Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cpvfeed Popups - Please Help


  • This topic is locked This topic is locked
16 replies to this topic

#1 JuRoxx

JuRoxx

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 05 May 2007 - 04:58 PM

My PC has been infecte with the "cpvfeed" popups - PLEASE HELP!

Here is my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:51:21 PM, on 5/5/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\StartupMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\JULIER~1\AppData\Local\Temp\Rar$EX08.r20\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {521638EE-5A34-47D9-89A8-70089DA574B3} - C:\Program Files\MSBuild\hone.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: 0 - {D5B39FF2-0097-4E8E-059A-DBF79A35EF0B} - C:\Program Files\Microsoft Games\lazuto.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

THANKS!

Edited by JuRoxx, 05 May 2007 - 04:59 PM.


BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 06 May 2007 - 07:00 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Please move HijackThis to a permanent folder. Anywhere is fine, other than your Desktop or a temporary folder. If it is in one of these locations, there is a risk that you may accidentally delete the backups; which may be needed if we fix something we're not meant to.
If you use Windows XP it may be that you just double clicked on the HijackThis.exe file, but this only extracts the file to a temporary folder. If you right click on it and select Extract, you can choose a folder to place it in.

How to make a permanent folder:
Click Start | My Computer | Local Disk (C: ) | Program Files.
In the menu bar at the top, go to File | New | Folder.
That will create a folder named "New Folder", which you can rename to "HijackThis". You have now created C:\Program Files\HijackThis.
Now get your HijackThis.exe file and place it in your folder.

Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to 'scriptfile to execute' you'll see a little icon like this: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste this:http://metallica.geekstogo.com/alcanshorty.bfu
Click OK.
Then click Execute to run the script.
Wait for the 'complete script execution' box to popup and press OK.
Press Exit to terminate the BFU program.

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

Please include a new HijackThis log and the Combofix log in your nest reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 JuRoxx

JuRoxx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 06 May 2007 - 10:49 AM

I was unable to run the Combofix - on Vista. . . . I was able to run the Brute Force uninstaller.

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 06 May 2007 - 12:22 PM

Try this instead:
Download ComboScan to your Desktop.
Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt into your next reply.
A folder called C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please post Supplementary.txt as well.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow it permission to do so.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 JuRoxx

JuRoxx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 06 May 2007 - 01:23 PM

When I click on that link - the file does not open. . . . . please resend.

Thanks!

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 06 May 2007 - 03:07 PM

Oh, I didn't realise the link no longer worked, thanks for pointing that out to me.
Here's the new link: http://deckard.geekstogo.com/dss.exe
Dobule click dss.exe and follow the prompts.

Edited by rookie147, 06 May 2007 - 03:08 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 JuRoxx

JuRoxx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 06 May 2007 - 04:21 PM

Great - I was able to run that scan!

Here are the results from the main.txt:

Deckard's System Scanner v20070426.43
Run by Julie Rockingham on 2007-05-06 at 16:12:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2007-05-06 16:16:25 UTC - RP55 - Windows Update
8: 2007-05-05 18:25:27 UTC - RP54 - Installed StartupMonitor
7: 2007-05-05 18:13:46 UTC - RP53 - Windows Update
6: 2007-05-05 18:04:12 UTC - RP52 - Restore Operation
5: 2007-05-04 22:12:24 UTC - RP51 - Windows Defender Checkpoint


-- First Restore Point --
1: 2007-05-04 04:24:49 UTC - RP45 - Windows Update


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Julie Rockingham.exe) ------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:13:48 PM, on 5/6/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\StartupMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Julie Rockingham\Desktop\dss.exe
C:\Users\JULIER~1\Julie Rockingham.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {521638EE-5A34-47D9-89A8-70089DA574B3} - C:\Program Files\MSBuild\hone.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: 0 - {D5B39FF2-0097-4E8E-059A-DBF79A35EF0B} - C:\Program Files\Microsoft Games\lazuto.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD>
R3 pfc (Padus ASPI Shell) - \??\c:\windows\system32\drivers\pfc.sys

S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>


-- Scheduled Tasks -------------------------------------------------------------

2007-05-06 09:45:25 440 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{9450A509-CA7A-4856-8566-D39AE26692BA}.job


