Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan Or Malware Please Help


  • This topic is locked This topic is locked
11 replies to this topic

#1 paul hitchon

paul hitchon

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 20 April 2008 - 06:37 PM

Hi I keep getting system messages telling me I have possibl trojan or malware and it keeps sending me to the pc cleaner download page please help
Here is my log Thanks


Deckard's System Scanner v20071014.68
Run by paul.hitchon on 2008-04-21 00:22:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as paul.hitchon.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:24:04, on 21/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell\Xcelerator\bin\ehLumaQuarkD.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Mail\WindowsMailGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\vglgbajk.exe
C:\ProgramData\hanetyxi\nqbuzgtw.exe
C:\Windows\explorer.exe
C:\Program Files\PC-Cleaner\PC-Cleaner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Users\paul.hitchon\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\paul.hitchon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: DVA Storm - {C6CF5BA3-2D76-40D1-A07F-2A0D18540255} - C:\Windows\lgmxvpatwxm.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: qtvglped - {65C76A0A-B5A4-4170-8F62-947A0145677C} - C:\Windows\qtvglped.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [qecefcse] C:\Windows\system32\vglgbajk.exe
O4 - HKCU\..\Run: [NIunizm7KE] C:\ProgramData\hanetyxi\nqbuzgtw.exe
O4 - HKCU\..\Run: [PC-Cleaner] "C:\Program Files\PC-Cleaner\PC-Cleaner.exe" hide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4255347925-1037622188-27186684-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-4255347925-1037622188-27186684-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Guest')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O21 - SSODL: pmsoarbf - {6A4997A8-C8F8-49A2-9D1E-C56207A7199A} - C:\Windows\pmsoarbf.dll
O21 - SSODL: omlbpkaw - {E3B5CC49-EE85-40E1-B686-0FEF93DB7DC6} - C:\Windows\omlbpkaw.dll
O23 - Service: McAfee Application Installer Cleanup (0202931208103100) (0202931208103100mcinstcleanup) - Unknown owner - C:\Windows\TEMP\020293~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 14070 bytes

