Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Win32/conhook.d Please Help!


  • Please log in to reply
1 reply to this topic

#1 mblankgpb

mblankgpb

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 05 April 2008 - 06:16 PM

my brand new computer (running vista) seems to have been infected with conhook.d, and windows defender can't get rid of it. i am not too computery, and would really appreciate it if someone would help me get rid of it!

my DSS logs:

Deckard's System Scanner v20071014.68
Run by Paul on 2008-04-05 16:01:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
15: 2008-04-05 22:55:54 UTC - RP35 - Windows Defender Checkpoint
14: 2008-04-05 21:45:04 UTC - RP33 - Installed AdwareAlert
13: 2008-04-05 21:18:11 UTC - RP32 - Windows Defender Checkpoint
12: 2008-04-05 19:44:08 UTC - RP30 - ComboFix created restore point
11: 2008-04-05 19:30:33 UTC - RP29 - ComboFix created restore point


-- First Restore Point --
1: 2008-04-04 22:22:40 UTC - RP18 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-05 16:02:49
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Paul\Documents\Final Draft 7\Final Draft.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Paul\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=0080325
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Paul\AppData\Local\Temp\yayaWNfe.dll,c
O4 - HKCU\..\Run: [BMf5980c90] Rundll32.exe "C:\Users\Paul\AppData\Local\Temp\yrdkakgh.dll",s
O4 - HKCU\..\Run: [f6ab3f0c] rundll32.exe "C:\Users\Paul\AppData\Local\Temp\vnmntuxd.dll",b
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Paul\AppData\Local\Temp\htoxkmof.dll",run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\AEstSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 9110 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-05 15:42:35 494 --a------ C:\Windows\Tasks\AdwareAlert Scheduled Scan.job


