
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\NetHood
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\My Documents
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Local Settings
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Cookies
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Application Data
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Videos
2007-12-29 14:52:03 0 d

C:\Users\Grainne\Saved Games
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Pictures
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Music
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Links
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Favorites
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Downloads
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Documents
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Desktop
2007-12-29 14:52:03 0 d--h

C:\Users\Grainne\AppData
2007-12-29 14:52:02 1572864 --ahs---- C:\Users\Grainne\ntuser.dat
2007-12-28 19:33:23 53248

n--- C:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2007-12-28 19:32:17 0 d

C:\Program Files\Audible
2007-12-28 19:23:09 0 d--h

C:\Program Files\Creative Installation Information
2007-12-28 19:23:05 0 d

C:\Program Files\Creative
2007-12-28 18:35:49 107520 --a

C:\Windows\system32\UnCasino5.exe <Not Verified; ; UnCasino Application>
2007-12-28 18:33:32 93184 --a

C:\Windows\system32\UnPoker.exe <Not Verified; ; UnCasino Application>
2007-12-28 04:39:00 0 d

C:\Program Files\DNA
2007-12-28 04:25:50 0 d

C:\Program Files\Common Files\PX Storage Engine
2007-12-28 04:16:31 0 d

C:\FireFox Downloads
2007-12-27 14:34:27 545 --a

C:\Windows\UC.PIF
2007-12-27 14:34:27 545 --a

C:\Windows\RAR.PIF
2007-12-27 14:34:27 545 --a

C:\Windows\PKZIP.PIF
2007-12-27 14:34:26 545 --a

C:\Windows\PKUNZIP.PIF
2007-12-27 14:34:26 545 --a

C:\Windows\NOCLOSE.PIF
2007-12-27 14:34:26 545 --a

C:\Windows\LHA.PIF
2007-12-27 14:34:26 545 --a

C:\Windows\ARJ.PIF
2007-12-27 14:34:26 0 d

C:\totalcmd
2007-12-27 14:22:58 0 d

C:\Program Files\VideoLAN
2007-12-26 13:49:06 0 d

C:\External Hard Drive
2007-12-26 13:22:14 0 d

C:\Program Files\Seagate

-- Find3M Report

2008-01-22 17:40:45 0 d

C:\Users\bob\AppData\Roaming\SiteAdvisor
2008-01-21 23:40:27 0 d

C:\Program Files\Windows Mail
2008-01-21 21:14:37 0 d

C:\Program Files\Windows Sidebar
2008-01-20 22:36:42 0 d

C:\Users\bob\AppData\Roaming\dvdcss
2008-01-20 18:12:15 120 --a

C:\Users\bob\AppData\Roaming\wklnhst.dat
2008-01-20 17:50:57 0 d

C:\Users\bob\AppData\Roaming\Template
2008-01-18 22:03:20 0 d

C:\Program Files\Common Files
2008-01-12 12:45:55 0 d

C:\Users\bob\AppData\Roaming\Creative
2008-01-08 22:19:25 6413 --a

C:\Users\bob\AppData\Roaming\UserTile.png
2008-01-08 22:19:25 0 d

C:\Users\bob\AppData\Roaming\PeerNetworking
2008-01-05 19:28:10 0 d

C:\Users\bob\AppData\Roaming\Microgaming
2008-01-04 00:53:56 0 d

C:\Users\bob\AppData\Roaming\Apple Computer
2008-01-03 14:10:02 0 d--h

C:\Program Files\InstallShield Installation Information
2007-12-28 23:45:13 0 d

C:\Users\bob\AppData\Roaming\BitTorrent
2007-12-28 16:17:29 0 d

C:\Users\bob\AppData\Roaming\Roxio
2007-12-28 16:17:19 0 d

C:\Users\bob\AppData\Roaming\DivX
2007-12-27 14:36:51 0 d

C:\Users\bob\AppData\Roaming\GHISLER
2007-12-27 14:25:10 0 d

C:\Users\bob\AppData\Roaming\vlc
2007-12-16 23:59:58 0 d

C:\Users\bob\AppData\Roaming\Adobe
2007-12-16 22:52:44 0 --a

C:\Windows\nsreg.dat
2007-12-16 22:52:31 0 d

C:\Users\bob\AppData\Roaming\Mozilla
2007-12-16 13:51:27 0 d

C:\Users\bob\AppData\Roaming\Real
2007-12-16 13:49:46 0 d

C:\Program Files\Common Files\xing shared
2007-12-16 13:49:27 0 d

C:\Program Files\Common Files\Real
2007-12-16 13:48:59 0 d

C:\Program Files\Real
2007-12-15 14:17:31 0 d

C:\Users\bob\AppData\Roaming\McAfee
2007-12-09 17:59:11 0 d

C:\Users\bob\AppData\Roaming\acccore
2007-12-09 17:54:02 0 d

C:\Program Files\AIM6
2007-12-09 17:53:26 0 d

C:\Program Files\Viewpoint
2007-12-09 17:49:52 0 d

C:\Program Files\Common Files\AOL
2007-12-08 03:10:09 67647 --a

C:\Windows\system32\dmtjl.exe
2007-12-08 03:10:09 67647 --a

C:\Windows\system32\dmhvf.exe
2007-12-08 03:02:56 0 d

C:\Program Files\MSXML 4.0
2007-12-08 00:24:42 0 d

C:\Users\bob\AppData\Roaming\Google
2007-12-08 00:23:52 0 d

C:\Program Files\Google
2007-12-06 21:26:12 0 d

C:\Users\bob\AppData\Roaming\Macromedia
2007-12-06 20:48:24 0 d

C:\Program Files\Netopia
2007-12-04 01:33:18 802816 --a

C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-04 01:33:18 823296 --a

C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-04 01:33:18 823296 --a

C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-04 01:33:16 682496 --a

C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-11-30 23:11:38 0 d

C:\Users\bob\AppData\Roaming\CyberLink
2007-11-30 23:08:55 0 d

C:\Program Files\Roxio
2007-11-30 19:26:28 0 d

C:\Users\bob\AppData\Roaming\ATI
2007-11-30 19:24:36 0 d

C:\Users\bob\AppData\Roaming\Identities
2007-11-29 22:30:28 3596288 --a

C:\Windows\system32\qt-dx331.dll
2007-11-29 22:28:24 196608 --a

C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-11-29 22:28:24 81920 --a

C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-29 07:02:39 0 d

C:\Program Files\DellTPad
2007-11-29 06:55:59 0 d

C:\Program Files\Windows Calendar
2007-11-29 06:52:46 0 d

C:\Program Files\Windows Defender
2007-11-28 23:48:35 0 d

C:\Program Files\Dell
2007-11-28 23:48:02 0 d

C:\Program Files\Microsoft Works
2007-11-28 23:46:50 0 d

C:\Program Files\Dell Support Center
2007-11-28 23:46:39 0 d

C:\Program Files\Common Files\supportsoft
2007-11-28 23:41:28 0 d

C:\Program Files\Common Files\Adobe
2007-11-28 23:40:18 0 d

C:\Program Files\CyberLink
2007-11-28 23:37:46 0 d

C:\Program Files\Common Files\Sonic Shared
2007-11-28 23:35:49 0 d

C:\Program Files\Common Files\InstallShield
2007-11-28 23:34:58 0 d

C:\Program Files\Common Files\SureThing Shared
2007-11-28 23:34:33 0 d

C:\Program Files\Common Files\Roxio Shared
2007-11-28 23:33:12 0 d

C:\Program Files\AMD
2007-11-28 23:32:56 0 d

C:\Program Files\Broadcom
2007-11-28 23:29:45 0 d

C:\Program Files\ATI
2007-11-28 23:26:45 0 d

C:\Program Files\ATI Technologies
2007-11-28 23:24:07 0 d

C:\Program Files\Digital Line Detect
2007-11-28 23:23:36 0 d

C:\Program Files\NetWaiting
2007-11-28 23:23:00 0 d

C:\Program Files\Modem Diagnostic Tool
2007-11-28 23:22:30 0 d

C:\Program Files\Java
2007-11-28 23:22:29 0 d

C:\Program Files\Common Files\Java
2007-11-28 23:11:27 174 --ahs---- C:\Program Files\desktop.ini
2007-11-28 23:09:21 0 d