-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 00:23:57 0 d-------- C:\Program Files\Trend Micro
2008-04-18 14:00:22 0 d-------- C:\Program Files\PC-Cleaner
2008-04-18 13:40:22 4096 --a------ C:\Windows\winsystem.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\userconfig9x.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32WINWGPX.EXE
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32winsystem.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32winlogonpc.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32vcatchpi.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32vbsys2.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32thun32.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32thun.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32temp#01.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32taack.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32taack.dat
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32sysreq.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32ssvchost.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32ssvchost.com
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32ssurf022.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32sncntr.exe
2008-04-18 13:40:22 0 d-------- C:\Windows\system32smp
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32Rundl1.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32regm64.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32regc64.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32psoft1.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32psof1.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32ps1.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32newsd32.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32netode.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32mwin32.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32mtr2.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32msvchost.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32mssecu.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32msnbho.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32msgp.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32medup020.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32medup012.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32hxiwlgpm.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32hxiwlgpm.dat
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32hoproxy.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32h@tkeysh@@k.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32emesx.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32dpcproxy.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32bsva-egihsg52.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32bdn.com
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32awtoolb.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32anticipator.dll
2008-04-18 13:40:22 4096 --a------ C:\Windows\system32akttzn.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\mssecu.exe
2008-04-18 13:40:22 0 d-------- C:\Windows\mslagent
2008-04-18 13:40:22 4096 --a------ C:\Windows\iTunesMusic.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\FVProtect.exe
2008-04-18 13:40:22 4096 --a------ C:\Windows\bdn.com
2008-04-18 13:40:22 4096 --a------ C:\Windows\a.bat
2008-04-18 13:40:22 0 d-------- C:\Users\paul.hitchon\Desktopvirii
2008-04-18 13:40:22 4096 --a------ C:\Users\paul.hitchon\DesktopFWebdEditor.exe
2008-04-18 13:40:22 4096 --a------ C:\Users\paul.hitchon\Desktopfwebd.exe
2008-04-18 13:40:22 4096 --a------ C:\Users\paul.hitchon\Desktopfilemanagerclient.exe
2008-04-18 13:40:22 0 d-------- C:\Program Files\Inet Delivery
2008-04-18 13:40:22 0 d-------- C:\Program Files\akl
2008-04-18 13:40:12 81920 --a------ C:\Windows\rtqmekwg.exe
2008-04-18 13:40:12 151552 --a------ C:\Windows\qtvglped.dll
2008-04-18 13:40:12 172032 --a------ C:\Windows\pmsoarbf.dll
2008-04-18 13:40:12 221184 --a------ C:\Windows\omlbpkaw.dll
2008-04-18 13:40:12 94208 --a------ C:\Windows\npqtsrak.exe
2008-04-18 13:40:12 253952 --a------ C:\Windows\lgmxvpatwxm.dll
2008-04-18 13:40:10 106496 --a------ C:\Windows\system32\vglgbajk.exe
2008-04-18 13:40:10 0 d-------- C:\Users\All Users\hanetyxi
2008-04-16 13:40:19 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-16 13:39:55 0 d-------- C:\clj2820-2840-v32-PCL6-pnp-ww
2008-04-13 23:06:04 0 dr------- C:\Users\Guest\Searches
2008-04-13 23:05:59 0 dr------- C:\Users\Guest\Contacts
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Videos
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\Templates
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\Start Menu
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\SendTo
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Saved Games
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\Recent
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\PrintHood
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Pictures
2008-04-13 23:05:51 786432 --ahs---- C:\Users\Guest\NTUSER.DAT
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\NetHood
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\My Documents
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Music
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\Local Settings
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Links
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Favorites
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Downloads
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Documents
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Desktop
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\Cookies
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\Application Data
2008-04-13 23:05:51 0 d--h----- C:\Users\Guest\AppData
2008-04-12 23:14:21 0 d-------- C:\Windows\system32\Adobe
2008-04-09 20:27:48 0 d-------- C:\Program Files\Safari
2008-04-09 20:26:13 0 d-------- C:\Program Files\iPod
2008-04-09 20:26:11 0 d-------- C:\Program Files\iTunes
2008-04-09 20:25:08 0 d-------- C:\Program Files\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-04-20 23:29:40 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\PC-Cleaner
2008-04-17 19:12:47 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\Adobe
2008-04-13 17:11:37 0 d-------- C:\Program Files\McAfee
2008-04-12 23:30:40 12 --a------ C:\Windows\bthservsdp.dat
2008-04-12 23:15:54 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\Google
2008-04-12 23:14:32 0 d-------- C:\Program Files\Google
2008-04-10 09:37:51 0 d-------- C:\Program Files\Windows Mail
2008-04-09 21:31:46 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\Apple Computer
2008-04-09 21:27:11 0 d-------- C:\Program Files\Windows Sidebar
2008-03-18 04:01:33 0 d-------- C:\Program Files\MSXML 4.0
2008-03-18 01:10:14 0 d-------- C:\Program Files\Dell Support Center
2008-03-18 01:09:56 0 d-------- C:\Program Files\Common Files\supportsoft
2008-03-18 01:09:54 0 d-------- C:\Program Files\Common Files
2008-03-18 01:08:55 0 d--h----- C:\Users\paul.hitchon\AppData\Roaming\GTek
2008-03-17 23:32:31 0 d-------- C:\Program Files\Bonjour
2008-03-17 23:31:45 0 d-------- C:\Program Files\Apple Software Update
2008-03-17 23:31:05 0 d-------- C:\Program Files\Common Files\Apple
2008-03-17 21:57:20 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\Macromedia


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19/09/2007 07:15 329032 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6CF5BA3-2D76-40D1-A07F-2A0D18540255}]
18/04/2008 09:18 253952 --a------ C:\Windows\lgmxvpatwxm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [14/01/2008 21:59]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 07:03]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [12/09/2007 09:40]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [25/10/2007 05:52]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [25/10/2007 05:52]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [25/10/2007 05:52]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [14/01/2008 14:25]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [26/07/2007 20:03]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 10:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04:06]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [27/06/2007 11:14]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [27/06/2007 11:18]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 23:33]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [23/10/2006 00:24]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 13:09]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/04/2008 20:51]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 10:23]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [12/04/2008 23:14]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:33]
"qecefcse"="C:\Windows\system32\vglgbajk.exe" [18/04/2008 13:40]
"NIunizm7KE"="C:\ProgramData\hanetyxi\nqbuzgtw.exe" [18/04/2008 13:40]
"PC-Cleaner"="C:\Program Files\PC-Cleaner\PC-Cleaner.exe" [20/04/2008 23:29]

C:\Users\paul.hitchon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [21/01/2008 15:36:18]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [23/10/2006 01:01:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pmsoarbf"= {6A4997A8-C8F8-49A2-9D1E-C56207A7199A} - C:\Windows\pmsoarbf.dll [18/04/2008 09:18 172032]
"omlbpkaw"= {E3B5CC49-EE85-40E1-B686-0FEF93DB7DC6} - C:\Windows\omlbpkaw.dll [18/04/2008 09:18 221184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-21 00:24:31 ------------