-- Files created between 2008-03-05 and 2008-04-05 -----------------------------

2008-04-05 14:49:12 0 d-------- C:\VundoFix Backups
2008-04-05 14:45:22 0 d-------- C:\Program Files\AdwareAlert
2008-04-05 13:34:32 0 d-------- C:\Downloads
2008-04-05 13:21:48 0 d-------- C:\Program Files\FlashGet
2008-04-05 12:55:47 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-05 12:46:06 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-05 12:30:15 68096 --a------ C:\Windows\zip.exe
2008-04-05 12:30:15 49152 --a------ C:\Windows\VFind.exe
2008-04-05 12:30:15 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-05 12:30:15 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-05 12:30:15 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-05 12:30:15 98816 --a------ C:\Windows\sed.exe
2008-04-05 12:30:15 80412 --a------ C:\Windows\grep.exe
2008-04-05 12:30:15 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-05 11:58:54 0 d-------- C:\Program Files\RapidSolution
2008-04-05 11:46:02 0 d-------- C:\Program Files\iPod
2008-04-05 11:45:57 0 d-------- C:\Program Files\iTunes
2008-04-05 11:45:10 0 d-------- C:\Program Files\Bonjour
2008-04-05 11:44:10 0 d-------- C:\Program Files\QuickTime
2008-04-05 11:44:08 0 d-------- C:\Users\All Users\Apple Computer
2008-04-05 11:43:30 0 d-------- C:\Program Files\Apple Software Update
2008-04-05 11:42:43 0 d-------- C:\Program Files\Common Files\Apple
2008-04-05 11:42:42 0 d-------- C:\Users\All Users\Apple
2008-04-05 11:31:55 0 d-------- C:\Program Files\The Holy Bible
2008-04-05 00:39:28 0 d-------- C:\Users\All Users\Viewpoint
2008-04-05 00:39:27 0 d-------- C:\Program Files\Viewpoint
2008-04-05 00:39:15 0 d-------- C:\Users\All Users\AOL
2008-04-05 00:39:15 0 d-------- C:\Users\All Users\AOL OCP
2008-04-05 00:38:58 0 d-------- C:\Program Files\Common Files\AOL
2008-04-05 00:38:38 0 d-------- C:\Program Files\AIM6
2008-04-04 23:25:06 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-04-04 23:23:36 0 d-------- C:\Users\All Users\RapidSolution
2008-04-04 17:32:08 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-04-04 17:32:08 0 d-------- C:\Program Files\Common Files\Napster Shared
2008-04-04 17:31:26 0 d-------- C:\Users\All Users\Napster
2008-04-04 17:31:12 0 d-------- C:\Program Files\Napster
2008-04-04 17:06:33 0 d-------- C:\Users\All Users\Final Draft
2008-04-04 16:53:27 29696 --a------ C:\Windows\system32\VB5StKit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-04 16:53:26 71680 --a------ C:\Windows\ST5UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Videos
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\Templates
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\Start Menu
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\SendTo
2008-04-04 16:44:03 0 d-------- C:\Users\Administrator\Saved Games
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\Recent
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\PrintHood
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Pictures
2008-04-04 16:44:03 262144 --ahs---- C:\Users\Administrator\NTUSER.DAT
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\NetHood
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\My Documents
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Music
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\Local Settings
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Links
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Favorites
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Downloads
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Documents
2008-04-04 16:44:03 0 dr------- C:\Users\Administrator\Desktop
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\Cookies
2008-04-04 16:44:03 0 d--hs---- C:\Users\Administrator\Application Data
2008-04-04 16:44:03 0 d--h----- C:\Users\Administrator\AppData
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Videos
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\Templates
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\Start Menu
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\SendTo
2008-04-04 15:44:23 0 d-------- C:\Users\Paul Hardy\Saved Games
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\Recent
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\PrintHood
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Pictures
2008-04-04 15:44:23 262144 --ahs---- C:\Users\Paul Hardy\NTUSER.DAT
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\NetHood
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\My Documents
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Music
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\Local Settings
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Links
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Favorites
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Downloads
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Documents
2008-04-04 15:44:23 0 dr------- C:\Users\Paul Hardy\Desktop
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\Cookies
2008-04-04 15:44:23 0 d--hs---- C:\Users\Paul Hardy\Application Data
2008-04-04 15:44:23 0 d--h----- C:\Users\Paul Hardy\AppData
2008-04-04 15:33:32 0 d-------- C:\Program Files\MSXML 4.0
2008-04-04 14:56:33 0 d-------- C:\Intel
2008-04-04 14:56:20 0 dr------- C:\Users\Paul\Searches
2008-04-04 14:56:13 0 dr------- C:\Users\Paul\Contacts
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Videos
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\Templates
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\Start Menu
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\SendTo
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Saved Games
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\Recent
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\PrintHood
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Pictures
2008-04-04 14:55:45 2359296 --ahs---- C:\Users\Paul\NTUSER.DAT
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\NetHood
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\My Documents
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Music
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\Local Settings
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Links
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Favorites
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Downloads
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Documents
2008-04-04 14:55:45 0 dr------- C:\Users\Paul\Desktop
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\Cookies
2008-04-04 14:55:45 0 d--hs---- C:\Users\Paul\Application Data
2008-04-04 14:55:45 0 d--h----- C:\Users\Paul\AppData
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\Templates
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\Start Menu
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\SendTo
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\Recent
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\PrintHood