-- Files created between 2007-04-06 and 2007-05-06 -----------------------------

2007-05-06 16:13:47 218112 --a------ C:\Users\Julie Rockingham\Julie Rockingham.exe <JULIER~1.EXE> <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
2007-05-06 11:16:48 0 d-------- C:\Windows\LastGood
2007-05-05 16:24:43 0 d-------- C:\Windows\pss
2007-05-05 15:45:09 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-05-05 15:40:15 0 d-------- C:\VundoFix Backups
2007-05-05 14:28:13 74 --a------ C:\Users\Julie Rockingham\backup-20070505-142813-708 <BACKUP~1>
2007-05-05 14:28:13 74 --a------ C:\Users\Julie Rockingham\backup-20070505-142813-625 <BACKUP~2>
2007-05-05 14:18:21 0 d-------- C:\$WINDOWS.~BT
2007-05-05 13:51:27 0 d-------- C:\!KillBox
2007-05-05 13:20:40 218112 --a------ C:\Users\Julie Rockingham\HijackThis.exe <HIJACK~1.EXE> <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
2007-05-04 21:04:02 0 d------c- C:\Windows\system32\DRVSTORE
2007-05-04 18:33:49 0 d-------- C:\Program Files\McAfee.com
2007-05-04 18:33:47 0 d-------- C:\Program Files\Common Files\McAfee
2007-05-04 18:33:40 0 d-------- C:\Program Files\McAfee
2007-05-04 17:52:05 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-05-04 16:40:10 0 d-------- C:\Program Files\Ipwindows
2007-05-04 16:40:10 0 d-------- C:\Program Files\InetGet2
2007-05-04 16:37:02 45056 --a------ C:\Windows\retadpu1000137.exe <Not Verified; ; updater Application>
2007-05-04 16:36:56 105434 --a------ C:\Windows\VTTC.exe
2007-05-04 16:36:56 45056 --a------ C:\Windows\retadpu1000106.exe <Not Verified; ; updater Application>
2007-05-04 16:36:56 0 d-------- C:\Program Files\TheSearchAccelerator
2007-05-04 16:36:55 72320 --a------ C:\Windows\system32\drivers\core.sys
2007-05-04 16:36:54 0 d-------- C:\Windows\system32\smpi1
2007-05-04 16:36:44 0 d-------- C:\Windows\system32\SBO
2007-05-04 16:36:44 0 d-------- C:\Temp
2007-05-04 16:35:36 62464 --a------ C:\Windows\system32\bszip.dll <Not Verified; BigSpeedSoft; BigSpeed Zip DLL>
2007-05-04 16:35:31 0 ---hs---- C:\Windows\system32\tracert.com
2007-05-04 16:35:31 0 ---hs---- C:\Windows\system32\tasklist.com
2007-05-04 16:35:31 0 ---hs---- C:\Windows\system32\taskkill.com
2007-05-04 16:35:31 0 ---hs---- C:\Windows\system32\regedit.com
2007-05-04 16:35:31 0 ---hs---- C:\Windows\system32\ping.com
2007-05-04 16:35:31 0 ---hs---- C:\Windows\system32\netstat.com
2007-05-04 16:35:31 0 ---hs---- C:\Windows\system32\cmd.com
2007-05-04 16:35:31 0 d--hs---- C:\Program Files\outlook
2007-05-04 14:43:09 0 d-------- C:\Users\All Users\Adobe Systems
2007-05-04 14:42:21 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-02 07:04:48 0 d-------- C:\Program Files\QuickTime
2007-05-01 18:16:29 180224 --a------ C:\Windows\system32\xvidvfw.dll
2007-05-01 18:16:29 765952 --a------ C:\Windows\system32\xvidcore.dll
2007-05-01 18:08:03 0 d-------- C:\Users\Julie Rockingham\Icons
2007-04-28 16:40:37 0 d-------- C:\Users\All Users\Yahoo! Companion
2007-04-27 22:34:29 0 d-------- C:\Users\All Users\SlySoft
2007-04-27 15:23:22 86016 --a------ C:\Windows\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-04-27 15:22:24 0 d-------- C:\Program Files\DivX
2007-04-27 15:22:04 106496 --a------ C:\Windows\system32\APmpg4v1.dll
2007-04-27 15:22:04 0 d-------- C:\Program Files\AngelPotion Video Codec V1
2007-04-27 15:21:55 306688 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-04-27 15:21:42 45056 --a------ C:\Windows\system32\pclepim1.dll <Not Verified; Pinnacle Systems; Microsoft Windows>
2007-04-27 15:21:42 128000 --a------ C:\Program Files\UNWISE.EXE
2007-04-27 15:21:42 0 d-------- C:\Program Files\Pinnacle
2007-04-27 15:21:17 0 d-------- C:\Program Files\XviD
2007-04-27 02:25:25 0 d-------- C:\Users\All Users\yahoo!
2007-04-27 00:47:23 0 d-------- C:\Program Files\SlySoft
2007-04-26 23:29:41 0 d-------- C:\Program Files\LimeWire
2007-04-26 19:00:05 0 d-------- C:\Users\All Users\Intuit
2007-04-26 19:00:05 0 d-------- C:\Program Files\Quicken Rental Property Manager
2007-04-25 20:26:11 0 d-------- C:\Program Files\directx
2007-04-25 20:24:33 299520 --a------ C:\Windows\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-04-25 20:24:27 0 -rahs---- C:\MSDOS.SYS
2007-04-25 20:24:27 0 -rahs---- C:\IO.SYS
2007-04-25 20:22:46 16384 --a------ C:\Windows\system32\FileOps.exe
2007-04-25 20:22:42 0 d-------- C:\Windows\system32\Adobe
2007-04-25 20:19:37 0 d-------- C:\Windows\Adobe Illustrator CS
2007-04-25 20:07:04 0 d-------- C:\Users\All Users\Macrovision
2007-04-25 19:51:09 0 d-------- C:\Program Files\Viewpoint
2007-04-25 19:50:59 10368 -----n--- C:\Windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2007-04-25 19:30:06 0 d-------- C:\Users\Julie Rockingham\Incomplete <INCOMP~1>
2007-04-25 19:27:50 0 d-------- C:\Users\Julie Rockingham\Shared