C:\Program Files\CONEXANT
2007-11-28 23:09:01 0 d

C:\Program Files\Sigmatel
2007-11-28 21:52:32 12288 --a

C:\Windows\system32\DivXWMPExtType.dll

-- Registry Dump

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19/09/2007 06:15 329032 --a

c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 06:03]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [24/09/2007 09:27]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [28/11/2007 23:22]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37]
"@=" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [16/04/2007 16:10]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [28/11/2007 23:42]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [09/10/2007 18:57]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [02/11/2006 12:35]
"dmhvf.exe"="C:\Windows\system32\dmhvf.exe" [08/12/2007 03:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [16/12/2007 13:48]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [09/10/2007 16:21]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 15:27]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [24/08/2007 21:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [09/10/2007 18:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/10/2007 15:20]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]
"dmqsa.tmp"="C:\Windows\system32\dmqsa.tmp" []
"dmbze.tmp"="C:\Windows\system32\dmbze.tmp" []
"dmxhl.tmp"="C:\Windows\system32\dmxhl.tmp" []

C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WkCalRem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [05/06/2006 09:18:54]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [28/11/2007 23:24:07]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [28/11/2007 23:32:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-01-24 20:13:14

ActorSeeksJob · 24-01-2008 09:03PM

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\Run: [dmhvf.exe] C:\Windows\system32\dmhvf.exe
O4 - HKCU\..\Run: [dmqsa.tmp] C:\Windows\system32\dmqsa.tmp
O4 - HKCU\..\Run: [dmbze.tmp] C:\Windows\system32\dmbze.tmp
O4 - HKCU\..\Run: [dmxhl.tmp] C:\Windows\system32\dmxhl.tmp