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\NetHood
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\My Documents
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\Local Settings
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\Cookies
2008-04-04 14:52:14 0 d--hs---- C:\Users\Default\Application Data
2008-04-04 14:52:14 0 d--hs---- C:\Users\All Users\Templates
2008-04-04 14:52:14 0 d--hs---- C:\Users\All Users\Start Menu
2008-04-04 14:52:14 0 d--hs---- C:\Users\All Users\Favorites
2008-04-04 14:52:14 0 d--hs---- C:\Users\All Users\Documents
2008-04-04 14:52:14 0 d--hs---- C:\Users\All Users\Desktop
2008-04-04 14:52:14 0 d--hs---- C:\Users\All Users\Application Data
2008-03-25 03:03:03 0 d-------- C:\Program Files\DellTPad
2008-03-25 02:49:00 0 d-------- C:\Windows\Users
2008-03-25 02:45:17 0 d-------- C:\doctemp
2008-03-25 02:43:10 0 d-------- C:\Windows\system32\oem
2008-03-25 02:43:10 0 d-------- C:\Drivers
2008-03-25 02:43:10 0 d-------- C:\DELL
2008-03-24 19:34:13 0 d-------- C:\Program Files\Microsoft Works
2008-03-24 19:33:50 0 d-------- C:\Users\All Users\Dell
2008-03-24 19:31:49 0 d-------- C:\Users\All Users\CyberLink
2008-03-24 19:31:22 0 d-------- C:\Program Files\CyberLink
2008-03-24 19:31:09 0 d-------- C:\Users\All Users\SupportSoft
2008-03-24 19:30:54 0 d-------- C:\Program Files\Dell Support Center
2008-03-24 19:30:08 0 d-------- C:\Program Files\Common Files\supportsoft
2008-03-24 19:29:15 0 d-------- C:\Users\All Users\Google
2008-03-24 19:29:13 0 d-------- C:\Program Files\Google
2008-03-24 19:28:02 0 d-------- C:\Users\All Users\Roxio
2008-03-24 19:25:48 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-03-24 19:25:46 0 d-------- C:\Users\All Users\InstallShield
2008-03-24 19:25:46 0 d-------- C:\Program Files\Roxio
2008-03-24 19:25:34 0 d-------- C:\Users\All Users\Sonic
2008-03-24 19:25:30 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-24 19:25:04 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-24 19:24:50 126976 --a------ C:\Windows\system32\Imsmudlg.exe <Not Verified; Intel® Corporation; Uninstset Installation Utility>
2008-03-24 19:24:50 0 d-------- C:\Windows\system32\ENU
2008-03-24 19:24:44 0 d-------- C:\Program Files\Intel
2008-03-24 19:19:39 76 -r-hs---- C:\Windows\CT4CET.bin
2008-03-24 19:19:28 0 d-------- C:\Documents and Settings
2008-03-24 19:19:18 0 d-------- C:\Program Files\Common Files\Reallusion
2008-03-24 19:18:43 0 d-------- C:\Program Files\Creative Live! Cam
2008-03-24 19:18:34 0 d-------- C:\Program Files\Dell
2008-03-24 19:18:28 0 d-------- C:\Program Files\Creative
2008-03-24 19:17:46 0 d-------- C:\Program Files\Digital Line Detect
2008-03-24 19:17:20 0 d-------- C:\Program Files\NetWaiting
2008-03-24 19:17:17 0 d-------- C:\Program Files\Modem Diagnostic Tool
2008-03-24 19:17:10 0 d-------- C:\Windows\java
2008-03-24 19:17:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-24 19:17:09 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-24 19:17:02 0 d-------- C:\Program Files\Java
2008-03-24 19:17:02 0 d-------- C:\Program Files\Common Files\Java
2008-03-24 19:17:00 0 d--hs---- C:\Windows\Installer
2008-03-24 19:16:29 0 d-------- C:\Windows\system32\Macromed
2008-03-24 19:09:30 0 d-------- C:\Windows\SoftwareDistribution
2008-03-24 19:08:49 0 d-------- C:\Program Files\CONEXANT
2008-03-24 19:08:36 0 d-------- C:\Program Files\Sigmatel
2008-03-24 19:07:28 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-04-05 15:45:07 0 d-------- C:\Users\Paul\AppData\Roaming\Tunebite
2008-04-05 14:45:37 0 d-------- C:\Users\Paul\AppData\Roaming\AdwareAlert
2008-04-05 11:46:29 0 d-------- C:\Users\Paul\AppData\Roaming\Apple Computer
2008-04-05 11:42:43 0 d-------- C:\Program Files\Common Files
2008-04-05 00:43:16 0 d-------- C:\Users\Paul\AppData\Roaming\acccore
2008-04-04 23:47:42 0 d-------- C:\Users\Paul\AppData\Roaming\WinRAR
2008-04-04 17:32:29 0 d-------- C:\Users\Paul\AppData\Roaming\Roxio
2008-04-04 17:30:03 0 d-------- C:\Users\Paul\AppData\Roaming\InstallShield
2008-04-04 17:06:33 0 d-------- C:\Users\Paul\AppData\Roaming\Final Draft
2008-04-04 16:47:48 0 d-------- C:\Users\Paul\AppData\Roaming\Mozilla
2008-04-04 16:30:11 0 d-------- C:\Program Files\Windows Mail
2008-04-04 15:30:52 0 d-------- C:\Users\Paul\AppData\Roaming\Google
2008-04-04 15:30:19 0 d-------- C:\Users\Paul\AppData\Roaming\Macromedia
2008-04-04 15:29:14 0 d-------- C:\Users\Paul\AppData\Roaming\Template
2008-04-04 15:29:12 0 --a------ C:\Users\Paul\AppData\Roaming\wklnhst.dat
2008-04-04 15:23:18 0 d-------- C:\Users\Paul\AppData\Roaming\Adobe
2008-04-04 14:56:14 0 d-------- C:\Users\Paul\AppData\Roaming\Identities
2008-03-25 02:57:10 0 d-------- C:\Program Files\Windows Calendar
2008-03-25 02:53:37 0 d-------- C:\Program Files\Windows Defender
2008-03-25 02:52:32 0 d-------- C:\Program Files\Windows Sidebar
2008-03-24 19:10:14 174 --ahs---- C:\Program Files\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/25/2008 02:53 AM]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [01/18/2008 04:40 AM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [09/06/2007 11:49 PM]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [08/27/2007 10:51 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [11/12/2007 04:07 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [12/14/2007 08:54 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [12/14/2007 08:53 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [12/14/2007 08:53 PM]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [07/27/2007 02:43 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [03/21/2007 11:00 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 09:37 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [03/24/2008 07:29 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [02/13/2008 05:21 PM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [11/01/2007 01:39 PM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [12/10/2007 02:35 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Tunebite"="C:\Program Files\RapidSolution\Tunebite\Tunebite.exe" [02/28/2008 05:23 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 01:21 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"cmds"="C:\Users\Paul\AppData\Local\Temp\yayaWNfe.dll,c" []
"BMf5980c90"="C:\Users\Paul\AppData\Local\Temp\yrdkakgh.dll,s" []
"f6ab3f0c"="C:\Users\Paul\AppData\Local\Temp\vnmntuxd.dll,b" []
"MS Juan"="C:\Users\Paul\AppData\Local\Temp\htoxkmof.dll,run" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/24/2008 7:18:06 PM]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [9/7/2007 2:27:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97676397-0290-11dd-8ca1-001de04f22f1}]
AutoRun\command- G:\.\MigWiz\migsetup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-05 16:03:59 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 2037.43 MiB / 907.89 MiB
Pagefile Memory (total/avail): 4308.16 MiB / 3093.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.65 MiB