BC AdBot (Login to Remove)

 


#2 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:02:43 AM

Posted 06 May 2008 - 01:37 AM

Hi paul hitchon,

Clean with MalwareBytes' Anti-Malware
  • Please download the Installer to your Desktop from here:
    http://www.besttechie.net/tools/mbam-setup.exe
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to both of these options:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure everything is checked, and click Remove Selected.
  • When finished, a log will open in Notepad. Please save it to your Desktop, and post the contents in your reply.
  • The log can also be found here if you need it:
    • Start->All Programs->Malwarebytes' Anti-Malware->Logs
Then create new DSS reports:
  • Make sure DSS.exe is on your Desktop
  • Next press Start, copy/paste the following command into the search box and press Enter:

    "%userprofile%\desktop\dss.exe" /config

  • Press OK to the disclaimer(s) and a configuration box will appear
  • Place checkmarks in all the boxes and press Scan!
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply
Once complete, please post the MalwareBytes Antimalware report and both DSS reports.
Teacher at Malware Removal University | ASAP & UNITE Member

#3 paul hitchon

paul hitchon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 06 May 2008 - 06:42 PM

Thanks for the help have done as you have asked.

Malwarebytes' Anti-Malware 1.12
Database version: 726

Scan type: Quick Scan
Objects scanned: 37674
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 47
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 96

Memory Processes Infected:
C:\Program Files\PC-Cleaner\PC-Cleaner.exe (Rogue.PC-Cleaner) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8a6be39f-b3ac-4f1f-b837-7cfa378788ff} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cfd245bd-52ae-4af0-b891-812470b45f78} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c8c241e-e292-4f1a-a3dc-87ea8db8b9ca} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d086f8da-42df-412b-a966-4fafe548fe4b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{91aa2bfc-1311-4468-bef7-0c6a5795e764} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e3b5cc49-ee85-40e1-b686-0fef93db7dc6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6a4997a8-c8f8-49a2-9d1e-c56207a7199a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc-cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f820d802-5a6a-4751-a061-888724c3e287} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.bbnf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MSVPS.MSVPSApp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\omlbpkaw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pmsoarbf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{f820d802-5a6a-4751-a061-888724c3e287} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Delete on reboot.
C:\Program Files\PC-Cleaner\com (Rogue.PC-Cleaner) -> Delete on reboot.
C:\Windows\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\AppData\Roaming\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\npqtsrak.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\omlbpkaw.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\pmsoarbf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\rtqmekwg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner\PC-Cleaner.db (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner\PC-Cleaner.exe (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner\pccleaner.pkg (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner\program.info (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner\Uninstall.exe (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner\com\pcsd.dll (Rogue.PC-Cleaner) -> Delete on reboot.
C:\Windows\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-Cleaner\Register PC-Cleaner.lnk (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-Cleaner\Start PC-Cleaner.lnk (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-Cleaner\Uninstall PC-Cleaner.lnk (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\AppData\Roaming\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\AppData\Roaming\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ps1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\Desktopblackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\DesktopEditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\DesktopEditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\Desktopfilemanagerclient.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\Desktopfkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\Desktopfkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\Desktopfwebd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\DesktopFWebdEditor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\DesktopTrojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\paul.hitchon\Desktop\PC-Cleaner.lnk (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.


Deckard's System Scanner v20071014.68
Run by paul.hitchon on 2008-05-07 00:20:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
44: 2008-05-06 16:46:17 UTC - RP64 - Scheduled Checkpoint
43: 2008-05-04 23:53:26 UTC - RP63 - Scheduled Checkpoint
42: 2008-05-03 23:00:05 UTC - RP62 - Scheduled Checkpoint
41: 2008-05-03 03:53:43 UTC - RP61 - Scheduled Checkpoint
40: 2008-05-01 23:38:34 UTC - RP60 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-01-21 14:30:53 UTC - RP17 - Installed Adobe Acrobat 8 Professional - English, Français, Deutsch