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
C:\Windows\system32\dmhvf.exe
C:\Windows\system32\dmqsa.tmp
C:\Windows\system32\dmbze.tmp
C:\Windows\system32\dmxhl.tmp
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
purity
```
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please download FixWareout from here:
http://downloads.subratam.org/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log

If you have internet connection problems then do the following :

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Reboot and post a new DSS log

robryan · 24-01-2008 09:22PM

Hi,
I have ran Hijack this and choose the 4 options you asked me to check this seemed to work fine, Now when I downloaded OTMoveIt2 I only have 3 panels available on this dlg and they are

Blue Pane : Paste Standard List of Files/Folders to move
Yellow Pane : Paste Custom List of Files/Folders to Move
Green Pane : Results

There is also a Restore button and a checkbox to zip files after move.

Is this the right version does not seem to be an option to fix anything on this.

Sorry about this not very technical

Your help is much appreciated

ActorSeeksJob · 24-01-2008 10:04PM

Hello

Put these under the blue panel

C:\Windows\system32\dmhvf.exe
C:\Windows\system32\dmqsa.tmp
C:\Windows\system32\dmbze.tmp
C:\Windows\system32\dmxhl.tmp

Put this under the yellow panel

purity

The green panel will give you the results after you press MoveIt

Then go ahead with the rest of the steps

robryan · 24-01-2008 10:08PM

Cheers i'll try that now by click the move it button is that the Restore button just want to confirm before I click the restore button and this restores the files we have removed and undoning your good work

Cheers!!

ActorSeeksJob · 25-01-2008 12:43AM

No don't click the Restore button

You want to click the "MoveIt" button once you put the things in the boxes.

Let me know if you have any trouble

robryan · 25-01-2008 08:30AM

Hi,
On the OTMoveIt2 I do not have the option of a "Move it" button when I open the application there is the 3 panels ( blue, yellow and green ) a "Restore" button and a checkbox to zip the files. Maybe I have missed a step in getting this button to appear. I just opened the OTMoveIt2 from the shortcut on the desktop and this is all that was available on the dialog.

Thanks for all your help so far, I'd be lost without your expertise on this.

RB.:)

ActorSeeksJob · 25-01-2008 12:36PM

I just downloaded it myself and it is there

Can you see at the top left there are the following buttons, MoveIt!(in red), Cleanup!, Restore

robryan · 25-01-2008 07:11PM

Hi,
I have re-downloaded OTMoveIt2 and I cannot see the buttons you mentioned. There is only 1 button on mine and thats Restore. In the 10th Post you sent I clicked on the Red link " OTMoveIt2 by OldTimer. " saved the file to the desktop and ran the app from there. Is that correct?

Thanks
RB

ActorSeeksJob · 25-01-2008 08:34PM

Yes that should be correct. This is weird

Could you take a screenshot of the program when you have ran the .exe file and try centre in on the Restore button and around there.

I may need to mention this to the developer of the tool.

robryan · 25-01-2008 08:54PM

screen shot of app when I ran the .exe

ActorSeeksJob · 25-01-2008 09:01PM

Sorry about the confusion

Can you try move the top of the boxes for "Paste Standard List" and "Paste Custom List" down a bit, I think the MoveIt! button is underneath.

Do you use larger fonts/colours on your PC to make it easier to see ?

Let me know how that goes, will do a different method if it fails.

robryan · 25-01-2008 09:26PM

I could see the move it buttons when I changed the resolution settings, but when I downloaded the Fixwareout.exe and ran it the dos prompt said it was for an unsupported version, I am using Windows Vista Home Premium.

I ran the program once rebooted and these are the results of the 2nd time the program was ran.

Here is the ITMoveit :

File move failed. C:\Windows\system32\dmhvf.exe scheduled to be moved on reboot.
File/Folder C:\Windows\system32\dmqsa.tmp not found.
File/Folder C:\Windows\system32\dmbze.tmp not found.
File/Folder C:\Windows\system32\dmxhl.tmp not found.
[Custom Input]
< purity >

OTMoveIt2 v1.0.14 log created on 01252008_211544

ActorSeeksJob · 25-01-2008 09:56PM

Can you post a new DSS log there

robryan · 25-01-2008 10:00PM

Deckard's System Scanner v20071014.68
Run by bob on 2008-01-25 21:59:38
Computer is in Normal Mode.

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 894 MiB (1024 MiB recommended).

-- HijackThis (run as bob.exe)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:52, on 25/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\taskeng.exe
C:\Users\bob\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\bob.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/webhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmuix.tmp] C:\Windows\system32\dmuix.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmbkj.tmp] C:\Windows\system32\dmbkj.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmgms.tmp] C:\Windows\system32\dmgms.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmbhc.tmp] C:\Windows\system32\dmbhc.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmqtf.tmp] C:\Windows\system32\dmqtf.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmeik.tmp] C:\Windows\system32\dmeik.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmati.tmp] C:\Windows\system32\dmati.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmorn.tmp] C:\Windows\system32\dmorn.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmoys.tmp] C:\Windows\system32\dmoys.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmqto.tmp] C:\Windows\system32\dmqto.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmydq.tmp] C:\Windows\system32\dmydq.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmrnr.tmp] C:\Windows\system32\dmrnr.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmddh.tmp] C:\Windows\system32\dmddh.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmgqs.tmp] C:\Windows\system32\dmgqs.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmntc.tmp] C:\Windows\system32\dmntc.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmsxr.tmp] C:\Windows\system32\dmsxr.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmcmk.tmp] C:\Windows\system32\dmcmk.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmiae.tmp] C:\Windows\system32\dmiae.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [BitTorrent DNA] "C:\Users\bob\Program Files\DNA\btdna.exe" (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmsup.tmp] C:\Windows\system32\dmsup.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmjvq.tmp] C:\Windows\system32\dmjvq.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmhnz.tmp] C:\Windows\system32\dmhnz.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmdxp.tmp] C:\Windows\system32\dmdxp.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmslw.tmp] C:\Windows\system32\dmslw.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmjzx.tmp] C:\Windows\system32\dmjzx.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmtmn.tmp] C:\Windows\system32\dmtmn.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmuxi.tmp] C:\Windows\system32\dmuxi.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmpyo.tmp] C:\Windows\system32\dmpyo.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\RunOnce: [InetReg] "C:\Program Files\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /PortableDevice /Delay=6 (User '?')
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Boylepoker.com Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Microgaming\Poker\boylesportspokercomMPP\MPPoker.exe
O9 - Extra button: (no name) - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D502F37-04A6-4155-84E3-57B37CA6FB6D}: NameServer = 85.255.115.6,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.81
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI WebPAM (ATIWebPAM) - Unknown owner - C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15588 bytes

-- Files created between 2007-12-25 and 2008-01-25

2008-01-22 17:40:45 0 d

C:\Program Files\SiteAdvisor
2008-01-20 00:47:02 0 d

C:\Program Files\Trend Micro
2008-01-20 00:06:39 0 d

C:\Program Files\iPod
2008-01-20 00:02:22 0 d

C:\Program Files\QuickTime
2008-01-18 22:07:17 143360 --a

C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-01-18 22:03:31 0 d

C:\Program Files\McAfee.com
2008-01-18 22:03:20 0 d

C:\Program Files\Common Files\McAfee
2008-01-18 22:03:10 0 d

C:\Program Files\McAfee
2008-01-16 23:37:42 0 d

C:\photos
2008-01-04 00:49:06 0 d

C:\Program Files\Apple Software Update
2008-01-04 00:47:26 0 d

C:\Program Files\Common Files\Apple
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Templates
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Start Menu
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\SendTo
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Recent
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\PrintHood
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\NetHood
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\My Documents
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Local Settings
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Cookies
2007-12-29 14:52:06 0 d--hs---- C:\Users\Grainne\Application Data
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Videos
2007-12-29 14:52:03 0 d

C:\Users\Grainne\Saved Games
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Pictures
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Music
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Links
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Favorites
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Downloads
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Documents
2007-12-29 14:52:03 0 dr

C:\Users\Grainne\Desktop
2007-12-29 14:52:03 0 d--h

C:\Users\Grainne\AppData
2007-12-29 14:52:02 1572864 --ahs---- C:\Users\Grainne\ntuser.dat