2007-04-25 19:27:20 0 d-------- C:\Program Files\360Share Pro
2007-04-25 18:48:02 0 d-------- C:\Program Files\iPod
2007-04-25 18:47:58 0 d-------- C:\Program Files\iTunes
2007-04-25 18:45:24 0 d-------- C:\Program Files\Apple Software Update
2007-04-25 18:44:40 0 d-------- C:\Users\All Users\Apple Computer
2007-04-25 17:33:35 0 d-------- C:\Windows\system32\DLA
2007-04-25 11:04:50 0 dr------- C:\Users\Julie Rockingham\Searches
2007-04-25 11:04:29 0 dr------- C:\Users\Julie Rockingham\Contacts
2007-04-25 11:03:20 0 dr------- C:\Users\Julie Rockingham\Videos
2007-04-25 11:03:20 0 d--hs---- C:\Users\Julie Rockingham\Templates <TEMPLA~1>
2007-04-25 11:03:20 0 d--hs---- C:\Users\Julie Rockingham\Start Menu <STARTM~1>
2007-04-25 11:03:20 0 d--hs---- C:\Users\Julie Rockingham\SendTo
2007-04-25 11:03:20 0 dr------- C:\Users\Julie Rockingham\Saved Games <SAVEDG~1>
2007-04-25 11:03:20 0 d--hs---- C:\Users\Julie Rockingham\Recent
2007-04-25 11:03:20 0 d--hs---- C:\Users\Julie Rockingham\PrintHood <PRINTH~1>
2007-04-25 11:03:20 0 dr------- C:\Users\Julie Rockingham\Pictures
2007-04-25 11:03:20 1835008 --ahs---- C:\Users\Julie Rockingham\ntuser.dat
2007-04-25 11:03:20 0 d--hs---- C:\Users\Julie Rockingham\NetHood
2007-04-25 11:03:20 0 d--hs---- C:\Users\Julie Rockingham\My Documents <MYDOCU~1>
2007-04-25 11:03:20 0 dr------- C:\Users\Julie Rockingham\Music
2007-04-25 11:03:20 0 d--hs---- C:\Users\Julie Rockingham\Local Settings <LOCALS~1>
2007-04-25 11:03:20 0 dr------- C:\Users\Julie Rockingham\Links
2007-04-25 11:03:20 0 dr------- C:\Users\Julie Rockingham\Favorites <FAVORI~1>
2007-04-25 11:03:20 0 dr------- C:\Users\Julie Rockingham\Downloads <DOWNLO~1>
2007-04-25 11:03:20 0 dr------- C:\Users\Julie Rockingham\Documents <DOCUME~1>
2007-04-25 11:03:20 0 dr------- C:\Users\Julie Rockingham\Desktop
2007-04-25 11:03:20 0 d--hs---- C:\Users\Julie Rockingham\Cookies
2007-04-25 11:03:20 0 d--hs---- C:\Users\Julie Rockingham\Application Data <APPLIC~1>
2007-04-25 11:03:20 0 d--h----- C:\Users\Julie Rockingham\AppData
2007-04-25 10:59:19 0 d--hs---- C:\Users\Default\Templates <TEMPLA~1>
2007-04-25 10:59:19 0 d--hs---- C:\Users\Default\Start Menu <STARTM~1>
2007-04-25 10:59:19 0 d--hs---- C:\Users\Default\SendTo
2007-04-25 10:59:19 0 d--hs---- C:\Users\Default\Recent
2007-04-25 10:59:19 0 d--hs---- C:\Users\Default\PrintHood <PRINTH~1>
2007-04-25 10:59:19 0 d--hs---- C:\Users\Default\NetHood
2007-04-25 10:59:19 0 d--hs---- C:\Users\Default\My Documents <MYDOCU~1>
2007-04-25 10:59:19 0 d--hs---- C:\Users\Default\Local Settings <LOCALS~1>
2007-04-25 10:59:19 0 d--hs---- C:\Users\Default\Cookies
2007-04-25 10:59:19 0 d--hs---- C:\Users\Default\Application Data <APPLIC~1>
2007-04-25 10:59:19 0 d--hs---- C:\Users\All Users\Templates <TEMPLA~1>
2007-04-25 10:59:19 0 d--hs---- C:\Users\All Users\Start Menu <STARTM~1>
2007-04-25 10:59:19 0 d--hs---- C:\Users\All Users\Favorites <FAVORI~1>
2007-04-25 10:59:19 0 d--hs---- C:\Users\All Users\Documents <DOCUME~1>
2007-04-25 10:59:19 0 d--hs---- C:\Users\All Users\Desktop
2007-04-25 10:59:19 0 d--hs---- C:\Users\All Users\Application Data <APPLIC~1>
2007-04-25 10:59:19 0 d--hs---- C:\Documents and Settings
2007-04-21 04:02:52 0 d-------- C:\Program Files\Synaptics
2007-04-21 04:00:59 0 d-------- C:\Windows\Users
2007-04-21 03:56:07 0 d-------- C:\doctemp
2007-04-21 03:54:44 0 d-------- C:\Windows\system32\oem
2007-04-21 03:54:43 0 d-------- C:\Drivers
2007-04-21 03:54:43 0 d-------- C:\DELL
2007-04-20 20:41:44 0 d-------- C:\Users\All Users\Dell
2007-04-20 20:41:44 0 d-------- C:\Users\All Users\CyberLink
2007-04-20 20:41:44 0 d-------- C:\MDT
2007-04-20 20:41:34 44544 --a------ C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2007-04-20 20:41:10 0 d-------- C:\Program Files\CyberLink
2007-04-20 20:40:06 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-20 20:40:01 0 d-------- C:\Users\All Users\Adobe
2007-04-20 20:38:56 0 d-------- C:\Program Files\illiminable
2007-04-20 20:38:36 0 d-------- C:\Users\All Users\YAHOO
2007-04-20 20:38:36 0 d-------- C:\Program Files\Yahoo!
2007-04-20 20:38:05 0 d-------- C:\Program Files\Microsoft Works
2007-04-20 20:37:38 0 d-------- C:\Users\All Users\Google
2007-04-20 20:36:47 0 d-------- C:\Program Files\Google
2007-04-20 20:36:45 0 d-------- C:\Program Files\BAE
2007-04-20 20:34:49 0 d-------- C:\Users\All Users\McAfee
2007-04-20 20:34:37 0 d-------- C:\Users\All Users\Gtek
2007-04-20 20:34:37 0 d-------- C:\Program Files\DellSupport
2007-04-20 20:32:15 0 d-------- C:\Users\All Users\WildTangent
2007-04-20 20:32:14 0 d-------- C:\Program Files\Dell Games
2007-04-20 20:31:53 0 d-------- C:\Users\All Users\Sonic
2007-04-20 20:30:58 0 d-------- C:\Users\All Users\Roxio
2007-04-20 20:29:03 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-04-20 20:28:58 0 d-------- C:\Users\All Users\InstallShield