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as paul.hitchon.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:22:32, on 07/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell\Xcelerator\bin\ehLumaQuarkD.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Mail\WindowsMailGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\paul.hitchon\Desktop\dss.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PAULHI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: DVA Storm - {C6CF5BA3-2D76-40D1-A07F-2A0D18540255} - C:\Windows\lgmxvpatwxm.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: qtvglped - {65C76A0A-B5A4-4170-8F62-947A0145677C} - C:\Windows\qtvglped.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [qecefcse] C:\Windows\system32\vglgbajk.exe
O4 - HKCU\..\Run: [NIunizm7KE] C:\ProgramData\hanetyxi\nqbuzgtw.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4255347925-1037622188-27186684-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13435 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - DWGTrueViewScriptFile - shell\open\command - "C:\Windows\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 DQLWinService - "c:\program files\common files\intel\inteldh\nms\adpplugins\dqlwinservice.exe" <Not Verified; ; DQLWinSe Application>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\Windows\explorer.exe (pid 4176)
2007-02-12 00:17:02 38912 --a------ C:\Windows\System32\AcSignIcon.dll <Not Verified; Autodesk, Inc.; AutoCAD>


-- Scheduled Tasks -------------------------------------------------------------

2008-05-06 22:40:21 432 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{02B5B67D-7CB0-4BAD-AF53-F3557A0C7DA0}.job
2008-01-14 14:43:21 348 --a------ C:\Windows\Tasks\McQcTask.job
2008-01-14 14:43:21 356 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-06 23:58:12 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-06 23:58:11 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 00:23:57 0 d-------- C:\Program Files\Trend Micro
2008-04-18 14:00:22 0 d-------- C:\Program Files\PC-Cleaner
2008-04-18 13:40:10 0 d-------- C:\Users\All Users\hanetyxi
2008-04-16 13:40:19 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-16 13:39:55 0 d-------- C:\clj2820-2840-v32-PCL6-pnp-ww
2008-04-13 23:06:04 0 dr------- C:\Users\Guest\Searches
2008-04-13 23:05:59 0 dr------- C:\Users\Guest\Contacts
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Videos
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\Templates
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\Start Menu
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\SendTo
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Saved Games
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\Recent
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\PrintHood
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Pictures
2008-04-13 23:05:51 786432 --ahs---- C:\Users\Guest\NTUSER.DAT
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\NetHood
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\My Documents
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Music
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\Local Settings
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Links
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Favorites
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Downloads
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Documents
2008-04-13 23:05:51 0 dr------- C:\Users\Guest\Desktop
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\Cookies
2008-04-13 23:05:51 0 d--hs---- C:\Users\Guest\Application Data
2008-04-13 23:05:51 0 d--h----- C:\Users\Guest\AppData
2008-04-12 23:14:21 0 d-------- C:\Windows\system32\Adobe
2008-04-09 20:27:48 0 d-------- C:\Program Files\Safari
2008-04-09 20:26:13 0 d-------- C:\Program Files\iPod
2008-04-09 20:26:11 0 d-------- C:\Program Files\iTunes
2008-04-09 20:25:08 0 d-------- C:\Program Files\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-05-07 00:11:17 0 d-------- C:\Program Files\McAfee
2008-05-07 00:09:44 12 --a------ C:\Windows\bthservsdp.dat
2008-05-06 23:58:29 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\Malwarebytes
2008-04-17 19:12:47 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\Adobe
2008-04-12 23:15:54 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\Google
2008-04-12 23:14:32 0 d-------- C:\Program Files\Google
2008-04-10 09:37:51 0 d-------- C:\Program Files\Windows Mail
2008-04-09 21:31:46 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\Apple Computer
2008-04-09 21:27:11 0 d-------- C:\Program Files\Windows Sidebar
2008-03-18 04:01:33 0 d-------- C:\Program Files\MSXML 4.0
2008-03-18 01:10:14 0 d-------- C:\Program Files\Dell Support Center
2008-03-18 01:09:56 0 d-------- C:\Program Files\Common Files\supportsoft
2008-03-18 01:09:54 0 d-------- C:\Program Files\Common Files
2008-03-18 01:08:55 0 d--h----- C:\Users\paul.hitchon\AppData\Roaming\GTek
2008-03-17 23:32:31 0 d-------- C:\Program Files\Bonjour
2008-03-17 23:31:45 0 d-------- C:\Program Files\Apple Software Update
2008-03-17 23:31:05 0 d-------- C:\Program Files\Common Files\Apple
2008-03-17 21:57:20 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\Macromedia


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19/09/2007 07:15 329032 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6CF5BA3-2D76-40D1-A07F-2A0D18540255}]
C:\Windows\lgmxvpatwxm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [14/01/2008 21:59]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 07:03]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [12/09/2007 09:40]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [25/10/2007 05:52]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [25/10/2007 05:52]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [25/10/2007 05:52]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [14/01/2008 14:25]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [26/07/2007 20:03]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 10:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04:06]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [27/06/2007 11:14]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [27/06/2007 11:18]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 23:33]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [23/10/2006 00:24]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [05/05/2008 20:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 13:09]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/04/2008 20:51]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 10:23]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [12/04/2008 23:14]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:33]
"qecefcse"="C:\Windows\system32\vglgbajk.exe" []
"NIunizm7KE"="C:\ProgramData\hanetyxi\nqbuzgtw.exe" []