2007-12-28 19:33:23 53248

n--- C:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2007-12-28 19:32:17 0 d

C:\Program Files\Audible
2007-12-28 19:23:09 0 d--h

C:\Program Files\Creative Installation Information
2007-12-28 19:23:05 0 d

C:\Program Files\Creative
2007-12-28 18:35:49 107520 --a

C:\Windows\system32\UnCasino5.exe <Not Verified; ; UnCasino Application>
2007-12-28 18:33:32 93184 --a

C:\Windows\system32\UnPoker.exe <Not Verified; ; UnCasino Application>
2007-12-28 04:39:00 0 d

C:\Program Files\DNA
2007-12-28 04:25:50 0 d

C:\Program Files\Common Files\PX Storage Engine
2007-12-28 04:16:31 0 d

C:\FireFox Downloads
2007-12-27 14:34:27 545 --a

C:\Windows\UC.PIF
2007-12-27 14:34:27 545 --a

C:\Windows\RAR.PIF
2007-12-27 14:34:27 545 --a

C:\Windows\PKZIP.PIF
2007-12-27 14:34:26 545 --a

C:\Windows\PKUNZIP.PIF
2007-12-27 14:34:26 545 --a

C:\Windows\NOCLOSE.PIF
2007-12-27 14:34:26 545 --a

C:\Windows\LHA.PIF
2007-12-27 14:34:26 545 --a

C:\Windows\ARJ.PIF
2007-12-27 14:34:26 0 d

C:\totalcmd
2007-12-27 14:22:58 0 d

C:\Program Files\VideoLAN
2007-12-26 13:49:06 0 d

C:\External Hard Drive
2007-12-26 13:22:14 0 d

C:\Program Files\Seagate

-- Find3M Report

2008-01-22 17:40:45 0 d

C:\Users\bob\AppData\Roaming\SiteAdvisor
2008-01-21 23:40:27 0 d

C:\Program Files\Windows Mail
2008-01-21 21:14:37 0 d

C:\Program Files\Windows Sidebar
2008-01-20 22:36:42 0 d

C:\Users\bob\AppData\Roaming\dvdcss
2008-01-20 18:12:15 120 --a

C:\Users\bob\AppData\Roaming\wklnhst.dat
2008-01-20 17:50:57 0 d

C:\Users\bob\AppData\Roaming\Template
2008-01-18 22:03:20 0 d

C:\Program Files\Common Files
2008-01-12 12:45:55 0 d

C:\Users\bob\AppData\Roaming\Creative
2008-01-08 22:19:25 6413 --a

C:\Users\bob\AppData\Roaming\UserTile.png
2008-01-08 22:19:25 0 d

C:\Users\bob\AppData\Roaming\PeerNetworking
2008-01-05 19:28:10 0 d

C:\Users\bob\AppData\Roaming\Microgaming
2008-01-04 00:53:56 0 d

C:\Users\bob\AppData\Roaming\Apple Computer
2008-01-03 14:10:02 0 d--h

C:\Program Files\InstallShield Installation Information
2007-12-28 23:45:13 0 d

C:\Users\bob\AppData\Roaming\BitTorrent
2007-12-28 16:17:29 0 d

C:\Users\bob\AppData\Roaming\Roxio
2007-12-28 16:17:19 0 d

C:\Users\bob\AppData\Roaming\DivX
2007-12-27 14:36:51 0 d

C:\Users\bob\AppData\Roaming\GHISLER
2007-12-27 14:25:10 0 d

C:\Users\bob\AppData\Roaming\vlc
2007-12-16 23:59:58 0 d

C:\Users\bob\AppData\Roaming\Adobe
2007-12-16 22:52:44 0 --a

C:\Windows\nsreg.dat
2007-12-16 22:52:31 0 d

C:\Users\bob\AppData\Roaming\Mozilla
2007-12-16 13:51:27 0 d

C:\Users\bob\AppData\Roaming\Real
2007-12-16 13:49:46 0 d

C:\Program Files\Common Files\xing shared
2007-12-16 13:49:27 0 d

C:\Program Files\Common Files\Real
2007-12-16 13:48:59 0 d

C:\Program Files\Real
2007-12-15 14:17:31 0 d

C:\Users\bob\AppData\Roaming\McAfee
2007-12-09 17:59:11 0 d

C:\Users\bob\AppData\Roaming\acccore
2007-12-09 17:54:02 0 d

C:\Program Files\AIM6
2007-12-09 17:53:26 0 d

C:\Program Files\Viewpoint
2007-12-09 17:49:52 0 d

C:\Program Files\Common Files\AOL
2007-12-08 03:10:09 67647 --a

C:\Windows\system32\dmtjl.exe
2007-12-08 03:10:09 67647 --a

C:\Windows\system32\dmhvf.exe
2007-12-08 03:02:56 0 d

C:\Program Files\MSXML 4.0
2007-12-08 00:24:42 0 d

C:\Users\bob\AppData\Roaming\Google
2007-12-08 00:23:52 0 d

C:\Program Files\Google
2007-12-06 21:26:12 0 d

C:\Users\bob\AppData\Roaming\Macromedia
2007-12-06 20:48:24 0 d

C:\Program Files\Netopia
2007-12-04 01:33:18 802816 --a

C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-04 01:33:18 823296 --a

C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-04 01:33:18 823296 --a

C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-04 01:33:16 682496 --a

C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-11-30 23:11:38 0 d

C:\Users\bob\AppData\Roaming\CyberLink
2007-11-30 23:08:55 0 d

C:\Program Files\Roxio
2007-11-30 19:26:28 0 d

C:\Users\bob\AppData\Roaming\ATI
2007-11-30 19:24:36 0 d

C:\Users\bob\AppData\Roaming\Identities
2007-11-29 22:30:28 3596288 --a

C:\Windows\system32\qt-dx331.dll
2007-11-29 22:28:24 196608 --a

C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-11-29 22:28:24 81920 --a

C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-29 07:02:39 0 d

C:\Program Files\DellTPad
2007-11-29 06:55:59 0 d

C:\Program Files\Windows Calendar
2007-11-29 06:52:46 0 d

C:\Program Files\Windows Defender
2007-11-28 23:48:35 0 d

C:\Program Files\Dell
2007-11-28 23:48:02 0 d

C:\Program Files\Microsoft Works
2007-11-28 23:46:50 0 d

C:\Program Files\Dell Support Center
2007-11-28 23:46:39 0 d

C:\Program Files\Common Files\supportsoft
2007-11-28 23:41:28 0 d

C:\Program Files\Common Files\Adobe
2007-11-28 23:40:18 0 d

C:\Program Files\CyberLink
2007-11-28 23:37:46 0 d

C:\Program Files\Common Files\Sonic Shared
2007-11-28 23:35:49 0 d

C:\Program Files\Common Files\InstallShield
2007-11-28 23:34:58 0 d

C:\Program Files\Common Files\SureThing Shared
2007-11-28 23:34:33 0 d

C:\Program Files\Common Files\Roxio Shared
2007-11-28 23:33:12 0 d

C:\Program Files\AMD
2007-11-28 23:32:56 0 d

C:\Program Files\Broadcom
2007-11-28 23:29:45 0 d

C:\Program Files\ATI
2007-11-28 23:26:45 0 d

C:\Program Files\ATI Technologies
2007-11-28 23:24:07 0 d

C:\Program Files\Digital Line Detect
2007-11-28 23:23:36 0 d

C:\Program Files\NetWaiting
2007-11-28 23:23:00 0 d

C:\Program Files\Modem Diagnostic Tool
2007-11-28 23:22:30 0 d

C:\Program Files\Java
2007-11-28 23:22:29 0 d

C:\Program Files\Common Files\Java
2007-11-28 23:11:27 174 --ahs---- C:\Program Files\desktop.ini
2007-11-28 23:09:21 0 d

C:\Program Files\CONEXANT
2007-11-28 23:09:01 0 d

C:\Program Files\Sigmatel
2007-11-28 21:52:32 12288 --a

C:\Windows\system32\DivXWMPExtType.dll

-- Registry Dump

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19/09/2007 06:15 329032 --a

c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 06:03]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [24/09/2007 09:27]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [28/11/2007 23:22]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37]
"@=" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [16/04/2007 16:10]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [28/11/2007 23:42]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [09/10/2007 18:57]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [02/11/2006 12:35]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [16/12/2007 13:48]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [09/10/2007 16:21]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 15:27]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [24/08/2007 21:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [09/10/2007 18:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/10/2007 15:20]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]

C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WkCalRem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [05/06/2006 09:18:54]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [28/11/2007 23:24:07]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [28/11/2007 23:32:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-01-25 22:01:03

ActorSeeksJob · 25-01-2008 11:23PM

Hello

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
Under Additional Scans check the box beside Reg - Disabled MS Config Items.
Under Rootkit Search change that to Yes.
Check the box beside "Scan all users"
Change Files Created Within and Files Modified Within to 90 days
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

robryan · 25-01-2008 11:38PM

[codebox]
WinPFind35 logfile created on: 25/01/2008 23:32:11
WinPFind35U Version Beta36 Folder = C:\Users\bob\Desktop\WinPFind35u
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16575)

893.39 Mb Total Physical Memory | 338.70 Mb Available Physical Memory | 37.91% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.12% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.44 Gb Total Space | 103.73 Gb Free Space | 76.03% Space Free | Partition Type: NTFS
Drive

| 10.00 Gb Total Space | 5.95 Gb Free Space | 59.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: BOB-PC
Current User Name: bob
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4167 | Size = 593920 bytes | Modified Date = 14/08/2007 08:40:52 | Attr = ]
ati2evxx.exe -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4167 | Size = 593920 bytes | Modified Date = 14/08/2007 08:40:52 | Attr = ]
apoint.exe -> %ProgramFiles%\DellTPad\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 7.0.101.204 | Size = 159744 bytes | Modified Date = 24/09/2007 09:27:30 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 77824 bytes | Modified Date = 28/11/2007 23:22:33 | Attr = ]
roxwatchtray9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 221184 bytes | Modified Date = 05/11/2006 11:22:16 | Attr = ]
pcmservice.exe -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 16/04/2007 16:10:26 | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.708.19688 | Size = 1838592 bytes | Modified Date = 28/11/2007 23:42:08 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4279 | Size = 185896 bytes | Modified Date = 16/12/2007 13:48:53 | Attr = ]
maxmenumgrbasics.exe -> %ProgramFiles%\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe -> Maxtor Corporation [Ver = 2, 2, 0, 6 | Size = 169328 bytes | Modified Date = 09/10/2007 16:21:06 | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 03/08/2007 22:33:14 | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.exe -> [Ver = | Size = 36640 bytes | Modified Date = 24/08/2007 21:57:48 | Attr = ]
sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 18:56:24 | Attr = ]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 04/10/2007 15:20:54 | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 03/11/2006 18:02:14 | Attr = ]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 8, 0, 11, 0 | Size = 1125088 bytes | Modified Date = 20/02/2007 13:01:12 | Attr = ]