2007-04-20 20:28:58 0 d-------- C:\Program Files\Roxio
2007-04-20 20:28:40 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-04-20 20:28:12 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-04-20 20:26:42 0 d-------- C:\Users\All Users\Corel
2007-04-20 20:26:41 0 d-------- C:\My Music
2007-04-20 20:26:20 0 d-------- C:\Program Files\Corel
2007-04-20 20:26:20 0 d-------- C:\Program Files\Common Files\Corel
2007-04-20 20:24:44 0 d-------- C:\Program Files\Digital Line Detect
2007-04-20 20:24:11 0 d-------- C:\Program Files\NetWaiting
2007-04-20 20:23:51 0 d-------- C:\Program Files\Modem Diagnostic Tool
2007-04-20 20:22:41 1458176 --a------ C:\Windows\system32\stlang.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2007-04-20 20:22:41 90112 --a------ C:\Windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2007-04-20 20:22:41 303104 --a------ C:\Windows\sttray.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2007-04-20 20:22:15 0 d-------- C:\Program Files\SigmaTel
2007-04-20 20:20:29 0 d-------- C:\Windows\Downloaded Installations
2007-04-20 20:19:37 958464 --a------ C:\Windows\system32\BCMLogon.dll <Not Verified; Dell Inc.; Wireless Network Logon Provider>
2007-04-20 20:19:35 416 --a------ C:\Windows\system32\vcredist_x86.bat
2007-04-20 20:19:34 262144 --a------ C:\Windows\system32\bcmwlu00.exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Uninstaller>
2007-04-20 20:19:34 65536 --a------ C:\Windows\system32\bcmwlrmt.dll
2007-04-20 20:19:34 2752512 --a------ C:\Windows\system32\bcmttls.dll <Not Verified; Dell Inc.; Dell Wireless EAP Provider EAP-TTLS>
2007-04-20 20:19:33 1540096 --a------ C:\Windows\system32\WLTRAY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Tray Applet>
2007-04-20 20:19:32 24064 --a------ C:\Windows\system32\WLTRYSVC.EXE
2007-04-20 20:19:32 1716224 --a------ C:\Windows\system32\BCMWLTRY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Controller>
2007-04-20 20:19:32 0 d-------- C:\Program Files\Dell
2007-04-20 20:19:24 0 d-------- C:\Windows\java
2007-04-20 20:19:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-20 20:19:23 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-20 20:19:09 0 d-------- C:\Program Files\Java
2007-04-20 20:19:09 0 d-------- C:\Program Files\Common Files\Java
2007-04-20 20:19:01 0 d-------- C:\Windows\system32\Macromed
2007-04-20 20:18:53 0 d-------- C:\Program Files\MSXML 4.0
2007-04-20 20:18:35 0 d--hs---- C:\Windows\Installer
2007-04-20 20:09:00 0 d-------- C:\Windows\SoftwareDistribution
2007-04-20 20:08:15 0 d-------- C:\Program Files\CONEXANT
2007-04-20 20:06:56 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2007-05-05 14:21:44 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\Adobe
2007-05-05 13:41:21 13542 --a------ C:\Users\Julie Rockingham\AppData\Roaming\nvModes.dat
2007-05-05 13:41:21 13542 --a------ C:\Users\Julie Rockingham\AppData\Roaming\nvModes.001
2007-05-05 13:40:40 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\Sammsoft
2007-05-05 13:38:21 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\Corel
2007-05-05 13:08:14 0 d-------- C:\Program Files\MSBuild
2007-05-04 16:37:02 0 d-------- C:\Program Files\Microsoft Games
2007-05-03 17:30:20 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\LimeWire
2007-05-02 22:27:17 24206 --a------ C:\Users\Julie Rockingham\AppData\Roaming\UserTile.png
2007-04-29 15:56:55 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\CyberLink
2007-04-27 22:35:30 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\SlySoft
2007-04-27 15:21:46 1290 --a------ C:\Program Files\INSTALL.LOG
2007-04-26 19:00:20 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\Intuit
2007-04-25 21:21:30 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\AdobeUM
2007-04-25 21:13:17 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\Google
2007-04-25 19:34:22 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\Microsoft Web Folders
2007-04-25 19:05:35 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\Roxio
2007-04-25 18:48:20 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\Apple Computer
2007-04-25 17:35:53 0 d-------- C:\Program Files\Windows Defender
2007-04-25 17:35:52 0 d-------- C:\Program Files\Windows Mail
2007-04-25 17:30:21 0 d--h----- C:\Users\Julie Rockingham\AppData\Roaming\GTek
2007-04-25 17:24:22 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\Macromedia
2007-04-25 13:30:23 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\WildTangent
2007-04-25 11:04:35 0 d-------- C:\Users\Julie Rockingham\AppData\Roaming\Identities
2007-04-01 07:34:21 86016 --a------ C:\Windows\system32\ElbyCDIO.dll <Not Verified; Elaborate Bytes AG; Elaborate Bytes CDRTools>
2007-03-15 09:08:13 101438 --a------ C:\Windows\b122.exe