C:\Users\paul.hitchon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [21/01/2008 15:36:18]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [23/10/2006 01:01:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-07 00:23:19 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 3069.32 MiB / 1957.57 MiB
Pagefile Memory (total/avail): 6337.63 MiB / 5213.56 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.64 MiB

C: is Fixed (NTFS) - 581.12 GiB total, 472.04 GiB free.
D: is Fixed (NTFS) - 15 GiB total, 10.86 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ARRAY - 596.18 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 - Installable File System - 15 GiB - D:
\PARTITION2 (bootable) - Installable File System - 581.12 GiB - C:

\\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device

\\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device

\\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device

\\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\paul.hitchon\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PAULHITCHON-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\paul.hitchon
LOCALAPPDATA=C:\Users\paul.hitchon\AppData\Local
LOGONSERVER=\\PAULHITCHON-PC
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\PAUL~1.HIT\AppData\Local\Temp
TMP=C:\Users\PAUL~1.HIT\AppData\Local\Temp
USERDOMAIN=paulhitchon-PC
USERNAME=paul.hitchon
USERPROFILE=C:\Users\paul.hitchon
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

IUSR_NMPR
paul.hitchon
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
Adobe Acrobat 8 Professional - English, Français, Deutsch --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player 11 --> C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Xcelerator™ for Portable Devices --> MsiExec.exe /X{ABA1C13F-D76E-4E8C-80CE-13BB88BBD955}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DWG TrueView 2008 --> C:\Program Files\DWG TrueView 2008\Setup\Setup.exe /P {B1A9CD45-A702-4E3B-91ED-8CD562869901} /M AOEM
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hauppauge MCE XP/Vista Software Encoder (2.0.25296) --> C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hauppauge TV Tuner Driver --> MsiExec.exe /I{AF094932-91E6-4EF8-8AB8-1C7226DFEECB}
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
Intel® PRO Network Connections 12.1.12.4 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel® PRO Network Connections 12.1.12.4 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel® Viiv™ Software --> MsiExec.exe /X{A7472CEE-6E85-4D43-9C71-BDFC0D471F70} /qb!
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Roxio Activation Module --> MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
Roxio Creator Premier --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
Roxio EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Premier --> MsiExec.exe /I{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
Sonic CinePlayer Decoder Pack --> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Mobile Device Center Driver Update --> MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1660 / Success
Event Submitted/Written: 05/07/2008 00:11:18 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type1659 / Success
Event Submitted/Written: 05/07/2008 00:11:18 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type1653 / Success
Event Submitted/Written: 05/07/2008 00:11:02 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type1637 / Error
Event Submitted/Written: 05/06/2008 09:14:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16643, time stamp 0x47bce1b0, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000374, fault offset 0x000af1c9,
process id 0x19f8, application start time 0xiexplore.exe0.

Event Record #/Type1630 / Error
Event Submitted/Written: 05/06/2008 05:18:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16643, time stamp 0x47bce1b0, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000374, fault offset 0x000af1c9,
process id 0x1bb0, application start time 0xiexplore.exe0.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11995 / Warning
Event Submitted/Written: 05/07/2008 00:12:07 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type11994 / Warning
Event Submitted/Written: 05/07/2008 00:12:07 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type11993 / Warning
Event Submitted/Written: 05/07/2008 00:12:07 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type11992 / Warning
Event Submitted/Written: 05/07/2008 00:12:07 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type11991 / Warning
Event Submitted/Written: 05/07/2008 00:12:07 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.