wkcalrem.exe -> %CommonProgramFiles%\microsoft shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 8.05.0818.0 | Size = 21504 bytes | Modified Date = 05/06/2006 09:18:54 | Attr = ]
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 29/09/2006 09:57:30 | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.708.19688 | Size = 1838592 bytes | Modified Date = 28/11/2007 23:42:08 | Attr = ]
aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 03/11/2006 07:17:27 | Attr = ]
ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 29/09/2006 09:57:36 | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 25/05/2007 17:16:08 | Attr = ]
aestsrv.exe -> %System32%\AEstSrv.exe -> Andrea Electronics Corporation [Ver = 1.0.32.2 | Size = 73728 bytes | Modified Date = 29/08/2007 21:25:16 | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 14:09:16 | Attr = ]
wrapper.exe -> %ProgramFiles%\ATI\WebPAM\jetty\extra\win32\Wrapper.exe -> [Ver = | Size = 110592 bytes | Modified Date = 29/09/2003 08:30:08 | Attr = ]
syncservicesbasics.exe -> %ProgramFiles%\Seagate\Basics\Service\SyncServicesBasics.exe -> Seagate Technology LLC [Ver = 4, 0, 3, 1 | Size = 124280 bytes | Modified Date = 09/10/2007 16:21:02 | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 15/08/2007 12:36:04 | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 24/07/2007 12:02:14 | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 18/07/2007 15:54:42 | Attr = ]
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.0.214.0 | Size = 23880 bytes | Modified Date = 24/08/2007 04:00:40 | Attr = ]
java.exe -> %ProgramFiles%\ATI\WebPAM\_jvm\bin\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 14/12/2006 17:04:04 | Attr = ]
roxwatch9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 05/11/2006 11:13:00 | Attr = ]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 23/01/2008 19:29:09 | Attr = ]
sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 18:56:30 | Attr = ]
stacsv.exe -> %System32%\stacsv.exe -> IDT, Inc. [Ver = 1.0.5609.0 nd652 cp1 | Size = 102400 bytes | Modified Date = 07/09/2007 18:25:12 | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 21:38:08 | Attr = ]
xaudio.exe -> %System32%\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 05/08/2006 00:39:20 | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 04/08/2007 03:08:06 | Attr = ]
roxmediadb9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 880640 bytes | Modified Date = 05/11/2006 11:15:12 | Attr = ]
hidfind.exe -> %ProgramFiles%\DellTPad\hidfind.exe -> Alps Electric Co., Ltd. [Ver = 7.0.0.26 | Size = 40960 bytes | Modified Date = 24/09/2007 09:27:38 | Attr = ]
apntex.exe -> %ProgramFiles%\DellTPad\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 7.0.1.27 | Size = 49152 bytes | Modified Date = 24/09/2007 09:27:28 | Attr = ]
cpshelprunner.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 10752 bytes | Modified Date = 05/11/2006 10:55:48 | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 25/07/2007 01:41:52 | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 22/07/2007 20:15:18 | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 28/11/2007 19:11:50 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 306688 bytes | Modified Date = 24/01/2008 12:47:38 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AESTFilters) Andrea ST Filters Service [Win32_Own | Auto | Running] -> %System32%\AEstSrv.exe -> Andrea Electronics Corporation [Ver = 1.0.32.2 | Size = 73728 bytes | Modified Date = 29/08/2007 21:25:16 | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 14:09:16 | Attr = ]
(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4167 | Size = 593920 bytes | Modified Date = 14/08/2007 08:40:52 | Attr = ]
(ATIWebPAM) ATI WebPAM [Win32_Own | Auto | Running] -> %ProgramFiles%\ATI\WebPAM\jetty\extra\win32\Wrapper.exe -> [Ver = | Size = 110592 bytes | Modified Date = 29/09/2003 08:30:08 | Attr = ]
(Basics Service) Basics Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Seagate\Basics\Service\SyncServicesBasics.exe -> Seagate Technology LLC [Ver = 4, 0, 3, 1 | Size = 124280 bytes | Modified Date = 09/10/2007 16:21:02 | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.708.19688 | Size = 1838592 bytes | Modified Date = 28/11/2007 23:42:08 | Attr = ]
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 28/11/2007 23:42:02 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 03:24:18 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 03:22:44 | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 04/08/2007 03:08:06 | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 22/07/2007 20:15:18 | Attr = ]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 25/07/2007 03:16:16 | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 15/08/2007 12:36:04 | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 25/07/2007 01:41:52 | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 18/07/2007 15:54:42 | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(MSK80Service) McAfee Anti-Spam Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.0.214.0 | Size = 23880 bytes | Modified Date = 24/08/2007 04:00:40 | Attr = ]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 880640 bytes | Modified Date = 05/11/2006 11:15:12 | Attr = ]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 05/11/2006 11:13:00 | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 23/01/2008 19:29:09 | Attr = ]
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 18:56:30 | Attr = ]
(STacSV) SigmaTel Audio Service [Win32_Own | Auto | Running] -> %System32%\stacsv.exe -> IDT, Inc. [Ver = 1.0.5609.0 nd652 cp1 | Size = 102400 bytes | Modified Date = 07/09/2007 18:25:12 | Attr = ]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.447 | Size = 73728 bytes | Modified Date = 14/09/2006 14:54:34 | Attr = ]
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 21:38:08 | Attr = ]
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %System32%\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 05/08/2006 00:39:20 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 03:06:32 | Attr = ]
Apoint -> %ProgramFiles%\DellTPad\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 7.0.101.204 | Size = 159744 bytes | Modified Date = 24/09/2007 09:27:30 | Attr = ]
basicsmssmenu -> %ProgramFiles%\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe -> Maxtor Corporation [Ver = 2, 2, 0, 6 | Size = 169328 bytes | Modified Date = 09/10/2007 16:21:06 | Attr = ]
dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe -> [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 09/10/2007 18:57:14 | Attr = ]
ECenter -> %SystemDrive%\DELL\E-Center\EULALauncher.exe -> [Ver = 1.0.2699.18652 | Size = 17920 bytes | Modified Date = 25/05/2007 06:03:00 | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.708.19688 | Size = 1838592 bytes | Modified Date = 28/11/2007 23:42:08 | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 03/10/2006 11:37:04 | Attr = ]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 03/08/2007 22:33:14 | Attr = ]
PCMService -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 16/04/2007 16:10:26 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 10/01/2008 15:27:36 | Attr = ]
RoxWatchTray -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 221184 bytes | Modified Date = 05/11/2006 11:22:16 | Attr = ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.exe -> [Ver = | Size = 36640 bytes | Modified Date = 24/08/2007 21:57:48 | Attr = ]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -> [Ver = | Size = 90112 bytes | Modified Date = 10/11/2006 12:35:24 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 77824 bytes | Modified Date = 28/11/2007 23:22:33 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4279 | Size = 185896 bytes | Modified Date = 16/12/2007 13:48:53 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 04/10/2007 15:20:54 | Attr = ]
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 18:56:24 | Attr = ]
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Sidebar -> Sidebar.exe -> File not found
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Sidebar -> Sidebar.exe -> File not found
< Run [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 04/10/2007 15:20:54 | Attr = ]
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 18:56:24 | Attr = ]
< Run [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 04/10/2007 15:20:54 | Attr = ]
BitTorrent DNA -> %SystemDrive%\Users\bob\Program Files\DNA\btdna.exe -> File not found
CTRegRun -> %SystemRoot%\Ctregrun.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 53248 bytes | Modified Date = 06/10/2006 14:17:34 | Attr = ]
CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> File not found
CTZDetec.exe -> %ProgramFiles%\Creative\Creative Media Lite\CTZDetec.exe -> File not found
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 18:56:24 | Attr = ]
dmati.tmp -> %System32%\dmati.tmp -> File not found
dmbhc.tmp -> %System32%\dmbhc.tmp -> File not found
dmbkj.tmp -> %System32%\dmbkj.tmp -> File not found
dmcmk.tmp -> %System32%\dmcmk.tmp -> File not found
dmddh.tmp -> %System32%\dmddh.tmp -> File not found
dmdxp.tmp -> %System32%\dmdxp.tmp -> File not found
dmeik.tmp -> %System32%\dmeik.tmp -> File not found
dmgms.tmp -> %System32%\dmgms.tmp -> File not found
dmgqs.tmp -> %System32%\dmgqs.tmp -> File not found
dmhnz.tmp -> %System32%\dmhnz.tmp -> File not found
dmiae.tmp -> %System32%\dmiae.tmp -> File not found
dmjvq.tmp -> %System32%\dmjvq.tmp -> File not found
dmjzx.tmp -> %System32%\dmjzx.tmp -> File not found
dmntc.tmp -> %System32%\dmntc.tmp -> File not found
dmorn.tmp -> %System32%\dmorn.tmp -> File not found
dmoys.tmp -> %System32%\dmoys.tmp -> File not found
dmpyo.tmp -> %System32%\dmpyo.tmp -> File not found
dmqtf.tmp -> %System32%\dmqtf.tmp -> File not found
dmqto.tmp -> %System32%\dmqto.tmp -> File not found
dmrnr.tmp -> %System32%\dmrnr.tmp -> File not found
dmslw.tmp -> %System32%\dmslw.tmp -> File not found