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{521638EE-5A34-47D9-89A8-70089DA574B3} C:\Program Files\MSBuild\hone.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} c:\Program Files\Java\jre1.6.0\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} C:\Program Files\BAE\BAE.dll
{D5B39FF2-0097-4E8E-059A-DBF79A35EF0B} C:\Program Files\Microsoft Games\lazuto.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Broadcom Wireless Manager UI"="C:\\Windows\\system32\\WLTRAY.exe"
"SigmatelSysTrayApp"="sttray.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Snapfire Plus\\PhotoDownloader.exe"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ECenter"="c:\\dell\\E-Center\\EULALauncher.exe"
"PCMService"="\"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"outlook"="C:\\Program Files\\outlook\\outlook.exe /auto"
"MSConfig"="\"C:\\Windows\\System32\\msconfig.exe\" /auto"
"Run StartupMonitor"="StartupMonitor.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\AdobeUpdateManager.exe AcPro7_0_0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Notification Packages REG_MULTI_SZ scecli\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0\0
Authentication Packages REG_MULTI_SZ msv1_0\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\Windows\\pss\\WinZip Quick Pick.lnk.CommonStartup"
"location"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:00000005
"HOUR"=dword:00000010
"MINUTE"=dword:00000018
"SECOND"=dword:0000002b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKCU"
"command"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:00000005
"HOUR"=dword:00000010
"MINUTE"=dword:00000018
"SECOND"=dword:0000002b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCplDaemon"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:00000005
"HOUR"=dword:0000000d
"MINUTE"=dword:0000000d
"SECOND"=dword:0000002d