C: is Fixed (NTFS) - 136.5 GiB total, 104.62 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.82 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9160823ASG - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 136.5 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Paul\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PAULBOT
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Paul
LOCALAPPDATA=C:\Users\Paul\AppData\Local
LOGONSERVER=\\PAULBOT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Paul\AppData\Local\Temp
TMP=C:\Users\Paul\AppData\Local\Temp
USERDOMAIN=Paulbot
USERNAME=Paul
USERPROFILE=C:\Users\Paul
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Paul
Paul Hardy (new local)
Administrator (new local)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AdwareAlert --> MsiExec.exe /X{B94DE948-AAF7-48F3-AA8B-1FF399FD8EC9}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Dell Getting Started Guide --> MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
FlashGet(JetCar) --> C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Laptop Integrated Webcam Driver (1.03.02.0719) --> C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator --> C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0 --> C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Music, Photos & Videos Launcher --> MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
Napster --> C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PixiePack Codec Pack --> MsiExec.exe /I{582610B8-E496-4813-993C-4B027173FE38}
Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickSet --> MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Holy Bible KJV Ver.8 --> C:\Windows\ST5UNST.EXE -n "C:\Program Files\The Holy Bible\ST5UNST.LOG"
Tunebite --> MsiExec.exe /I{920C3228-F3F5-4A9B-A5BD-1D9AE41A9EDA}
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type300 / Error
Event Submitted/Written: 04/05/2008 03:55:54 PM
Event ID/Source: 8194 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {99ab47cb-93b4-438d-9fcc-fb28d8c020cc}