dmsup.tmp -> %System32%\dmsup.tmp -> File not found
dmsxr.tmp -> %System32%\dmsxr.tmp -> File not found
dmtmn.tmp -> %System32%\dmtmn.tmp -> File not found
dmuix.tmp -> %System32%\dmuix.tmp -> File not found
dmuxi.tmp -> %System32%\dmuxi.tmp -> File not found
dmydq.tmp -> %System32%\dmydq.tmp -> File not found
Sidebar -> Sidebar.exe -> File not found
< RunOnce [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
InetReg -> %ProgramFiles%\Creative\Product Registration\English\InetReg.exe -> Creative Technology Ltd [Ver = 2.10.7.0 | Size = 741463 bytes | Modified Date = 15/12/2006 09:56:34 | Attr = ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.708.19688 | Size = 145408 bytes | Modified Date = 28/11/2007 23:42:08 | Attr = ]
*MultiFile Done* -> ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction -> 2 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction -> 2 ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings -> 1 ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction -> 2 ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings -> 1 ->
< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
::1 localhost -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.ie/webhp ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\] > -> ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\: Main\\Start Page -> http://www.google.ie/webhp ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\] > -> ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
GD [:Range = 127.0.0.1] -> http = Local intranet | ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
GD [:Range = 127.0.0.1] -> http = Local intranet | ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
GD [:Range = 127.0.0.1] -> http = Local intranet | ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 04/12/2007 21:02:24 | Attr = ]
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.522 | Size = 370296 bytes | Modified Date = 16/12/2007 13:49:32 | Attr = ]
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\MSK\mcapbho.dll [McAfee Phishing Filter] -> [Ver = | Size = 329032 bytes | Modified Date = 19/09/2007 06:15:26 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 501384 bytes | Modified Date = 28/11/2007 23:22:33 | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 24/10/2007 05:51:28 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 12068 | Size = 2554688 bytes | Modified Date = 28/11/2007 23:42:01 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 28/11/2007 23:42:03 | Attr = ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Dell\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.2.0.3 | Size = 98304 bytes | Modified Date = 09/11/2006 09:56:48 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [McAfee SiteAdvisor] -> [Ver = | Size = 927008 bytes | Modified Date = 04/12/2007 21:02:24 | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 12068 | Size = 2554688 bytes | Modified Date = 28/11/2007 23:42:01 | Attr = R ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 12068 | Size = 2554688 bytes | Modified Date = 28/11/2007 23:42:01 | Attr = R ]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1000\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 12068 | Size = 2554688 bytes | Modified Date = 28/11/2007 23:42:01 | Attr = R ]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 12068 | Size = 2554688 bytes | Modified Date = 28/11/2007 23:42:01 | Attr = R ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0\bin\npjpi160.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 132744 bytes | Modified Date = 28/11/2007 23:22:33 | Attr = ]
{F313D2F6-B79E-4654-BC77-D14C93FC8947}:Exec -> %SystemDrive%\Microgaming\Poker\boylesportspokercomMPP\MPPoker.exe [Boylepoker.com Poker] -> Microgaming [Ver = 2, 38, 0, 0 | Size = 13312 bytes | Modified Date = 22/10/2007 08:57:36 | Attr = ]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\Software\Microsoft\Internet Explorer\Extensions\ ->
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuStatusBar [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6D502F37-04A6-4155-84E3-57B37CA6FB6D} -> 85.255.115.6,85.255.112.81 (Broadcom 440x 10/100 Integrated Controller) ->
{90581678-320E-4F2A-821D-0716E9055882} -> (Dell Wireless 1390 WLAN Mini-Card) ->
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
@ivt -> @ivt protocol not assigned ->
file -> file protocol not assigned ->
ftp -> ftp protocol not assigned ->
http -> http protocol not assigned ->
https -> https protocol not assigned ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
@ivt -> @ivt protocol not assigned ->
file -> file protocol not assigned ->
ftp -> ftp protocol not assigned ->
http -> http protocol not assigned ->
https -> https protocol not assigned ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 04/12/2007 21:02:24 | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] ->

[Registry - Additional Scans - Non-Microsoft Only]

[Files/Folders - Created Within 90 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 24/01/2008 17:51:27 | Attr = ]
DELL -> %SystemDrive%\DELL -> [Folder | Created Date = 29/11/2007 06:42:28 | Attr = ]
dell.sdr -> %SystemDrive%\dell.sdr -> [Ver = | Size = 4489 bytes | Created Date = 29/11/2007 07:02:58 | Attr = RH ]
Docs -> %SystemDrive%\Docs -> [Folder | Created Date = 02/12/2007 05:29:59 | Attr = ]
doctemp -> %SystemDrive%\doctemp -> [Folder | Created Date = 29/11/2007 06:44:35 | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 30/11/2007 19:22:04 | Attr = HS]
Drivers -> %SystemDrive%\Drivers -> [Folder | Created Date = 29/11/2007 06:42:28 | Attr = ]
External Hard Drive -> %SystemDrive%\External Hard Drive -> [Folder | Created Date = 26/12/2007 13:49:06 | Attr = ]
Firefox -> %SystemDrive%\Firefox -> [Folder | Created Date = 16/12/2007 22:48:49 | Attr = ]
FireFox Downloads -> %SystemDrive%\FireFox Downloads -> [Folder | Created Date = 28/12/2007 04:16:31 | Attr = ]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 25/01/2008 21:18:49 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 937431040 bytes | Created Date = 28/11/2007 23:13:33 | Attr = HS]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 429 bytes | Created Date = 09/12/2007 17:49:40 | Attr = H ]
McAfee Downloads -> %SystemDrive%\McAfee Downloads -> [Folder | Created Date = 15/12/2007 15:57:01 | Attr = ]
Microgaming -> %SystemDrive%\Microgaming -> [Folder | Created Date = 07/12/2007 19:21:33 | Attr = ]
photos -> %SystemDrive%\photos -> [Folder | Created Date = 16/01/2008 23:37:42 | Attr = ]
Poker -> %SystemDrive%\Poker -> [Folder | Created Date = 06/12/2007 21:51:38 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 28/11/2007 23:07:38 | Attr = HS]
totalcmd -> %SystemDrive%\totalcmd -> [Folder | Created Date = 27/12/2007 14:34:26 | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 25/01/2008 21:06:30 | Attr = ]
1028_Dell_INS_I1721.mrk -> %System32%\drivers\1028_Dell_INS_I1721.mrk -> [Ver = | Size = 4489 bytes | Created Date = 29/11/2007 06:44:33 | Attr = ]
ahcix86s.sys -> %System32%\drivers\ahcix86s.sys -> AMD Technologies Inc. [Ver = 2.5.1540.48 built by: WinDDK | Size = 122880 bytes | Created Date = 29/11/2007 07:02:44 | Attr = ]
Apfiltr.sys -> %System32%\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.7.0.75 built by: WinDDK | Size = 155136 bytes | Created Date = 29/11/2007 07:02:39 | Attr = ]
ati2erec.dll -> %System32%\drivers\ati2erec.dll -> ATI Technologies Inc. [Ver = 1.0.0.10 | Size = 49152 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
atikmdag.sys -> %System32%\drivers\atikmdag.sys -> ATI Technologies Inc. [Ver = 7.01.01.634 | Size = 2593280 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
AtiPcie.sys -> %System32%\drivers\AtiPcie.sys -> ATI Technologies Inc. [Ver = 1.00.0000.2 built by: WinDDK | Size = 7680 bytes | Created Date = 28/11/2007 23:33:13 | Attr = ]
ativdkxx.vp -> %System32%\drivers\ativdkxx.vp -> [Ver = | Size = 2096 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
ativpkxx.vp -> %System32%\drivers\ativpkxx.vp -> [Ver = | Size = 2096 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
ativvpxx.vp -> %System32%\drivers\ativvpxx.vp -> [Ver = | Size = 42960 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
bcm4sbxp.sys -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.60.0.0 built by: WinDDK | Size = 45568 bytes | Created Date = 29/11/2007 07:02:41 | Attr = ]
BCMWL6.SYS -> %System32%\drivers\BCMWL6.SYS -> Broadcom Corp. [Ver = 4.170.25.12 | Size = 1044472 bytes | Created Date = 29/11/2007 07:02:43 | Attr = ]
del1028.cty -> %System32%\drivers\del1028.cty -> [Ver = | Size = 144360 bytes | Created Date = 29/11/2007 07:02:40 | Attr = ]
DLACDBHM.SYS -> %System32%\drivers\DLACDBHM.SYS -> Roxio [Ver = 9.05.02a | Size = 12856 bytes | Created Date = 30/11/2007 23:09:00 | Attr = ]
DLARTL_M.SYS -> %System32%\drivers\DLARTL_M.SYS -> Roxio [Ver = 9.05.02a | Size = 28120 bytes | Created Date = 30/11/2007 23:09:00 | Attr = ]
DRVMCDB.SYS -> %System32%\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 8.10.42a | Size = 99176 bytes | Created Date = 30/11/2007 23:09:02 | Attr = ]
DRVNDDM.SYS -> %System32%\drivers\DRVNDDM.SYS -> Roxio [Ver = 9.05.02a | Size = 51768 bytes | Created Date = 30/11/2007 23:09:03 | Attr = ]
HSXHWAZL.sys -> %System32%\drivers\HSXHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 206848 bytes | Created Date = 29/11/2007 07:02:40 | Attr = ]
HSX_CNXT.sys -> %System32%\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 659968 bytes | Created Date = 29/11/2007 07:02:40 | Attr = ]
HSX_DPV.sys -> %System32%\drivers\HSX_DPV.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 986624 bytes | Created Date = 29/11/2007 07:02:40 | Attr = ]
mdmxsdk.sys -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Created Date = 29/11/2007 07:02:40 | Attr = ]
mfeavfk.sys -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 79304 bytes | Created Date = 18/01/2008 22:04:49 | Attr = ]