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMediaCenter"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:00000005
"HOUR"=dword:0000000d
"MINUTE"=dword:0000000d
"SECOND"=dword:0000002d

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvSvc"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:00000005
"HOUR"=dword:0000000d
"MINUTE"=dword:0000000d
"SECOND"=dword:0000002d

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:00000005
"HOUR"=dword:00000010
"MINUTE"=dword:00000018
"SECOND"=dword:0000002b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="runner1"
"hkey"="HKLM"
"command"="C:\\Windows\\retadpu1000137.exe 61A847B5BBF72813329B385771FE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:00000005
"HOUR"=dword:00000010
"MINUTE"=dword:0000001c
"SECOND"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0EMDMgmt\0TabletInputService\0wlansvc\0WPDBusEnum\0\0
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0
NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WerSvcGroup REG_MULTI_SZ wersvc\0\0
swprv REG_MULTI_SZ swprv\0\0
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
regsvc REG_MULTI_SZ RemoteRegistry\0\0
wcssvc REG_MULTI_SZ WcsPlugInService\0\0
DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
wdisvc REG_MULTI_SZ WdiServiceHost\0\0
sdrsvc REG_MULTI_SZ sdrsvc\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
secsvcs REG_MULTI_SZ WinDefend\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv
hkmsvc



-- End of Deckard's System Scanner: finished at 2007-05-06 at 16:14:10 ---------



** Here are the results from the extra.txt:

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 2045.82 MiB / 1338.29 MiB
Pagefile Memory (total/avail): 4311.93 MiB / 3443.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.12 MiB

C: is Fixed (NTFS) - 81.11 GiB total, 33.27 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.86 GiB free.
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Julie Rockingham\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JULIEROCKING-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Julie Rockingham
LOCALAPPDATA=C:\Users\Julie Rockingham\AppData\Local
LOGONSERVER=\\JULIEROCKING-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\JULIER~1\AppData\Local\Temp
TMP=C:\Users\JULIER~1\AppData\Local\Temp
USERDOMAIN=JulieRocking-PC
USERNAME=Julie Rockingham
USERPROFILE=C:\Users\Julie Rockingham
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Julie Rockingham