-- End of Deckard's System Scanner: finished at 2008-05-07 00:23:19 ------------

#4 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:02:43 AM

Posted 06 May 2008 - 10:46 PM

Hi Paul,

Please open Start->Control Panel->Add/Remove Programs, and remove the following:

JavaT SE Runtime Environment 6

This is out of date and now a security risk, you can get the latest update (version 6 update 6) from here

Right-click the HijackThis program or shortcut, and choose Run as administrator to start the program
Choose Do a system scan only and place a checkmark next to the following lines:

O2 - BHO: DVA Storm - {C6CF5BA3-2D76-40D1-A07F-2A0D18540255} - C:\Windows\lgmxvpatwxm.dll (file missing)
O3 - Toolbar: qtvglped - {65C76A0A-B5A4-4170-8F62-947A0145677C} - C:\Windows\qtvglped.dll (file missing)
O4 - HKCU\..\Run: [qecefcse] C:\Windows\system32\vglgbajk.exe
O4 - HKCU\..\Run: [NIunizm7KE] C:\ProgramData\hanetyxi\nqbuzgtw.exe

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------

Backup Your Registry:
  • Download ERUNT to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Right-click erunt.zip, choose Extract All... and follow the prompts to unzip the program
  • Open the erunt folder on your Desktop and double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

------------------------------------------------------------------------

Please download OTMoveIt2 by OldTimer to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Right-click on OTMoveIt2.exe and select Run As Administrator to start the program.
  • Copy the lines in the OTMoveIt file list below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    OTMoveIt File List:
    C:\Program Files\PC-Cleaner
    C:\Users\All Users\hanetyxi
    C:\ProgramData\hanetyxi
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Then click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • If OTMoveIt asks to reboot your computer, allow it to do so. The report will appear in Notepad after the reboot.
  • Close OTMoveIt2
------------------------------------------------------------------------

Next, fix file associations with DSS:
  • Make sure DSS.exe is on your Desktop
  • Next press Start, copy/paste the following command into the search box and press Enter:

    "%userprofile%\desktop\dss.exe" /daft

  • Press OK to the disclaimer(s) and then press Scan
  • Place checkmarks in the box marked .reg and press Fix
  • Then close Deckard's System Scanner
------------------------------------------------------------------------

Then please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer

When prompted, allow the installation of ActiveX components from Kaspersky
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save Report As... button, change Save as type: to Text file and save the file to your desktop as Kaspersky.txt
  • If Internet Explorer responds saying the report has been saved to the Temporary Internet Files folder, say Yes to open the folder, then navigate to C -> Users -> (Your username) -> Desktop to locate the report
Note: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

------------------------------------------------------------------------

Then, make a new main.txt with DSS:
  • Make sure DSS.exe is on your Desktop
  • Press the Start->Run, copy/paste the following command into the box and press OK:

    "%userprofile%\desktop\dss.exe" /config

  • A configuration box will appear, make sure all boxes are checked in the Main Log section, then un-check everything in the Extra Log section and press Scan!
------------------------------------------------------------------------

Once complete, please post the OTMoveIt report, the Kaspersky log and the new DSS main.txt report.
Teacher at Malware Removal University | ASAP & UNITE Member

#5 paul hitchon

paul hitchon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 07 May 2008 - 09:44 AM

Hi

Problem with erunt message reads unable to crate file C windows ERDNT07-05-08 ERDNT.info it goes on to say no restore info will be saved and it can only be done manualy with an other OS to copy back the files manualy if i ok this i the get a lot of error saving file messages please advise what you wish me to do many thanks

Paun

#6 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:02:43 AM

Posted 07 May 2008 - 10:03 PM

Sorry to hear you are having difficulties :thumbsup:

I don't know what the problem with ERUNT is, but please skip the ERUNT part and continue with the rest of the instructions, except use this for the OTMoveIt file list:

C:\Program Files\PC-Cleaner
C:\Users\All Users\hanetyxi
C:\ProgramData\hanetyxi


Teacher at Malware Removal University | ASAP & UNITE Member

#7 paul hitchon

paul hitchon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 08 May 2008 - 12:38 AM

Thanks for your help again I will be away now on holiday for 1 week so will complete on my return

Regards

Paul

#8 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:02:43 AM

Posted 08 May 2008 - 03:12 AM

You're welcome, have a nice time on holiday :thumbsup:
Teacher at Malware Removal University | ASAP & UNITE Member

#9 paul hitchon

paul hitchon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 18 May 2008 - 11:14 AM

Back from holiday know so here goes

C:\Program Files\PC-Cleaner moved successfully.
C:\Users\All Users\hanetyxi moved successfully.
File/Folder C:\ProgramData\hanetyxi not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05182008_113513


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 18, 2008 5:06:09 PM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/05/2008
Kaspersky Anti-Virus database records: 782679
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 100618
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 00:50:31