mfebopk.sys -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 35240 bytes | Created Date = 18/01/2008 22:04:49 | Attr = ]
mfehidk.sys -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 201288 bytes | Created Date = 18/01/2008 22:04:49 | Attr = ]
mferkdk.sys -> %System32%\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 33800 bytes | Created Date = 18/01/2008 22:04:55 | Attr = ]
mfesmfk.sys -> %System32%\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Created Date = 18/01/2008 22:04:49 | Attr = ]
Mpfp.sys -> %System32%\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 125728 bytes | Created Date = 18/01/2008 22:04:36 | Attr = ]
Msft_Kernel_Apfiltr_01005.Wdf -> %System32%\drivers\Msft_Kernel_Apfiltr_01005.Wdf -> [Ver = | Size = 0 bytes | Created Date = 28/11/2007 23:08:55 | Attr = H ]
NTPAMp50.sys -> %System32%\drivers\NTPAMp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.17.00 | Size = 18816 bytes | Created Date = 06/12/2007 20:34:56 | Attr = ]
NtpaSp50.sys -> %System32%\drivers\NtpaSp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.17.00 | Size = 17536 bytes | Created Date = 06/12/2007 20:34:56 | Attr = ]
rimmptsk.sys -> %System32%\drivers\rimmptsk.sys -> REDC [Ver = 6.0.1.4 | Size = 32256 bytes | Created Date = 29/11/2007 07:02:44 | Attr = ]
rimsptsk.sys -> %System32%\drivers\rimsptsk.sys -> REDC [Ver = 6.00.01.04 | Size = 43520 bytes | Created Date = 29/11/2007 07:02:45 | Attr = ]
rixdptsk.sys -> %System32%\drivers\rixdptsk.sys -> REDC [Ver = 6.00.01.05 | Size = 37376 bytes | Created Date = 29/11/2007 07:02:45 | Attr = ]
stwrt.sys -> %System32%\drivers\stwrt.sys -> IDT, Inc. [Ver = 6.10.5609.0 nd652 cp1 built by: WinDDK | Size = 330240 bytes | Created Date = 29/11/2007 07:02:34 | Attr = ]
usbaapl.sys -> %System32%\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Created Date = 31/10/2007 14:09:14 | Attr = ]
XAudio.exe -> %System32%\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Created Date = 29/11/2007 07:02:40 | Attr = ]
XAudio.sys -> %System32%\drivers\XAudio.sys -> Conexant Systems, Inc. [Ver = 1.00.00 built by: WinDDK | Size = 8192 bytes | Created Date = 29/11/2007 07:02:40 | Attr = ]
aestacap.dll -> %System32%\aestacap.dll -> Andrea Electronics Corporation [Ver = 1.0.32.3 | Size = 131072 bytes | Created Date = 28/11/2007 23:09:00 | Attr = ]
aestaren.dll -> %System32%\aestaren.dll -> Andrea Electronics Corporation [Ver = 1.0.32.1 | Size = 53248 bytes | Created Date = 28/11/2007 23:09:00 | Attr = ]
aestecap.dll -> %System32%\aestecap.dll -> Andrea Electronics Corporation [Ver = 1.0.32.7 | Size = 643072 bytes | Created Date = 28/11/2007 23:09:00 | Attr = ]
AEstSrv.exe -> %System32%\AEstSrv.exe -> Andrea Electronics Corporation [Ver = 1.0.32.2 | Size = 73728 bytes | Created Date = 28/11/2007 23:09:00 | Attr = ]
ati2edxx.dll -> %System32%\ati2edxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2511 | Size = 42496 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
Ati2evxx.dll -> %System32%\Ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 237568 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
Ati2evxx.exe -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4167 | Size = 593920 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
ATIDEMGX.dll -> %System32%\ATIDEMGX.dll -> Advanced Micro Devices, Inc. [Ver = 2.0.2758.39962 | Size = 319488 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
atiicdxx.dat -> %System32%\atiicdxx.dat -> [Ver = | Size = 145050 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
atioglxx.dll -> %System32%\atioglxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6570 | Size = 7553024 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
atipdlxx.dll -> %System32%\atipdlxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2519 | Size = 253952 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
atitmmxx.dll -> %System32%\atitmmxx.dll -> [Ver = 6, 14, 11, 17 | Size = 159744 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
atiumdag.dll -> %System32%\atiumdag.dll -> ATI Technologies Inc. [Ver = 7.14.10.0496 | Size = 2792960 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
atiumdva.dat -> %System32%\atiumdva.dat -> [Ver = | Size = 3107788 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
atiumdva.dll -> %System32%\atiumdva.dll -> ATI Technologies Inc. [Ver = 7.14.10.0155 | Size = 2802688 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
audiopid.vxd -> %System32%\audiopid.vxd -> [Ver = | Size = 7062 bytes | Created Date = 28/12/2007 19:34:29 | Attr = ]
awrdscdc.ax -> %System32%\awrdscdc.ax -> Audible, Inc. [Ver = 5, 0, 0, 5 | Size = 417792 bytes | Created Date = 28/12/2007 19:32:52 | Attr = ]
bcmihvsrv.dll -> %System32%\bcmihvsrv.dll -> Dell Inc. [Ver = 4.170.25.12 | Size = 3579904 bytes | Created Date = 29/11/2007 07:02:43 | Attr = ]
bcmihvui.dll -> %System32%\bcmihvui.dll -> Dell Inc. [Ver = 4.170.25.12 | Size = 3244032 bytes | Created Date = 29/11/2007 07:02:43 | Attr = ]
bcmwlcoi.dll -> %System32%\bcmwlcoi.dll -> Broadcom Corporation [Ver = 2007, 7, 12, 0 | Size = 87328 bytes | Created Date = 29/11/2007 07:02:43 | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 11765 bytes | Created Date = 18/01/2008 22:10:17 | Attr = ]
ctapo32.dll -> %System32%\ctapo32.dll -> Creative Technology Ltd. [Ver = 1.0.0.195 | Size = 492544 bytes | Created Date = 29/11/2007 07:02:34 | Attr = ]
ctppld.dll -> %System32%\ctppld.dll -> Creative Technology Ltd [Ver = 1.0.0.195 | Size = 45568 bytes | Created Date = 29/11/2007 07:02:34 | Attr = ]
DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Created Date = 04/12/2007 01:33:16 | Attr = ]
DivXCodecVersionChecker.exe -> %System32%\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 6, 7, 0, 1 | Size = 156992 bytes | Created Date = 28/11/2007 21:55:18 | Attr = ]
divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Created Date = 04/12/2007 01:33:14 | Attr = ]
DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Created Date = 29/11/2007 22:30:42 | Attr = ]
divxsm.tlb -> %System32%\divxsm.tlb -> [Ver = | Size = 4816 bytes | Created Date = 29/11/2007 22:30:42 | Attr = ]
DivXWMPExtType.dll -> %System32%\DivXWMPExtType.dll -> [Ver = | Size = 12288 bytes | Created Date = 28/11/2007 21:52:32 | Attr = ]
divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 04/12/2007 01:33:18 | Attr = ]
divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 04/12/2007 01:33:18 | Attr = ]
divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Created Date = 04/12/2007 01:33:18 | Attr = ]
DLA -> %System32%\DLA -> [Folder | Created Date = 30/11/2007 23:08:58 | Attr = ]
DLAAPI_W.DLL -> %System32%\DLAAPI_W.DLL -> [Ver = | Size = 56056 bytes | Created Date = 30/11/2007 23:09:00 | Attr = ]
dmhvf.exe -> %System32%\dmhvf.exe -> [Ver = | Size = 67647 bytes | Created Date = 08/12/2007 03:10:09 | Attr = ]
dmtjl.exe -> %System32%\dmtjl.exe -> [Ver = | Size = 67647 bytes | Created Date = 08/12/2007 03:10:09 | Attr = ]
dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Created Date = 29/11/2007 22:28:24 | Attr = ]
dpl100.dll.manifest -> %System32%\dpl100.dll.manifest -> [Ver = | Size = 416 bytes | Created Date = 29/11/2007 22:28:24 | Attr = ]
dpu10.dll -> %System32%\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 28/11/2007 21:53:18 | Attr = ]
dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 28/11/2007 21:53:18 | Attr = ]
dpuGUI10.dll -> %System32%\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 28/11/2007 21:53:18 | Attr = ]
dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 28/11/2007 21:53:18 | Attr = ]
dpus11.dll -> %System32%\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 28/11/2007 21:53:18 | Attr = ]
dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 28/11/2007 21:53:18 | Attr = ]
dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Created Date = 29/11/2007 22:28:24 | Attr = ]
dtu100.dll.manifest -> %System32%\dtu100.dll.manifest -> [Ver = | Size = 416 bytes | Created Date = 29/11/2007 22:28:24 | Attr = ]
dunzip32.dll -> %System32%\dunzip32.dll -> Inner Media, Inc. [Ver = 5.00.06 | Size = 143360 bytes | Created Date = 18/01/2008 22:07:17 | Attr = ]
GameUXLegacyGDFs.dll -> %System32%\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Created Date = 21/01/2008 21:15:35 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 135168 bytes | Created Date = 28/11/2007 23:22:46 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 69632 bytes | Created Date = 28/11/2007 23:22:46 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 135168 bytes | Created Date = 28/11/2007 23:22:46 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 139264 bytes | Created Date = 28/11/2007 23:22:46 | Attr = ]
libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 29/11/2007 22:30:16 | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Created Date = 28/11/2007 23:22:22 | Attr = ]
mdmxsdk.dll -> %System32%\mdmxsdk.dll -> Conexant [Ver = 1.0.2.012 | Size = 94208 bytes | Created Date = 29/11/2007 07:02:40 | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 208 bytes | Created Date = 12/12/2007 00:09:03 | Attr = ]
oem -> %System32%\oem -> [Folder | Created Date = 29/11/2007 06:42:29 | Attr = ]
oem6.inf -> %System32%\oem6.inf -> [Ver = | Size = 744318 bytes | Created Date = 28/11/2007 23:09:53 | Attr = ]
Oemdspif.dll -> %System32%\Oemdspif.dll -> ATI Technologies, Inc. [Ver = 6.14.0020 | Size = 229376 bytes | Created Date = 29/11/2007 07:02:47 | Attr = ]
onex.tmf -> %System32%\onex.tmf -> [Ver = | Size = 223526 bytes | Created Date = 29/11/2007 06:57:45 | Attr = ]
pncrt.dll -> %Sy

ActorSeeksJob · 26-01-2008 12:03AM

Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Sidebar -> Sidebar.exe
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Sidebar -> Sidebar.exe
< Run [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> BitTorrent DNA -> %SystemDrive%\Users\bob\Program Files\DNA\btdna.exe
YN -> CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe
YN -> CTZDetec.exe -> %ProgramFiles%\Creative\Creative Media Lite\CTZDetec.exe