Event Record #/Type296 / Error
Event Submitted/Written: 04/05/2008 03:46:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program Explorer.EXE version 6.0.6000.16549 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: cb0
Start Time: 01c8976e79955429
Termination Time: 0

Event Record #/Type294 / Error
Event Submitted/Written: 04/05/2008 03:45:03 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, time stamp 0x47d7134a, faulting module idhijtmi.dll_unloaded, version 0.0.0.0, time stamp 0x092b2f27, exception code 0xc0000005, fault offset 0x03e9140a,
process id 0xe74, application start time 0xfirefox.exe0.

Event Record #/Type285 / Success
Event Submitted/Written: 04/05/2008 03:42:41 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type283 / Success
Event Submitted/Written: 04/05/2008 03:42:41 PM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4706 / Warning
Event Submitted/Written: 04/05/2008 04:02:59 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE04F22F1. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type4701 / Warning
Event Submitted/Written: 04/05/2008 03:59:41 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE04F22F1. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type4686 / Warning
Event Submitted/Written: 04/05/2008 03:55:14 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE04F22F1. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type4680 / Warning
Event Submitted/Written: 04/05/2008 03:47:44 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Paulbot27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Paulbot27 can't undo changes that you allow.

For more information please see the following:
%Paulbot275

Scan ID: {81778C84-93EE-49A3-955A-BE8AE7692082}

User: Paulbot\Paul

Name: %Paulbot271

ID: %Paulbot272

Severity ID: %Paulbot273

Category ID: %Paulbot274

Path Found: %Paulbot276

Alert Type: %Paulbot278

Detection Type: 1.1.1505.02

Event Record #/Type4678 / Warning
Event Submitted/Written: 04/05/2008 03:47:42 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Paulbot27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Paulbot27 can't undo changes that you allow.

For more information please see the following:
%Paulbot275

Scan ID: {ECA4D136-91AF-4B6B-9B95-203E50A08E29}

User: Paulbot\Paul

Name: %Paulbot271

ID: %Paulbot272

Severity ID: %Paulbot273

Category ID: %Paulbot274

Path Found: %Paulbot276

Alert Type: %Paulbot278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-04-05 16:03:59 ------------

my hijackthis! log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:21:59 PM, on 4/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Napster\napster.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Paul\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Paul\AppData\Local\Temp\ddcBUopN.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Paul\AppData\Local\Temp\yayaWNfe.dll,c
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BMf5980c90] Rundll32.exe "C:\Users\Paul\AppData\Local\Temp\bclvxhry.dll",s
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Paul\AppData\Local\Temp\yagydake.dll",run
O4 - HKCU\..\Run: [f6ab3f0c] rundll32.exe "C:\Users\Paul\AppData\Local\Temp\vnmntuxd.dll",b
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7171 bytes

my combofix log:

ComboFix 08-04-04.1 - Paul 2008-04-05 12:44:26.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1024 [GMT -7:00]
Running from: C:\Users\Paul\Desktop\ComboFix.exe
Command switches used :: C:\Users\Paul\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\System32\23GfPq8l.exe
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\monln.dll
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.