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\Dell Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\Dell Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\Dell Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\Dell Games\Dell Game Console\Uninstall.exe"
--> "C:\Program Files\Dell Games\Dell Media Center Game Console\Uninstall.exe"
--> "C:\Program Files\Dell Games\FATE\Uninstall.exe"
--> "C:\Program Files\Dell Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\Dell Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\Dell Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\Dell Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\Dell Games\SCRABBLE\Uninstall.exe"
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe MPEG Encoder --> MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Photoshop Album 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A367C28-423C-48E2-8C76-EBA1171F932A}\apxp.ex_" -l0x9
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Premiere 6.5 --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6.5\DeIsL2.isu" -c"C:\Program Files\Adobe\Premiere 6.5\Uninst.dll"
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced RealMedia Export Plug-in for Premiere 6.0 --> C:\Program Files\Adobe\Premiere 6.5\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
AngelPotion Video Codec V1 --> C:\Windows\IsUninst.exe -f"C:\Program Files\AngelPotion Video Codec V1\Uninst.isu"
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf
Consumer Complete Care Services Agreement --> MsiExec.exe /X{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}
Corel Paint Shop Pro Photo XI --> MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Corel Snapfire Plus --> MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Dell Games --> "C:\Program Files\Dell Games\Uninstall.exe"
Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX 5.0.3 Bundle --> C:\Windows\unvise32.exe C:\Program Files\DivX\uninstal.log
Documentation & Support Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
IpWins --> C:\Program Files\Ipwindows\UnInstall.exe
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
MediaDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall
Microsoft Office 2000 Standard --> MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Pinnacle MPEG Realtime Codec --> C:\PROGRA~1\UNWISE.EXE C:\PROGRA~1\INSTALL.LOG
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
Quicken Rental Property Manager 2.0 --> MsiExec.exe /X{894A9DFD-6102-40AB-9C4A-1DCA60032D64}
QuickSet --> MsiExec.exe /I{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
StartupMonitor --> MsiExec.exe /I{76EFAC4F-1712-401F-B2AE-590B170C9BCE}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Co

#8 JuRoxx

JuRoxx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 06 May 2007 - 07:54 PM

I have tried to remove the following w/ HJT - but I was unsuccessful:

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="runner1"
"hkey"="HKLM"
"command"="C:\\Windows\\retadpu1000137.exe 61A847B5BBF72813329B385771FE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:00000005
"HOUR"=dword:00000010
"MINUTE"=dword:0000001c
"SECOND"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCplDaemon"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:00000005
"HOUR"=dword:0000000d
"MINUTE"=dword:0000000d
"SECOND"=dword:0000002d

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMediaCenter"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:00000005
"HOUR"=dword:0000000d
"MINUTE"=dword:0000000d
"SECOND"=dword:0000002d

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvSvc"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:00000005
"HOUR"=dword:0000000d
"MINUTE"=dword:0000000d
"SECOND"=dword:0000002d

Edited by JuRoxx, 06 May 2007 - 07:54 PM.


#9 JuRoxx

JuRoxx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 06 May 2007 - 07:57 PM

I get an error message that says:

"For some reason your system denied write access to the host file."

It gives instructions on how to edit myself - but I have not been able to do so.

Any way you can help?

THANKS!

#10 JuRoxx

JuRoxx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 07 May 2007 - 07:35 AM

Do I have any takers? LOL

#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 07 May 2007 - 12:12 PM

Do I have any takers? LOL

Be patient, we do this as a hobby because we enjoy helping people; I have a life, so I'm not on my computer all day every day. I'd also like to point out that I live in a completely different timezone to you, so I'm not necessarily going to be on my PC when you are.
Posting things like this annoys me and makes it less likely that I will help you in a timely manner, so please refrain from doing so in the future.

I get an error message that says:

"For some reason your system denied write access to the host file."

It gives instructions on how to edit myself - but I have not been able to do so.

Any way you can help?

When do you get this error message? We can reset your Hosts file by downloading and running the following tool:
Please download HostsXpert from here
Unzip HostsXpert.zip
Open HostsXpert.exe
Then click on "Restore Microsoft's Host File", followed by OK at the prompt.
Close the program when complete.




Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\Windows\retadpu1000137.exe
C:\Windows\retadpu1000106.exe
C:\Windows\VTTC.exe
C:\Windows\b122.exe
C:\Windows\system32\tracert.com
C:\Windows\system32\tasklist.com
C:\Windows\system32\taskkill.com
C:\Windows\system32\regedit.com
C:\Windows\system32\ping.com
C:\Windows\system32\netstat.com
C:\Windows\system32\cmd.com
C:\Windows\system32\bszip.dll


Open 'file' in the killbox menu on top and choose Paste from clipboard
You must use the file menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".
Click OK at any Pending File Rename Operations prompts, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now. Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

Save this as fix.reg Choose to save as *all files and place it on your Desktop.
It should look like this: Posted Image
Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK.

Next, please find and delete the following folders (if present):

C:\Program Files\outlook
C:\Program Files\InetGet2
C:\Program Files\Ipwindows
C:\Windows\system32\smpi1

Reboot into Normal Mode again.

Go to this page.
Where it says "Browse to the file you want to submit", copy and paste the filepath below into the box:

C:\Program Files\Microsoft Games\lazuto.dll

Then click the Send File button below.




Run the Brute Force Uninstaller script once more, then reboot your PC. Scan again with HijackThis and post the log into your next reply, and also let me know when you have submitted the file for me.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 JuRoxx

JuRoxx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 07 May 2007 - 07:40 PM

Be patient, we do this as a hobby because we enjoy helping people; I have a life, so I'm not on my computer all day every day. I'd also like to point out that I live in a completely different timezone to you, so I'm not necessarily going to be on my PC when you are.
Posting things like this annoys me and makes it less likely that I will help you in a timely manner, so please refrain from doing so in the future.


I was not trying to appear impatient :flowers: . . . . I was just trying to keep my post at the top of the board - so it would not get 4gotten. . . .

I was not directing anything to you personally - I am just trying to get my PC fixed - believe me . . . . I appreciate anything you have done or will do to help. My worst case scenario is I will have to reinstall Vista, but I am trying to keep from doing that.

Back to business. . . . :thumbsup:


Here is my new HJT file:

Logfile of HijackThis v1.99.1
Scan saved at 4:48:55 PM, on 5/5/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\StartupMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Julie Rockingham\HijackThis.exe
c:\program files\google\googletoolbar1user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {521638EE-5A34-47D9-89A8-70089DA574B3} - C:\Program Files\MSBuild\hone.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: 0 - {D5B39FF2-0097-4E8E-059A-DBF79A35EF0B} - C:\Program Files\Microsoft Games\lazuto.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Services (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll


THANKS!

Edited by JuRoxx, 07 May 2007 - 07:45 PM.


#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 08 May 2007 - 10:53 AM

Hello again,
Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Find and delete this folder:

C:\Program Files\outlook

Let's clean out your temporary internet files:
Close all open windows before we start.
Go to Start | Control Panel | Internet Options | General.
Click the Delete Cookies button.
Next to it, click the Delete Files button.
When prompted, place a check in: 'Delete all offline content', click OK

If you have Firefox installed, we need to clean out these temporary files as well:
Go to Tools | Options.
Click Privacy.
Press the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to finish, before closing it.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Now we'll clean other temporary files and your Recycle Bin:
Go to Start | Run | type: cleanmgr | OK.
Let it scan your system for files to remove.
Make sure 'Temporary Files', 'Temporary Internet Files', and 'Recycle Bin' are the only things checked.
Press OK to remove them.

Copy and paste the following text into Notepad:
sc stop core
sc delete core
Save this as "services.bat" Choose to save as *all files and place it on your Desktop.
Double-click services.bat.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\Windows\system32\drivers\core.sys

Open 'file' in the killbox menu on top and choose Paste from clipboard
You must use the file menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".
Click OK at any Pending File Rename Operations prompts, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now, make sure you boot back into Normal Mode.

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

Include the Panda log and a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#14 JuRoxx

JuRoxx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 08 May 2007 - 01:52 PM

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.


I recieved this message trying to run Panda:

"ActiveScan is currently not available for Windows Vista. There will shortly be a new version for this operating system."

Her is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:34:39 PM, on 5/8/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\Explorer.EXE
C:\Users\Julie Rockingham\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {521638EE-5A34-47D9-89A8-70089DA574B3} - C:\Program Files\MSBuild\hone.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: 0 - {D5B39FF2-0097-4E8E-059A-DBF79A35EF0B} - C:\Program Files\Microsoft Games\lazuto.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

THANKS

#15 JuRoxx

JuRoxx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 08 May 2007 - 03:21 PM

I believe the problem has been fixed. I have had no pop ups since last fix! I will check later tonight to verify - THANK YOU ROOKIE147!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users