YN -> dmati.tmp -> %System32%\dmati.tmp
YN -> dmbhc.tmp -> %System32%\dmbhc.tmp
YN -> dmbkj.tmp -> %System32%\dmbkj.tmp
YN -> dmcmk.tmp -> %System32%\dmcmk.tmp
YN -> dmddh.tmp -> %System32%\dmddh.tmp
YN -> dmdxp.tmp -> %System32%\dmdxp.tmp
YN -> dmeik.tmp -> %System32%\dmeik.tmp
YN -> dmgms.tmp -> %System32%\dmgms.tmp
YN -> dmgqs.tmp -> %System32%\dmgqs.tmp
YN -> dmhnz.tmp -> %System32%\dmhnz.tmp
YN -> dmiae.tmp -> %System32%\dmiae.tmp
YN -> dmjvq.tmp -> %System32%\dmjvq.tmp
YN -> dmjzx.tmp -> %System32%\dmjzx.tmp
YN -> dmntc.tmp -> %System32%\dmntc.tmp
YN -> dmorn.tmp -> %System32%\dmorn.tmp
YN -> dmoys.tmp -> %System32%\dmoys.tmp
YN -> dmpyo.tmp -> %System32%\dmpyo.tmp
YN -> dmqtf.tmp -> %System32%\dmqtf.tmp
YN -> dmqto.tmp -> %System32%\dmqto.tmp
YN -> dmrnr.tmp -> %System32%\dmrnr.tmp
YN -> dmslw.tmp -> %System32%\dmslw.tmp
YN -> dmsup.tmp -> %System32%\dmsup.tmp
YN -> dmsxr.tmp -> %System32%\dmsxr.tmp
YN -> dmtmn.tmp -> %System32%\dmtmn.tmp
YN -> dmuix.tmp -> %System32%\dmuix.tmp
YN -> dmuxi.tmp -> %System32%\dmuxi.tmp
YN -> dmydq.tmp -> %System32%\dmydq.tmp
YN -> Sidebar -> Sidebar.exe
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\] > -> HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\Software\Microsoft\Internet Explorer\Extensions\
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuStatusBar [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {6D502F37-04A6-4155-84E3-57B37CA6FB6D} -> 85.255.115.6,85.255.112.81 (Broadcom 440x 10/100 Integrated Controller)
[Files/Folders - Created Within 90 days]
YY -> dmhvf.exe -> %System32%\dmhvf.exe
YY -> dmtjl.exe -> %System32%\dmtjl.exe
[Files/Folders - Modified Within 90 days]
YY -> dmhvf.exe -> %System32%\dmhvf.exe
YY -> dmtjl.exe -> %System32%\dmtjl.exe
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

I will review the information when it comes back in.

Also post a new HijackThis log

robryan · 26-01-2008 01:05AM

Here is the log results

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Sidebar not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Sidebar not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CTSyncU.exe not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CTZDetec.exe not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmati.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmbhc.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmbkj.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmcmk.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmddh.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmdxp.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmeik.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmgms.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmgqs.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmhnz.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmiae.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmjvq.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmjzx.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmntc.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmorn.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmoys.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmpyo.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmqtf.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmqto.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmrnr.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmslw.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmsup.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmsxr.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmtmn.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmuix.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmuxi.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmydq.tmp not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Sidebar not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\Software\Microsoft\Internet Explorer\Extensions\{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\ButtonText not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\Software\Microsoft\Internet Explorer\Extensions\{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\CLSID not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\Software\Microsoft\Internet Explorer\Extensions\{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Default Visible not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\Software\Microsoft\Internet Explorer\Extensions\{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Exec not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\Software\Microsoft\Internet Explorer\Extensions\{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\HotIcon not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\Software\Microsoft\Internet Explorer\Extensions\{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Icon not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\Software\Microsoft\Internet Explorer\Extensions\{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuStatusBar not found.
Registry value HKEY_USERS\S-1-5-21-3472873205-2394879787-2826684974-1002\Software\Microsoft\Internet Explorer\Extensions\{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuText not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6D502F37-04A6-4155-84E3-57B37CA6FB6D}\\Broadcom 440x 10/100 Integrated Controller updated successfully.
[Files/Folders - Created Within 90 days]
File C:\Windows\System32\dmhvf.exe not found!
File C:\Windows\System32\dmtjl.exe not found!
[Files/Folders - Modified Within 90 days]
File C:\Windows\System32\dmhvf.exe not found!
File C:\Windows\System32\dmtjl.exe not found!
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta36 fix logfile created on 01262008_010514

ActorSeeksJob · 26-01-2008 12:51PM

Can you post a new HijackThis log

robryan · 26-01-2008 12:54PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:52, on 25/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\taskeng.exe
C:\Users\bob\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\bob.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/webhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmuix.tmp] C:\Windows\system32\dmuix.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmbkj.tmp] C:\Windows\system32\dmbkj.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmgms.tmp] C:\Windows\system32\dmgms.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmbhc.tmp] C:\Windows\system32\dmbhc.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmqtf.tmp] C:\Windows\system32\dmqtf.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmeik.tmp] C:\Windows\system32\dmeik.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmati.tmp] C:\Windows\system32\dmati.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmorn.tmp] C:\Windows\system32\dmorn.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmoys.tmp] C:\Windows\system32\dmoys.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmqto.tmp] C:\Windows\system32\dmqto.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmydq.tmp] C:\Windows\system32\dmydq.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmrnr.tmp] C:\Windows\system32\dmrnr.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmddh.tmp] C:\Windows\system32\dmddh.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmgqs.tmp] C:\Windows\system32\dmgqs.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmntc.tmp] C:\Windows\system32\dmntc.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmsxr.tmp] C:\Windows\system32\dmsxr.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmcmk.tmp] C:\Windows\system32\dmcmk.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmiae.tmp] C:\Windows\system32\dmiae.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [BitTorrent DNA] "C:\Users\bob\Program Files\DNA\btdna.exe" (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmsup.tmp] C:\Windows\system32\dmsup.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmjvq.tmp] C:\Windows\system32\dmjvq.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmhnz.tmp] C:\Windows\system32\dmhnz.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmdxp.tmp] C:\Windows\system32\dmdxp.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmslw.tmp] C:\Windows\system32\dmslw.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmjzx.tmp] C:\Windows\system32\dmjzx.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmtmn.tmp] C:\Windows\system32\dmtmn.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmuxi.tmp] C:\Windows\system32\dmuxi.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [dmpyo.tmp] C:\Windows\system32\dmpyo.tmp (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (User '?')
O4 - HKUS\S-1-5-21-3472873205-2394879787-2826684974-1002\..\RunOnce: [InetReg] "C:\Program Files\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /PortableDevice /Delay=6 (User '?')
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Boylepoker.com Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Microgaming\Poker\boylesportspokercomMPP\MPPoker.exe
O9 - Extra button: (no name) - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D502F37-04A6-4155-84E3-57B37CA6FB6D}: NameServer = 85.255.115.6,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.81
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI WebPAM (ATIWebPAM) - Unknown owner - C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15588 bytes

ActorSeeksJob · 26-01-2008 01:17PM

That log is from last night, can you post me a new one right now

Also do this

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

robryan · 26-01-2008 08:21PM

Hi,
I am after having a problem logging in to my laptop the system rebooted and when I tried to log back in it said there was something wrong ' the user profile service failed the logon. User profile cannot be loaded '. I am after doing a Sytem backup to 2 days ago, that got me back in. I will run the steps from the last mail now and post the results.

RB

Virus ( Maybe ) on my Dell Laptop

Comments