((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 18:58 --------- d-----w C:\Program Files\RapidSolution
2008-04-05 18:46 --------- d-----w C:\Users\Paul\AppData\Roaming\Apple Computer
2008-04-05 18:46 --------- d-----w C:\Program Files\iTunes
2008-04-05 18:46 --------- d-----w C:\Program Files\iPod
2008-04-05 18:45 --------- d-----w C:\ProgramData\Apple Computer
2008-04-05 18:45 --------- d-----w C:\Program Files\Bonjour
2008-04-05 18:44 --------- d-----w C:\Program Files\QuickTime
2008-04-05 18:43 --------- d-----w C:\Program Files\Apple Software Update
2008-04-05 18:42 --------- d-----w C:\ProgramData\Apple
2008-04-05 18:42 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-05 18:32 --------- d-----w C:\Program Files\The Holy Bible
2008-04-05 07:44 --------- d-----w C:\ProgramData\AOL OCP
2008-04-05 07:43 --------- d-----w C:\Users\Paul\AppData\Roaming\acccore
2008-04-05 07:43 --------- d-----w C:\Program Files\AIM6
2008-04-05 07:39 --------- d-----w C:\ProgramData\Viewpoint
2008-04-05 07:39 --------- d-----w C:\ProgramData\AOL
2008-04-05 07:39 --------- d-----w C:\Program Files\Viewpoint
2008-04-05 07:38 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-05 06:51 --------- d-----w C:\Users\Paul\AppData\Roaming\Tunebite
2008-04-05 06:32 --------- d-----w C:\ProgramData\RapidSolution
2008-04-05 06:25 --------- d-----w C:\Program Files\PixiePack Codec Pack
2008-04-05 00:41 --------- d-----w C:\Program Files\Napster
2008-04-05 00:32 --------- d-----w C:\Users\Paul\AppData\Roaming\Roxio
2008-04-05 00:32 --------- d-----w C:\ProgramData\Napster
2008-04-05 00:32 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-05 00:32 --------- d-----w C:\Program Files\Common Files\Napster Shared
2008-04-05 00:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 00:30 --------- d-----w C:\Users\Paul\AppData\Roaming\InstallShield
2008-04-05 00:06 --------- d-----w C:\Users\Paul\AppData\Roaming\Final Draft
2008-04-05 00:06 --------- d-----w C:\ProgramData\Final Draft
2008-04-04 23:30 --------- d-----w C:\Program Files\Windows Mail
2008-04-04 22:36 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-04 22:36 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-04 22:34 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-04-04 22:33 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-04 22:31 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-04-04 22:31 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-04 22:31 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-04 22:31 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-04 22:31 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-04-04 22:29 0 ----a-w C:\Users\Paul\AppData\Roaming\wklnhst.dat
2008-04-04 22:29 --------- d-----w C:\Users\Paul\AppData\Roaming\Template
2008-04-04 22:23 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-04-04 22:23 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-04-04 22:23 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-04-04 22:23 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-04-04 22:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-04-04 22:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-04-04 21:52 --------- d-sh--w C:\ProgramData\Templates
2008-04-04 21:52 --------- d-sh--w C:\ProgramData\Start Menu
2008-04-04 21:52 --------- d-sh--w C:\ProgramData\Favorites
2008-04-04 21:52 --------- d-sh--w C:\ProgramData\Documents
2008-04-04 21:52 --------- d-sh--w C:\ProgramData\Desktop
2008-04-04 21:52 --------- d-sh--w C:\ProgramData\Application Data
2008-03-25 10:03 --------- d-----w C:\Program Files\DellTPad
2008-03-25 10:02 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2008-03-25 10:02 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-03-25 10:02 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2008-03-25 10:02 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2008-03-25 10:02 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2008-03-25 10:02 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-03-25 10:02 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2008-03-25 10:01 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-03-25 10:01 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-03-25 10:01 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-03-25 10:01 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-25 10:00 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-25 09:58 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-03-25 09:57 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-25 09:57 633,856 ----a-w C:\Windows\System32\user32.dll
2008-03-25 09:57 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-25 09:57 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-25 09:57 --------- d-----w C:\Program Files\Windows Calendar
2008-03-25 09:54 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-25 09:54 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-25 09:54 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-25 09:54 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-25 09:54 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-25 09:54 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-25 09:53 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-25 09:53 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-25 09:53 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-03-25 09:53 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-25 09:53 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-25 09:53 --------- d-----w C:\Program Files\Windows Defender
2008-03-25 09:50 72,192 ----a-w C:\Windows\System32\dot3msm.dll
2008-03-25 09:49 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-03-25 09:48 53,760 ----a-w C:\Windows\System32\Mcx2Svc.dll
2008-03-25 09:48 161,280 ----a-w C:\Windows\system32\drivers\rdpwd.sys
2008-03-25 09:48 160,872 ----a-w C:\Windows\System32\halmacpi.dll
2008-03-25 09:48 134,760 ----a-w C:\Windows\System32\halacpi.dll
2008-03-25 09:48 134,144 ----a-w C:\Windows\System32\rdpdd.dll
2008-03-25 09:45 4,436 ----a-w C:\Windows\system32\drivers\1028_Dell_INS_1525.mrk
2008-03-25 02:37 --------- d-----w C:\ProgramData\Roxio
2008-03-25 02:35 --------- d-----w C:\Program Files\Dell
2008-03-25 02:34 --------- d-----w C:\Program Files\Microsoft Works
2008-03-25 02:33 --------- d-----w C:\ProgramData\Dell
2008-03-25 02:32 --------- d-----w C:\Program Files\CyberLink
2008-03-25 02:31 --------- d-----w C:\ProgramData\SupportSoft
2008-03-25 02:31 --------- d-----w C:\ProgramData\CyberLink
.