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\20080421002054\backup\Users\PAUL~1.HIT\AppData\Local\Temp\334cd272.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.o skipped
C:\Deckard\System Scanner\20080421002054\backup\Users\PAUL~1.HIT\AppData\Local\Temp\7e8eb2f1.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.o skipped
C:\Deckard\System Scanner\20080518113827\backup\Windows\temp\fwtsqmfile00.sqm Object is locked skipped
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A81000000003}\Enterprise.mnt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.ilg Object is locked skipped
C:\ProgramData\McAfee\MNA\NAData Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{3FC0F42C-F7F0-492B-8815-5E2808CC5A29}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Data\TFRD113.tmp Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bae09271ff79b180345cfc1c3ee36600_044d4a28-e2d2-4392-a613-fb0863395e39 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dell.txt Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Guest.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\IUSR_NMPR.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051820080519\index.dat Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows\UsrClass.dat{4d4e6590-c820-11dc-880f-001d09297973}.TM.blf Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows\UsrClass.dat{4d4e6590-c820-11dc-880f-001d09297973}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows\UsrClass.dat{4d4e6590-c820-11dc-880f-001d09297973}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows Mail\edb.log Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows Mail\edbtmp.log Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows Mail\tmp.edb Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\SupportSoft\DellSupportCenter\paul.hitchon\state\logs\sprtcmd.log Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Temp\Low\~DFC437.tmp Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Temp\Low\~DFC445.tmp Object is locked skipped
C:\Users\paul.hitchon\AppData\Local\Temp\sqlite_lzhT8z2h6MV1UG7 Object is locked skipped
C:\Users\paul.hitchon\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Users\paul.hitchon\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Users\paul.hitchon\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Users\paul.hitchon\AppData\Roaming\GTek\GTUpdate\AUpdate\NMSSupport\IntelHCTAgent.log Object is locked skipped
C:\Users\paul.hitchon\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\paul.hitchon\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\paul.hitchon\NTUSER.DAT Object is locked skipped
C:\Users\paul.hitchon\ntuser.dat.LOG1 Object is locked skipped
C:\Users\paul.hitchon\ntuser.dat.LOG2 Object is locked skipped
C:\Users\paul.hitchon\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\paul.hitchon\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\paul.hitchon\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\setupact.log Object is locked skipped
C:\Windows\Panther\setuperr.log Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{847D4EAE-363E-438A-AC42-2774ABAFAA34}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\IntelDH.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\McDefragTask.job Object is locked skipped
C:\Windows\Tasks\McQcTask.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\Windows\security\database\secedit.sdb Object is locked skipped

Scan process completed.

Deckard's System Scanner v20071014.68
Run by paul.hitchon on 2008-05-18 17:10:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
37: 2008-05-17 02:00:16 UTC - RP69 - Windows Update
36: 2008-05-15 02:00:15 UTC - RP68 - Windows Update
35: 2008-05-14 23:00:01 UTC - RP67 - Scheduled Checkpoint
34: 2008-05-13 19:01:10 UTC - RP66 - Scheduled Checkpoint
33: 2008-05-07 14:21:21 UTC - RP65 - Removed Java™ SE Runtime Environment 6


-- First Restore Point --
1: 2008-03-18 03:01:08 UTC - RP29 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as paul.hitchon.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:08, on 18/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell\Xcelerator\bin\ehLumaQuarkD.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Mail\WindowsMailGadget.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\paul.hitchon\Desktop\OTMoveIt2.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\paul.hitchon\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PAULHI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4255347925-1037622188-27186684-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O23 - Service: McAfee Application Installer Cleanup (0295701211116249) (0295701211116249mcinstcleanup) - Unknown owner - C:\Windows\TEMP\029570~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13092 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080507-152616-113 O3 - Toolbar: qtvglped - {65C76A0A-B5A4-4170-8F62-947A0145677C} - C:\Windows\qtvglped.dll (file missing)
backup-20080507-152616-399 O2 - BHO: DVA Storm - {C6CF5BA3-2D76-40D1-A07F-2A0D18540255} - C:\Windows\lgmxvpatwxm.dll (file missing)
backup-20080507-152616-627 O4 - HKCU\..\Run: [qecefcse] C:\Windows\system32\vglgbajk.exe
backup-20080507-152616-632 O4 - HKCU\..\Run: [NIunizm7KE] C:\ProgramData\hanetyxi\nqbuzgtw.exe

-- File Associations -----------------------------------------------------------

.scr - DWGTrueViewScriptFile - shell\open\command - "C:\Windows\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 DQLWinService - "c:\program files\common files\intel\inteldh\nms\adpplugins\dqlwinservice.exe" <Not Verified; ; DQLWinSe Application>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 0295701211116249mcinstcleanup (McAfee Application Installer Cleanup (0295701211116249)) - c:\windows\temp\029570~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\Windows\explorer.exe (pid 2844)
2007-02-12 00:17:02 38912 --a------ C:\Windows\System32\AcSignIcon.dll <Not Verified; Autodesk, Inc.; AutoCAD>