((((((((((((((((((((((((((((( snapshot@2008-04-05_12.33.01.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-05 19:30:45 6,123,520 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2008-04-05 19:44:20 6,123,520 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2008-04-05 19:16:16 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-05 19:35:42 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-05 19:30:34 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-05 19:44:10 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 05:34 2159104 C:\Windows\System32\oobefldr.dll]
"Tunebite"="C:\Program Files\RapidSolution\Tunebite\Tunebite.exe" [2008-02-28 17:23 6321456]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 13:21 50528]
"cmds"="C:\Users\Paul\AppData\Local\Temp\yayaWNfe.dll" [2008-04-04 23:38 268288]
"BMf5980c90"="C:\Users\Paul\AppData\Local\Temp\bclvxhry.dll" [2008-04-05 11:39 87104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-25 02:53 1006264]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-18 04:40 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-06 23:49 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-27 22:51 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 04:07 405504]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-12-14 20:54 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-12-14 20:53 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-12-14 20:53 133656]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 14:43 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 11:00 174872]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 09:37 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-24 19:29 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 17:21 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 13:39 189736]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-12-10 14:35 323216]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-24 19:18:06 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 14:27:08 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A46FA409-24B2-41C5-8BAC-F1864E045B60}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{845D567E-F7F4-4414-9A5B-6DB4CE0A6D5D}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{BE854E30-F25F-47D9-8F46-D2C10E032CC2}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{79E105DD-E763-4E41-AA6B-68C8C46163BA}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{A268FE83-28BA-4E28-83E9-647F5AFFA284}"= UDP:C:\Windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{36015260-4C73-4B43-ADA5-2880CBB7AA09}"= TCP:C:\Windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{E7BD711E-7D6B-4D8F-B283-AEFF2A2F6599}"= UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{1BF2520D-F253-40ED-860D-192A1B39E1B7}"= TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{57274C0C-7CC5-413C-B452-31161FD002DE}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{879FA8E4-9BBF-4338-85D1-B9BAE52A86C3}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BCA7155A-7E13-4C74-BD0F-C30881B5E6C5}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{4243E084-47EB-41CF-93E1-15384E394648}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{FC08CDA8-D54D-4D32-819C-38E369CC319B}C:\\program files\\napster\\napster.exe"= UDP:C:\program files\napster\napster.exe:Napster
"UDP Query User{CFCA310D-3F5C-486B-996D-F07D81FCC03A}C:\\program files\\napster\\napster.exe"= TCP:C:\program files\napster\napster.exe:Napster
"{96C46040-9009-4E85-9BBC-DE379C016E92}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{58FB3B8E-C8BA-4B28-BD84-E4A032B5F0ED}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F0850F96-45A7-4E97-944D-4BEE1C108DEF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C2692F0E-C335-4048-BB10-76CFE345F0AA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 04:07]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 17:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-12-14 20:53]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-12-14 20:54]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-27 22:51]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-27 22:51]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-28 22:31]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 00:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97676397-0290-11dd-8ca1-001de04f22f1}]
\shell\AutoRun\command - G:\.\MigWiz\migsetup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 12:45:37
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Users\Paul\AppData\Local\Temp\vnmntuxd.dll
-> C:\Users\Paul\AppData\Local\Temp\bclvxhry.dll
-> C:\Users\Paul\AppData\Local\Temp\yayaWNfe.dll
.
Completion time: 2008-04-05 12:46:05
ComboFix-quarantined-files.txt 2008-04-05 19:46:02
ComboFix2.txt 2008-04-05 19:33:19
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
.
2008-04-05 19:05:18 --- E O F ---

BC AdBot (Login to Remove)

 


#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:52 AM

Posted 10 April 2008 - 03:58 PM

Hello!

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

I see you have Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read This Article.

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.[b]
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Reboot now.
_____________

Combofix tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper.

I would like you to post a Fresh Combofix logfile.

Thank you.

Edited by Rahina Rescue, 10 April 2008 - 04:06 PM.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users