-- Scheduled Tasks -------------------------------------------------------------

2008-05-17 22:24:08 432 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{02B5B67D-7CB0-4BAD-AF53-F3557A0C7DA0}.job
2008-05-15 01:00:00 356 --a------ C:\Windows\Tasks\McDefragTask.job
2008-01-14 14:43:21 348 --a------ C:\Windows\Tasks\McQcTask.job


-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 11:40:18 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-18 11:26:57 0 d-------- C:\Program Files\Apple Software Update
2008-05-06 23:58:12 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-06 23:58:11 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 00:23:57 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2008-05-18 14:10:47 0 d-------- C:\Program Files\McAfee
2008-05-18 11:28:07 0 d-------- C:\Program Files\Safari
2008-05-17 18:36:52 12 --a------ C:\Windows\bthservsdp.dat
2008-05-15 03:00:31 0 d-------- C:\Program Files\Windows Mail
2008-05-07 15:22:11 0 d-------- C:\Program Files\Common Files
2008-05-06 23:58:29 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\Malwarebytes
2008-04-17 19:12:47 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\Adobe
2008-04-16 13:40:19 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-12 23:15:54 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\Google
2008-04-12 23:14:32 0 d-------- C:\Program Files\Google
2008-04-09 21:31:46 0 d-------- C:\Users\paul.hitchon\AppData\Roaming\Apple Computer
2008-04-09 21:27:11 0 d-------- C:\Program Files\Windows Sidebar
2008-04-09 20:26:20 0 d-------- C:\Program Files\iTunes
2008-04-09 20:26:13 0 d-------- C:\Program Files\iPod
2008-04-09 20:25:31 0 d-------- C:\Program Files\QuickTime
2008-03-18 04:01:33 0 d-------- C:\Program Files\MSXML 4.0
2008-03-18 01:10:14 0 d-------- C:\Program Files\Dell Support Center
2008-03-18 01:09:56 0 d-------- C:\Program Files\Common Files\supportsoft
2008-03-18 01:08:55 0 d--h----- C:\Users\paul.hitchon\AppData\Roaming\GTek


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19/09/2007 07:15 329032 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [14/01/2008 21:59]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 07:03]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [12/09/2007 09:40]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [25/10/2007 05:52]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [25/10/2007 05:52]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [25/10/2007 05:52]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [26/07/2007 20:03]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 10:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04:06]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [27/06/2007 11:14]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [27/06/2007 11:18]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 23:33]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [23/10/2006 00:24]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [05/05/2008 20:46]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 10:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 13:09]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/04/2008 20:51]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 10:23]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [12/04/2008 23:14]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:33]

C:\Users\paul.hitchon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [21/01/2008 15:36:18]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [23/10/2006 01:01:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-18 17:13:40 ------------

#10 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:02:43 AM

Posted 18 May 2008 - 10:53 PM

Hi paul hitchon,

That looks pretty good, how is your computer running now?

Open Notepad: press Start->Run, type notepad into the box and press OK
Select Format from the top menu and make sure Word Wrap is NOT checked.
Then, copy/paste the contents of the following code box into Notepad:
@echo off
regedit /a "%userprofile%\RegistryBackup.reg" "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies"
reg delete "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system" /v "DisableTaskMgr" /f
regedit /a  "%userprofile%\desktop\results.txt" "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system"
start notepad "%userprofile%\desktop\results.txt"
del "%userprofile%\desktop\runme.bat"
Select File and Save as
Save it to your Desktop as "runme.bat" (you MUST type the quotes)
Locate runme.bat on your Desktop, right-click it and choose Run as administrator
A black box should open and close after a short time, this is normal.
Another text file should appear on your Desktop called results.txt, please wait for it to automatically open.

Post the contents of results.txt in your next response along with a new HijackThis log and a description of how your computer is running now.

Edited by silver, 18 May 2008 - 10:53 PM.

Teacher at Malware Removal University | ASAP & UNITE Member

#11 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:02:43 AM

Posted 23 May 2008 - 05:10 AM

How are you getting on?
Teacher at Malware Removal University | ASAP & UNITE Member

#12 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:02:43 AM

Posted 26 May 2008 - 05:50 AM

Due to lack of response, this thread will now be closed.

If you are the topic starter and would like this topic reopened, please PM a staff member with a link to this thread and we will reopen it for you. Anyone else who needs assistance should begin a new topic.
Teacher at Malware Removal University | ASAP & UNITE Member




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users